Mister Spy Say ="Hello Kids ... :D" ___ ____ _ _____ | \/ (_) | | / ___| | . . |_ ___| |_ ___ _ __ \ `--. _ __ _ _ | |\/| | / __| __/ _ \ '__| `--. \ '_ \| | | | | | | | \__ \ || __/ | /\__/ / |_) | |_| | \_| |_/_|___/\__\___|_| \____/| .__/ \__, | | | __/ | |_| |___/ Bot Mister Spy V3
Mister Spy

Mister Spy

Current Path : /lib/python3.9/site-packages/sos/report/plugins/
Upload File :
Current File : //lib/python3.9/site-packages/sos/report/plugins/__init__.py

# Copyright (C) 2006 Steve Conklin <sconklin@redhat.com>

# This file is part of the sos project: https://github.com/sosreport/sos
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions of
# version 2 of the GNU General Public License.
#
# See the LICENSE file in the source distribution for further information.

""" This exports methods available for use by plugins for sos """

from sos.utilities import (sos_get_command_output, import_module, grep,
                           fileobj, tail, is_executable, TIMEOUT_DEFAULT,
                           path_exists, path_isdir, path_isfile, path_islink,
                           listdir, path_join, bold, file_is_binary,
                           recursive_dict_values_by_key)

from sos.archive import P_FILE, P_LINK
import contextlib
import os
import glob
import re
import stat
from time import time
import logging
import fnmatch
import errno
import textwrap

from datetime import datetime


def regex_findall(regex, fname):
    """Return a list of all non overlapping matches in the string(s)"""
    try:
        with fileobj(fname) as f:
            return re.findall(regex, f.read(), re.MULTILINE)
    except AttributeError:
        return []


def _mangle_command(command, name_max):
    mangledname = re.sub(r"^/(usr/|)(bin|sbin)/", "", command)
    mangledname = re.sub(r"[^\w\-\.\/]+", "_", mangledname)
    mangledname = re.sub(r"/", ".", mangledname).strip(" ._-")
    mangledname = mangledname[0:name_max]
    return mangledname


def _node_type(st):
    """ return a string indicating the type of special node represented by
    the stat buffer st (block, character, fifo, socket).
    """
    _types = [
        (stat.S_ISBLK, "block device"),
        (stat.S_ISCHR, "character device"),
        (stat.S_ISFIFO, "named pipe"),
        (stat.S_ISSOCK, "socket")
    ]
    for t in _types:
        if t[0](st.st_mode):
            return t[1]
    return ''


_certmatch = re.compile("-*BEGIN.*?-*END", re.DOTALL)
_cert_replace = "-----SCRUBBED"


class SoSPredicate(object):
    """A class to implement collection predicates.

    A predicate gates the collection of data by an sos plugin. For any
    `add_cmd_output()`, `add_copy_spec()` or `add_journal()` call, the
    passed predicate will be evaulated and collection will proceed if
    the result is `True`, and not otherwise.

    Predicates may be used to control conditional data collection
    without the need for explicit conditional blocks in plugins.

    :param owner:       The ``Plugin`` object creating the predicate
    :type owner:        ``Plugin``

    :param dry_run:     Is sos running in dry_run mode?
    :type dry_run:      ``bool``

    :param kmods:       Kernel module name(s) to check presence of
    :type kmods:        ``list``, or ``str`` of single name

    :param services:    Service name(s) to check if running
    :type services:     ``list``, or ``str`` of single name

    :param packages:    Package name(s) to check presence of
    :type packages:     ``list``, or ``str`` of single name

    :param cmd_outputs: Command to run, with output string to check
    :type cmd_outputs:  ``list`` of ``dict``s, or single ``dict`` taking form
                        {'cmd': <command to run>,
                        'output': <string that output should contain>}
    :param arch:        Architecture(s) that the local system is matched
                        against
    :type arch:         ``list``, or ``str`` of single architecture

    :param required:    For each parameter provided, should the checks
                        require all items, no items, or any items provided
    :type required:     ``dict``, with keys matching parameter names and values
                        being either 'any', 'all', or 'none. Default 'any'.

