Skip to content
mtoman edited this page Mar 8, 2013 · 17 revisions

uReport

uReport (microreport) is a JSON object representing a problem: binary crash, kerneloops, SELinux AVC denial... The report is expected to be completely anonymous (see below). The object contains a numeric field ureport_version, which defines the expected contents. If the field is missing, the version is considered 0.

uReport0 and former

First uReports were not versioned at all because of quick evolution. uReport0 is the codename for the last of these (no known client has ever sent ureport_version = 0). All former uReports will fail parsing. Although uReport0 is still supported (it can be turned into uReport1), it is obsolete and should not be used in client applications.

uReport1

uReport1 format was designed for the needs of ABRT (at that moment processing C/C++ crashes, unhandled Python exceptions and kerneloopses). The background idea is that all the reports contain a stacktrace and some metadata about the environment (OS version, CPU architecture, kernel version...). Only supported fields are allowed. Some of them are mandatory, some are not. Any uReport containing excessive fields or missing mandatory fields will fail parsing.

Supported fields

  • ureport_version MUST be set to 1 in order to be parsed and processed by uReport1 workflow
  • type (string) either of userspace python kerneloops
  • reason (string) a short message describing what happend
  • uptime (int) uptime of the machine
  • component (string) affected component
  • executable (string) affected executable
  • architecture (string) CPU architecture
  • crash_thread (int) ID of the crash thread
  • kernel_taint_state (string) kernel tainted flags
  • proc_status placeholder
  • proc_limits placeholder
  • oops (string) the raw kerneloops as written into syslog
  • user_type (string) either of root nologin local remote
  • installed_package (obj) maps to appropriate RPM attributes
    • name (string)
    • epoch (int)
    • version (string)
    • release (string)
    • architecture (string)
  • running_package (obj) same as installed_package
  • related_packages (list) list of following objects:
    • installed_package (obj) same as installed_package above
    • running_package (obj) same as installed_package above
  • os (obj) operating system
    • name (string)
    • version (string)
  • reporter (obj) identification of the client application
    • name (string)
    • version (string)
  • core_backtrace (list) list of frames (following objects):
    • thread (int) thread number
    • frame (int) frame number
    • path (string) associated file
    • buildid (string) build-id of the file
    • offset (int) offset within the file
    • funcname (string) function name
    • funchash (string) function hash
  • os_state (obj)
    • suspend (string) either yes or no
    • boot (string) either yes or no
    • login (string) either yes or no
    • logout (string) either yes or no
    • shutdown (string) either yes or no
  • selinux (obj)
    • mode (string) either of enforcing permissive disabled
    • context (string) the affected context
    • policy_package (obj) same format as installed_package

Example:

{
      "ureport_version": 1,
      "type": "python",
      "reason": "TypeError",
      "uptime": 1,
      "component": "faf",
      "executable": "/usr/bin/faf-btserver-cgi",
      "installed_package": { "name": "faf",
                             "version": "0.4",
                             "release": "1.fc16",
                             "epoch": 0,
                             "architecture": "noarch" },
      "related_packages": [ { "installed_package": { "name": "python",
                                                     "version": "2.7.2",
                                                     "release": "4.fc16",
                                                     "epoch": 0,
                                                     "architecture": "x86_64" } } ],
      "os": { "name": "Fedora", "version": "16" },
      "architecture": "x86_64",
      "reporter": { "name": "abrt", "version": "2.0.7-2.fc16" },
      "crash_thread": 0,
      "core_backtrace": [
        { "thread": 0,
          "frame": 1,
          "buildid": "f76f656ab6e1b558fc78d0496f1960071565b0aa",
          "offset": 24,
          "path": "/usr/bin/faf-btserver-cgi",
          "funcname": "<module>" },
        { "thread": 0,
          "frame": 2,
          "buildid": "b07daccd370e885bf3d459984a4af09eb889360a",
          "offset": 190,
          "path": "/usr/lib64/python2.7/re.py",
          "funcname": "compile" },
        { "thread": 0,
          "frame": 3,
          "buildid": "b07daccd370e885bf3d459984a4af09eb889360a",
          "offset": 241,
          "path": "/usr/lib64/python2.7/re.py",
          "funcname": "_compile" }
      ],
      "user_type": "root",
      "selinux": { "mode": "permissive",
                   "context": "unconfined_u:unconfined_r:unconfined_t:s0",
                   "policy_package": { "name": "selinux-policy",
                                       "version": "3.10.0",
                                       "release": "2.fc16",
                                       "epoch": 0,
                                       "architecture": "noarch" } },
      "kernel_taint_state": "G    B      ",
    }

Problems

  • Although uReport1 was designed to be independent on the operating system, it is closely related to Fedora.
  • New types of problems are appearing, uReport1 is not generic enough to handle differences (SELinux AVC denial does not contain stacktrace, kerneloops does not contain executable...)
  • All reports are handled in the same way. This either results into special-casing in code (if type != "python" etc.) or into lower-quality results (clustering kerneloops and C/C++ with the same parameters does not work well).

uReport2

Anonymity

uReport MUST NOT contain any private data. uReports are considered public and may be accessed through the web UI or web API, forwarded to other instances or archived. Clients need to think about the data they are sending. These may contain passwords, credit card numbers, private keys etc.

Example: Why not to include the message from python exception? Think about the following: ValueError: invalid literal for int() with base 10: 'my_secret_password' uh oh!

Clone this wiki locally