[lxd] Fix predicate for lxc commands collection for snap

The list of modules was too broad, and depending on the different attributes configured the list of modules to be loaded could also be different. Liaising with the LXD team suggested to check for the `snap.lxd.daemon` service rather then the modules to collect `lxd.buginfo`. This is due to the fact that LXD is socket activated, and running any lxd based command could start the service and hence load the modules. Gating this with either the `snap.lxd.daemon` for snap or `lxd` service for debs respectively should prevent this from happening. This also no obfuscates the certificate that is retrieved from `lxd.buginfo` Resolves: SET-377 Signed-off-by: Arif Ali <arif.ali@canonical.com>
sosreport · Feb 10, 2024 · db3f4cf · db3f4cf
1 parent 18bf20a
commit db3f4cf
Showing 1 changed file with 10 additions and 20 deletions.
diff --git a/sos/report/plugins/lxd.py b/sos/report/plugins/lxd.py
@@ -18,31 +18,16 @@ class LXD(Plugin, UbuntuPlugin):
     profiles = ('container',)
     packages = ('lxd',)
     commands = ('lxc', 'lxd',)
+    services = ('snap.lxd.daemon', 'snap.lxd.activate')
 
     def setup(self):
 
-        lxd_kmods = [
-            'bpfilter',
-            'ebtable_filter',
-            'ebtables',
-            'ip6table_filter',
-            'ip6table_mangle',
-            'ip6table_nat',
-            'ip6table_raw',
-            'ip6_tables',
-            'iptable_filter',
-            'iptable_mangle',
-            'iptable_nat',
-            'iptable_raw',
-            'nf_nat',
-            'nf_tables',
-        ]
-
-        lxd_pred = SoSPredicate(self, kmods=lxd_kmods,
-                                required={'kmods': 'all'})
-
         lxd_pkg = self.policy.package_manager.pkg_by_name('lxd')
         if lxd_pkg and lxd_pkg['pkg_manager'] == 'snap':
+
+            lxd_pred = SoSPredicate(self, services=['snap.lxd.daemon'],
+                                    required={'services': 'all'})
+
             self.add_cmd_output("lxd.buginfo", pred=lxd_pred)
 
             self.add_copy_spec([
@@ -62,6 +47,8 @@ def setup(self):
                     '/var/snap/lxd/common/lxd/logs/**',
                 ])
         else:
+            lxd_pred = SoSPredicate(self, services=['lxd'],
+                                    required={'services': 'all'})
             self.add_copy_spec([
                 "/etc/default/lxd-bridge",
                 "/var/log/lxd/*"
@@ -79,4 +66,7 @@ def setup(self):
                 "find /var/lib/lxd -maxdepth 2 -type d -ls",
             ], suggest_filename='var-lxd-dirs.txt')
 
+    def postproc(self):
+        self.do_cmd_private_sub('lxd.buginfo')
+
 # vim: set et ts=4 sw=4 :