    """
    #: The plugin that owns this predicate
    _owner = None

    #: Skip all collection?
    dry_run = False

    #: Kernel module enablement list
    kmods = []

    #: Services enablement list
    services = []

    #: Package presence list
    packages = []

    # Command output inclusion pairs {'cmd': 'foo --help', 'output': 'bar'}
    cmd_outputs = []

    #: Allowed architecture(s) of the system
    arch = []

    def __str(self, quote=False, prefix="", suffix=""):
        """Return a string representation of this SoSPredicate with
            optional prefix, suffix and value quoting.
        """
        quotes = '"%s"'
        pstr = "dry_run=%s, " % self.dry_run

        kmods = self.kmods
        kmods = [quotes % k for k in kmods] if quote else kmods
        pstr += "kmods=[%s], " % (",".join(kmods))

        services = self.services
        services = [quotes % s for s in services] if quote else services
        pstr += "services=[%s], " % (",".join(services))

        pkgs = self.packages
        pkgs = [quotes % p for p in pkgs] if quote else pkgs
        pstr += "packages=[%s], " % (",".join(pkgs))

        cmdoutputs = [
            "{ %s: %s, %s: %s }" % (quotes % "cmd",
                                    quotes % cmdoutput['cmd'],
                                    quotes % "output",
                                    quotes % cmdoutput['output'])
            for cmdoutput in self.cmd_outputs
        ]
        pstr += "cmdoutputs=[%s], " % (",".join(cmdoutputs))

        arches = self.arch
        arches = [quotes % a for a in arches] if quote else arches
        pstr += "arches=[%s]" % (",".join(arches))

        return prefix + pstr + suffix

    def __str__(self):
        """Return a string representation of this SoSPredicate.

            "dry_run=False, kmods=[], services=[], cmdoutputs=[]"
        """
        return self.__str()

    def __repr__(self):
        """Return a machine readable string representation of this
            SoSPredicate.

            "SoSPredicate(dry_run=False, kmods=[], services=[], cmdoutputs=[])"
        """
        return self.__str(quote=True, prefix="SoSPredicate(", suffix=")")

    def _check_required_state(self, items, required):
        """Helper to simplify checking the state of the predicate's evaluations
        against the setting of the required state of that evaluation
        """
        if required == 'any':
            return any(items)
        elif required == 'all':
            return all(items)
        elif required == 'none':
            return not any(items)
        raise ValueError(
            f"predicate requires must be 'any', 'all', or 'none' "
            f"not {required}"
        )

    def _failed_or_forbidden(self, test, item):
        """Helper to direct failed predicates to provide the proper messaging
        based on the required check type

            :param test:      The type of check we're doing, e.g. kmods, arch
            :param item:      The string of what failed
        """
        _req = self.required[test]
        if _req != 'none':
            self._failed[test].append(item)
        else:
            self._forbidden[test].append(item)

    def _eval_kmods(self):
        if not self.kmods or self._owner.get_option('allow_system_changes'):
            return True

        _kmods = []
        # Are kernel modules loaded?
        for kmod in self.kmods:
            res = self._owner.is_module_loaded(kmod)
            _kmods.append(res)
            if not res:
                self._failed_or_forbidden('kmods', kmod)

        return self._check_required_state(_kmods, self.required['kmods'])

    def _eval_services(self):
        if not self.services:
            return True

        _svcs = []
        for svc in self.services:
            res = self._owner.is_service_running(svc)
            _svcs.append(res)
            if not res:
                self._failed_or_forbidden('services', svc)

        return self._check_required_state(_svcs, self.required['services'])

    def _eval_packages(self):
        if not self.packages:
            return True

        _pkgs = []
        for pkg in self.packages:
            res = self._owner.is_installed(pkg)
            _pkgs.append(res)
            if not res:
                self._failed_or_forbidden('packages', pkg)

        return self._check_required_state(_pkgs, self.required['packages'])

    def _eval_cmd_output(self, cmd_output):
        """Does 'cmd' output contain string 'output'?"""
        if 'cmd' not in cmd_output or 'output' not in cmd_output:
            return False
        result = sos_get_command_output(cmd_output['cmd'])
        if result['status'] != 0:
            return False
        for line in result['output'].splitlines():
            if cmd_output['output'] in line:
                return True
        return False

    def _eval_cmd_outputs(self):
        if not self.cmd_outputs:
            return True

        _cmds = []
        for cmd in self.cmd_outputs:
            res = self._eval_cmd_output(cmd)
            _cmds.append(res)
            if not res:
                self._failed_or_forbidden(
                    'cmd_outputs',
                    "%s: %s" % (cmd['cmd'], cmd['output'])
                )
        return self._check_required_state(_cmds, self.required['cmd_outputs'])

    def _eval_arch(self):
        if not self.arch:
            return True

        # a test for 'all' against arch does not make sense, so only test to
        # see if the system's reported architecture is in the last of 'allowed'
        # arches requested by the predicate
        _arch = self._owner.policy.get_arch()
        regex = '(?:%s)' % '|'.join(self.arch)
        if self.required['arch'] == 'none':
            if re.match(regex, _arch):
                self._forbidden['architecture'].append(_arch)
                return False
            return True
        if re.match(regex, _arch):
            return True
        self._failed['architecture'].append(_arch)
        return False

    def _report_failed(self):
        """Return a string informing user what caused the predicate to fail
        evaluation
        """
        msg = ''
        _substr = "required %s missing: %s."
        for key, val in self._failed.items():
            if not val:
                continue
            val = set(val)
            msg += _substr % (key, ', '.join(v for v in val))
        return msg

