devlib/collector/dmesg: handle CONFIG_SECURITY_DMESG_RESTRICT

Some kernels compiled with CONFIG_SECURITY_DMESG_RESTRICT can restrict reading the dmesg buffer to root user as a security hardening measure. Detect this case and use root accordingly.
2025-01-31 02:00:45 +00:00 · 2021-02-12 10:53:33 +00:00 · 2021-02-12 10:53:33 +00:00 · 552040f390
commit 552040f390
parent 0d259be01b
1 changed files with 5 additions and 2 deletions
--- a/devlib/collector/dmesg.py
+++ b/devlib/collector/dmesg.py
@ -20,6 +20,7 @@ from datetime import timedelta

 from devlib.collector import (CollectorBase, CollectorOutput,
                              CollectorOutputEntry)
+from devlib.target import KernelConfigTristate


 class KernelLogEntry(object):
@ -167,6 +168,8 @@ class DmesgCollector(CollectorBase):
        self.basic_dmesg = '--force-prefix' not in \
                self.target.execute('dmesg -h', check_exit_code=False)
        self.facility = facility
+        self.needs_root = bool(target.config.typed_config.get(
+            'CONFIG_SECURITY_DMESG_RESTRICT', KernelConfigTristate.NO))
        self.reset()

    @property
@ -178,7 +181,7 @@ class DmesgCollector(CollectorBase):

    def start(self):
        self.reset()
-        # Empty the dmesg ring buffer
+        # Empty the dmesg ring buffer. This requires root in all cases
        self.target.execute('dmesg -c', as_root=True)

    def stop(self):
@ -195,7 +198,7 @@ class DmesgCollector(CollectorBase):
                facility=self.facility,
            )

-        self.dmesg_out = self.target.execute(cmd)
+        self.dmesg_out = self.target.execute(cmd, as_root=self.needs_root)

    def set_output(self, output_path):
        self.output_path = output_path