From f2ff670bfbcfe6fdbb477d16f21af6f89c4ceb1a Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Thu, 19 Nov 2020 14:57:53 -0600 Subject: [PATCH 1/2] cli: don't fail if rate limit is exceeded Don't fail if rate limit is exceeded since this is a limitation/restriction of Github not a problem in the host. Print a warning when the rate limit is exceeded. For more information about Github's rate limit, see https://developer.github.com/v3/#rate-limiting Signed-off-by: Julio Montes --- cli/release.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/cli/release.go b/cli/release.go index 87e4966124..c86060f9ca 100644 --- a/cli/release.go +++ b/cli/release.go @@ -6,6 +6,7 @@ package main import ( + "bytes" "encoding/json" "errors" "fmt" @@ -276,12 +277,17 @@ func getReleases(releaseURL string, includeAll bool) ([]semver.Version, map[stri releasesArray := []map[string]interface{}{} - bytes, err := ioutil.ReadAll(resp.Body) + body, err := ioutil.ReadAll(resp.Body) if err != nil { return nil, nil, fmt.Errorf("failed to read release details: %v", err) + } else if resp.StatusCode == http.StatusForbidden && bytes.Contains(body, []byte("limit exceeded")) { + // Do not fail if rate limit is exceeded + kataLog.WithField("url", releaseURL). + Warn("API rate limit exceeded. Try again later. Read https://docs.github.com/apps/building-github-apps/understanding-rate-limits-for-github-apps for more information") + return []semver.Version{}, map[string]releaseDetails{}, nil } - if err := json.Unmarshal(bytes, &releasesArray); err != nil { + if err := json.Unmarshal(body, &releasesArray); err != nil { return nil, nil, fmt.Errorf("failed to unpack release details: %v", err) } From c9637770e3463e7c9251f4c40e848e172a293c98 Mon Sep 17 00:00:00 2001 From: Julio Montes Date: Thu, 19 Nov 2020 15:49:16 -0600 Subject: [PATCH 2/2] cli: check modules and permissions before loading a module Before loading a module, the check subcommand should check if the current user can load it. fixes #3085 Signed-off-by: Julio Montes --- cli/kata-check.go | 10 +++++++++- cli/kata-check_amd64_test.go | 4 ++++ cli/kata-check_test.go | 2 ++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/cli/kata-check.go b/cli/kata-check.go index 47c3b02bd4..b709fc5289 100644 --- a/cli/kata-check.go +++ b/cli/kata-check.go @@ -134,17 +134,25 @@ func getCPUFlags(cpuinfo string) string { // haveKernelModule returns true if the specified module exists // (either loaded or available to be loaded) func haveKernelModule(module string) bool { + kmodLog := kataLog.WithField("module", module) + // First, check to see if the module is already loaded path := filepath.Join(sysModuleDir, module) if katautils.FileExists(path) { return true } + // Only root can load modules + if os.Getuid() != 0 { + kmodLog.Error("Module is not loaded and it can not be inserted. Please consider running with sudo or as root") + return false + } + // Now, check if the module is unloaded, but available. // And modprobe it if so. cmd := exec.Command(modProbeCmd, module) if output, err := cmd.CombinedOutput(); err != nil { - kataLog.WithField("module", module).WithError(err).Warnf("modprobe insert module failed: %s", string(output)) + kmodLog.WithError(err).WithField("output", string(output)).Warnf("modprobe insert module failed") return false } return true diff --git a/cli/kata-check_amd64_test.go b/cli/kata-check_amd64_test.go index 23f4aa028f..d162efa187 100644 --- a/cli/kata-check_amd64_test.go +++ b/cli/kata-check_amd64_test.go @@ -47,6 +47,8 @@ func TestCCCheckCLIFunction(t *testing.T) { var cpuData []testCPUData var moduleData []testModuleData + t.Skip(testDisabledAsNonRoot) + if cpuType == cpuTypeIntel { cpuData = []testCPUData{ {archGenuineIntel, "lm vmx sse4_1", false}, @@ -245,6 +247,8 @@ func TestCheckCheckKernelModulesNoUnrestrictedGuest(t *testing.T) { } func TestCheckHostIsVMContainerCapable(t *testing.T) { + t.Skip(testDisabledAsNonRoot) + assert := assert.New(t) dir, err := ioutil.TempDir("", "") diff --git a/cli/kata-check_test.go b/cli/kata-check_test.go index 771f2fde90..7c0e3eb127 100644 --- a/cli/kata-check_test.go +++ b/cli/kata-check_test.go @@ -514,6 +514,8 @@ func TestCheckCheckCPUAttribs(t *testing.T) { } func TestCheckHaveKernelModule(t *testing.T) { + t.Skip(testDisabledAsNonRoot) + assert := assert.New(t) dir, err := ioutil.TempDir("", "")