OVAL/probes/sysctl: Add offline capabilities

The probe will support the so-called hybrid offline mode,
when the system is online (/proc contents are available)
but the root filesystem is mounted elsewhere (/guest/proc/...).

Support is only for Linux builds.

Author: evgenyz

src/OVAL/probes/probe-table.c

@@ -335,7 +335,7 @@ static const probe_table_entry_t probe_table[] = {
 	{OVAL_UNIX_SYMLINK, NULL, symlink_probe_main, NULL, symlink_probe_offline_mode_supported},
 #endif
 #ifdef OPENSCAP_PROBE_UNIX_SYSCTL
-	{OVAL_UNIX_SYSCTL, NULL, sysctl_probe_main, NULL, NULL},
+	{OVAL_UNIX_SYSCTL, NULL, sysctl_probe_main, NULL, sysctl_probe_offline_mode_supported},
 #endif
 #ifdef OPENSCAP_PROBE_UNIX_UNAME
 	{OVAL_UNIX_UNAME, NULL, uname_probe_main, NULL, NULL},

src/OVAL/probes/unix/sysctl_probe.c

@@ -30,7 +30,8 @@
 #include <config.h>
 #endif
 
-#include <probe-api.h>
+#include <probe/probe.h>
+#include "probe-api.h"
 #include "probe/entcmp.h"
 #include "sysctl_probe.h"
 
@@ -40,7 +41,6 @@
 #include <limits.h>
 #include <string.h>
 
-#include "oval_fts.h"
 #include "common/debug_priv.h"
 
 #define SYSCTL_CMD "/sbin/sysctl -ae"
@@ -59,6 +59,11 @@
 #define PROC_SYS_DIR "/proc/sys"
 #define PROC_SYS_MAXDEPTH 7
 
+int sysctl_probe_offline_mode_supported(void)
+{
+        return PROBE_OFFLINE_OWN;
+}
+
 int sysctl_probe_main(probe_ctx *ctx, void *probe_arg)
 {
         OVAL_FTS    *ofts;
@@ -119,10 +124,11 @@ int sysctl_probe_main(probe_ctx *ctx, void *probe_arg)
          * collect sysctls
          *  XXX: use direct access for the "equals" op
          */
-        ofts = oval_fts_open_prefixed(NULL, path_entity, filename_entity, NULL, bh_entity, probe_ctx_getresult(ctx));
+        const char *prefix = getenv("OSCAP_PROBE_ROOT");
+        ofts = oval_fts_open_prefixed(prefix, path_entity, filename_entity, NULL, bh_entity, probe_ctx_getresult(ctx));
 
         if (ofts == NULL) {
-                dE("oval_fts_open_prefixed(%s, %s) failed", PROC_SYS_DIR, ".\\+");
+                dE("oval_fts_open_prefixed(%s, %s) (prefix: %s) failed", PROC_SYS_DIR, ".\\+", prefix);
                 SEXP_free(path_entity);
                 SEXP_free(filename_entity);
                 SEXP_free(bh_entity);
@@ -283,6 +289,12 @@ int sysctl_probe_main(probe_ctx *ctx, void *probe_arg)
 }
 
 #elif defined(OS_FREEBSD)
+
+int sysctl_probe_offline_mode_supported(void)
+{
+        return PROBE_OFFLINE_NONE;
+}
+
 int sysctl_probe_main(probe_ctx *ctx, void *probe_arg)
 {
         FILE *fp;
@@ -360,9 +372,17 @@ int sysctl_probe_main(probe_ctx *ctx, void *probe_arg)
         pclose(fp);
         return (0);
 }
+
 #else
+
+int sysctl_probe_offline_mode_supported(void)
+{
+        return PROBE_OFFLINE_NONE;
+}
+
 int sysctl_probe_main(probe_ctx *ctx, void *probe_arg)
 {
         return(PROBE_EOPNOTSUPP);
 }
+
 #endif

src/OVAL/probes/unix/sysctl_probe.h

@@ -25,6 +25,8 @@
 
 #include "probe-api.h"
 
+int sysctl_probe_offline_mode_supported(void);
+
 int sysctl_probe_main(probe_ctx *ctx, void *arg);
 
 #endif /* OPENSCAP_SYSCTL_PROBE_H */

tests/probes/sysctl/CMakeLists.txt

@@ -1,4 +1,5 @@
 if(ENABLE_PROBES_UNIX)
 	add_oscap_test("test_sysctl_probe.sh")
 	add_oscap_test("test_sysctl_probe_all.sh")
+	add_oscap_test("test_sysctl_probe_offline_mode.sh")
 endif()

tests/probes/sysctl/test_sysctl_probe_offline_mode.sh

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+. $builddir/tests/test_common.sh
+
+set -e -o pipefail
+
+function perform_test {
+	probecheck "sysctl" || return 255
+	[ $(uname) == "Linux" ] || return 255
+
+	result=`mktemp`
+	stderr=`mktemp`
+	hostname=`hostname`
+
+	tmpdir=$(make_temp_dir /tmp "test_offline_mode_sysctl")
+	ln -s -t "${tmpdir}" "/proc"
+	set_chroot_offline_test_mode "${tmpdir}"
+
+	$OSCAP oval eval --results $result $srcdir/test_sysctl_probe.oval.xml 2>$stderr
+
+	unset_chroot_offline_test_mode
+	rm -rf "${tmpdir}"
+
+	[ ! -s $stderr ]
+	assert_exists 1 "/oval_results/results/system/oval_system_characteristics/system_data/unix-sys:sysctl_item/unix-sys:name[text()='kernel.hostname']"
+	assert_exists 1 "/oval_results/results/system/oval_system_characteristics/system_data/unix-sys:sysctl_item/unix-sys:value[text()='$hostname']"
+
+	rm $result
+	rm $stderr
+}
+
+perform_test