trace apparmor error (#33876)

raphaelgavache · web-flow · commit 4abf43e02350 · 2025-02-11T21:32:31.000Z
diff --git a/pkg/fleet/installer/packages/app_armor.go b/pkg/fleet/installer/packages/app_armor.go
@@ -119,7 +119,7 @@ func setupAppArmor(ctx context.Context) (err error) {
 		return fmt.Errorf("failed validate %s contains an include to base.d: %w", appArmorBaseProfile, err)
 	}
 
-	if err = reloadAppArmor(); err != nil {
+	if err = reloadAppArmor(ctx); err != nil {
 		if rollbackErr := os.Remove(appArmorInjectorProfilePath); rollbackErr != nil {
 			log.Warnf("failed to remove apparmor profile: %v", rollbackErr)
 		}
@@ -147,19 +147,20 @@ func removeAppArmor(ctx context.Context) (err error) {
 	if err = os.Remove(appArmorInjectorProfilePath); err != nil {
 		return err
 	}
-	return reloadAppArmor()
+	_ = reloadAppArmor(ctx)
+	return nil
 }
 
-func reloadAppArmor() error {
+func reloadAppArmor(ctx context.Context) error {
 	if !isAppArmorRunning() {
 		return nil
 	}
 	if running, err := isSystemdRunning(); err != nil {
 		return err
 	} else if running {
-		return exec.Command("systemctl", "reload", "apparmor").Run()
+		return tracedCommand(ctx, "systemctl", "reload", "apparmor")
 	}
-	return exec.Command("service", "apparmor", "reload").Run()
+	return tracedCommand(ctx, "service", "apparmor", "reload")
 }
 
 func isAppArmorRunning() bool {
@@ -169,3 +170,12 @@ func isAppArmorRunning() bool {
 	}
 	return strings.TrimSpace(string(data)) == "Y"
 }
+
+func tracedCommand(ctx context.Context, name string, arg ...string) (err error) {
+	span, _ := telemetry.StartSpanFromContext(ctx, name)
+	defer func() { span.Finish(err) }()
+
+	cmd := exec.Command(name, arg...)
+	_, err = cmd.Output()
+	return err
+}

Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,7 @@ func setupAppArmor(ctx context.Context) (err error) {`
`119`	`119`	`return fmt.Errorf("failed validate %s contains an include to base.d: %w", appArmorBaseProfile, err)`
`120`	`120`	`}`
`121`	`121`
`122`		`- if err = reloadAppArmor(); err != nil {`
	`122`	`+ if err = reloadAppArmor(ctx); err != nil {`
`123`	`123`	`if rollbackErr := os.Remove(appArmorInjectorProfilePath); rollbackErr != nil {`
`124`	`124`	`log.Warnf("failed to remove apparmor profile: %v", rollbackErr)`
`125`	`125`	`}`
`@@ -147,19 +147,20 @@ func removeAppArmor(ctx context.Context) (err error) {`
`147`	`147`	`if err = os.Remove(appArmorInjectorProfilePath); err != nil {`
`148`	`148`	`return err`
`149`	`149`	`}`
`150`		`- return reloadAppArmor()`
	`150`	`+ _ = reloadAppArmor(ctx)`
	`151`	`+ return nil`
`151`	`152`	`}`
`152`	`153`
`153`		`-func reloadAppArmor() error {`
	`154`	`+func reloadAppArmor(ctx context.Context) error {`
`154`	`155`	`if !isAppArmorRunning() {`
`155`	`156`	`return nil`
`156`	`157`	`}`
`157`	`158`	`if running, err := isSystemdRunning(); err != nil {`
`158`	`159`	`return err`
`159`	`160`	`} else if running {`
`160`		`- return exec.Command("systemctl", "reload", "apparmor").Run()`
	`161`	`+ return tracedCommand(ctx, "systemctl", "reload", "apparmor")`
`161`	`162`	`}`
`162`		`- return exec.Command("service", "apparmor", "reload").Run()`
	`163`	`+ return tracedCommand(ctx, "service", "apparmor", "reload")`
`163`	`164`	`}`
`164`	`165`
`165`	`166`	`func isAppArmorRunning() bool {`
`@@ -169,3 +170,12 @@ func isAppArmorRunning() bool {`
`169`	`170`	`}`
`170`	`171`	`return strings.TrimSpace(string(data)) == "Y"`
`171`	`172`	`}`
	`173`	`+`
	`174`	`+func tracedCommand(ctx context.Context, name string, arg ...string) (err error) {`
	`175`	`+ span, _ := telemetry.StartSpanFromContext(ctx, name)`
	`176`	`+ defer func() { span.Finish(err) }()`
	`177`	`+`
	`178`	`+ cmd := exec.Command(name, arg...)`
	`179`	`+ _, err = cmd.Output()`
	`180`	`+ return err`
	`181`	`+}`