Add selinux collector (#2205)

Add selinux collector

Signed-off-by: Jonathan Davies <jpds@protonmail.com>
This commit is contained in:
Jonathan Davies 2022-06-28 04:54:05 +01:00 committed by GitHub
parent d64766f43d
commit 88f1811eb1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 92 additions and 0 deletions

View File

@ -120,6 +120,7 @@ powersupplyclass | Exposes Power Supply statistics from `/sys/class/power_supply
pressure | Exposes pressure stall statistics from `/proc/pressure/`. | Linux (kernel 4.20+ and/or [CONFIG\_PSI](https://www.kernel.org/doc/html/latest/accounting/psi.html))
rapl | Exposes various statistics from `/sys/class/powercap`. | Linux
schedstat | Exposes task scheduler statistics from `/proc/schedstat`. | Linux
selinux | Exposes SELinux statistics. | Linux
sockstat | Exposes various statistics from `/proc/net/sockstat`. | Linux
softnet | Exposes statistics from `/proc/net/softnet_stat`. | Linux
stat | Exposes various statistics from `/proc/stat`. This includes boot time, forks and interrupts. | Linux

View File

@ -3012,6 +3012,7 @@ node_scrape_collector_success{collector="processes"} 1
node_scrape_collector_success{collector="qdisc"} 1
node_scrape_collector_success{collector="rapl"} 1
node_scrape_collector_success{collector="schedstat"} 1
node_scrape_collector_success{collector="selinux"} 1
node_scrape_collector_success{collector="sockstat"} 1
node_scrape_collector_success{collector="softnet"} 1
node_scrape_collector_success{collector="stat"} 1
@ -3025,6 +3026,9 @@ node_scrape_collector_success{collector="wifi"} 1
node_scrape_collector_success{collector="xfs"} 1
node_scrape_collector_success{collector="zfs"} 1
node_scrape_collector_success{collector="zoneinfo"} 1
# HELP node_selinux_enabled SELinux is enabled, 1 is true, 0 is false
# TYPE node_selinux_enabled gauge
node_selinux_enabled 0
# HELP node_sockstat_FRAG6_inuse Number of FRAG6 sockets in state inuse.
# TYPE node_sockstat_FRAG6_inuse gauge
node_sockstat_FRAG6_inuse 0

View File

@ -3034,6 +3034,7 @@ node_scrape_collector_success{collector="processes"} 1
node_scrape_collector_success{collector="qdisc"} 1
node_scrape_collector_success{collector="rapl"} 1
node_scrape_collector_success{collector="schedstat"} 1
node_scrape_collector_success{collector="selinux"} 1
node_scrape_collector_success{collector="sockstat"} 1
node_scrape_collector_success{collector="softnet"} 1
node_scrape_collector_success{collector="stat"} 1
@ -3047,6 +3048,9 @@ node_scrape_collector_success{collector="wifi"} 1
node_scrape_collector_success{collector="xfs"} 1
node_scrape_collector_success{collector="zfs"} 1
node_scrape_collector_success{collector="zoneinfo"} 1
# HELP node_selinux_enabled SELinux is enabled, 1 is true, 0 is false
# TYPE node_selinux_enabled gauge
node_selinux_enabled 0
# HELP node_sockstat_FRAG6_inuse Number of FRAG6 sockets in state inuse.
# TYPE node_sockstat_FRAG6_inuse gauge
node_sockstat_FRAG6_inuse 0

View File

@ -0,0 +1,78 @@
// Copyright 2022 The Prometheus Authors
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//go:build linux && !noselinux
// +build linux,!noselinux
package collector
import (
"github.com/go-kit/log"
"github.com/opencontainers/selinux/go-selinux"
"github.com/prometheus/client_golang/prometheus"
)
type selinuxCollector struct {
configMode *prometheus.Desc
currentMode *prometheus.Desc
enabled *prometheus.Desc
logger log.Logger
}
func init() {
registerCollector("selinux", defaultEnabled, NewSelinuxCollector)
}
// NewSelinuxCollector returns a new Collector exposing SELinux statistics.
func NewSelinuxCollector(logger log.Logger) (Collector, error) {
const subsystem = "selinux"
return &selinuxCollector{
configMode: prometheus.NewDesc(
prometheus.BuildFQName(namespace, subsystem, "config_mode"),
"Configured SELinux enforcement mode",
nil, nil,
),
currentMode: prometheus.NewDesc(
prometheus.BuildFQName(namespace, subsystem, "current_mode"),
"Current SELinux enforcement mode",
nil, nil,
),
enabled: prometheus.NewDesc(
prometheus.BuildFQName(namespace, subsystem, "enabled"),
"SELinux is enabled, 1 is true, 0 is false",
nil, nil,
),
logger: logger,
}, nil
}
func (c *selinuxCollector) Update(ch chan<- prometheus.Metric) error {
if !selinux.GetEnabled() {
ch <- prometheus.MustNewConstMetric(
c.enabled, prometheus.GaugeValue, 0)
return nil
}
ch <- prometheus.MustNewConstMetric(
c.enabled, prometheus.GaugeValue, 1)
ch <- prometheus.MustNewConstMetric(
c.configMode, prometheus.GaugeValue, float64(selinux.DefaultEnforceMode()))
ch <- prometheus.MustNewConstMetric(
c.currentMode, prometheus.GaugeValue, float64(selinux.EnforceMode()))
return nil
}

View File

@ -37,6 +37,7 @@ enabled_collectors=$(cat << COLLECTORS
qdisc
rapl
schedstat
selinux
sockstat
stat
thermal_zone

1
go.mod
View File

@ -16,6 +16,7 @@ require (
github.com/mattn/go-xmlrpc v0.0.3
github.com/mdlayher/netlink v1.6.0
github.com/mdlayher/wifi v0.0.0-20220320220353-954ff73a19a5
github.com/opencontainers/selinux v1.10.1
github.com/prometheus/client_golang v1.12.2
github.com/prometheus/client_model v0.2.0
github.com/prometheus/common v0.35.0

3
go.sum
View File

@ -205,6 +205,8 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU=
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/opencontainers/selinux v1.10.1 h1:09LIPVRP3uuZGQvgR+SgMSNBd1Eb3vlRbGqQpoHsF8w=
github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@ -379,6 +381,7 @@ golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190902133755-9109b7679e13/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=