    def _report_forbidden(self):
        """Return a string informing the user that a forbidden condition exists
        which caused the predicate to fail
        """
        msg = ''
        _substr = "forbidden %s '%s' found."
        for key, val in self._forbidden.items():
            if not val:
                continue
            val = set(val)
            msg += _substr % (key, ', '.join(v for v in val))
        return msg

    def report_failure(self):
        """Used by `Plugin()` to obtain the error string based on if the reason
        was a failed check or a forbidden check
        """
        msg = [
            self._report_failed(),
            self._report_forbidden(),
            '(dry run)' if self.dry_run else ''
        ]
        return " ".join(msg).lstrip()

    def __bool__(self):
        """Predicate evaluation hook.
        """

        # Null predicate?
        if not any([self.kmods, self.services, self.packages, self.cmd_outputs,
                    self.arch, self.dry_run]):
            return True

        return ((self._eval_kmods() and self._eval_services() and
                 self._eval_packages() and self._eval_cmd_outputs() and
                 self._eval_arch())
                and not self.dry_run)

    def __init__(self, owner, dry_run=False, kmods=[], services=[],
                 packages=[], cmd_outputs=[], arch=[], required={}):
        """Initialise a new SoSPredicate object
        """
        self._owner = owner
        self.kmods = list(kmods)
        self.services = list(services)
        self.packages = list(packages)
        self.arch = list(arch)
        if not isinstance(cmd_outputs, list):
            cmd_outputs = [cmd_outputs]
        self.cmd_outputs = cmd_outputs
        self.dry_run = dry_run | self._owner.commons['cmdlineopts'].dry_run
        self.required = {'kmods': 'any', 'services': 'any', 'packages': 'any',
                         'cmd_outputs': 'any', 'arch': 'any'}
        self.required.update({
            k: v for k, v in required.items() if
            required[k] != self.required[k]
        })
        #: Dict holding failed evaluations
        self._failed = {
            'kmods': [], 'services': [], 'packages': [], 'cmd_outputs': [],
            'architecture': []
        }
        self._forbidden = {
            'kmods': [], 'services': [], 'packages': [], 'cmd_outputs': [],
            'architecture': []
        }


class SoSCommand(object):
    """A class to represent a command to be collected.

    A SoSCommand() object is instantiated for each command handed to an
    _add_cmd_output() call, so that we no longer need to pass around a very
    long tuple to handle the parameters.

    Any option supported by _add_cmd_output() is passed to the SoSCommand
    object and converted to an attribute. SoSCommand.__dict__ is then passed to
    _get_command_output_now() for each command to be collected.
    """

    def __init__(self, **kwargs):
        self.__dict__.update(kwargs)

    def __str__(self):
        """Return a human readable string representation of this SoSCommand
        """
        return ', '.join("%s=%r" % (param, val) for (param, val) in
                         sorted(self.__dict__.items()))


class PluginOpt():
    """This is used to define options available to plugins. Plugins will need
    to define options alongside their distro-specific classes in order to add
    support for user-controlled changes in Plugin behavior.

    :param name:        The name of the plugin option
    :type name:         ``str``

    :param default:     The default value of the option
    :type default:      Any

    :param desc:        A short description of the effect of the option
    :type desc:         ``str``

    :param long_desc:   A detailed description of the option. Will be used by
                        `sos info`
    :type long_desc:    ``str``

    :param val_type:    The type of object the option accepts for values. If
                        not provided, auto-detect from the type of ``default``
    :type val_type:     A single type or a ``list`` of types
    """

    name = ''
    default = None
    enabled = False
    desc = ''
    long_desc = ''
    value = None
    val_type = [None]
    plugin = ''

    def __init__(self, name='undefined', default=None, desc='', long_desc='',
                 val_type=None):
        self.name = name
        self.default = default
        self.desc = desc
        self.long_desc = long_desc
        self.value = self.default
        if val_type is not None:
            if not isinstance(val_type, list):
                val_type = [val_type]
        else:
            val_type = [default.__class__]
        self.val_type = val_type

    def __str__(self):
        items = [
            'name=%s' % self.name,
            'desc=\'%s\'' % self.desc,
            'value=%s' % self.value,
            'default=%s' % self.default
        ]
        return '(' + ', '.join(items) + ')'

    def __repr__(self):
        return self.__str__()

    def set_value(self, val):
        # 'str' type accepts any value, incl. numbers
        if type('') in self.val_type:
            self.value = str(val)
            return
        if not any([type(val) is _t for _t in self.val_type]):
            valid = []
            for t in self.val_type:
                if t is None:
                    continue
                if t.__name__ == 'bool':
                    valid.append("boolean true/false (on/off, etc)")
                elif t.__name__ == 'str':
                    valid.append("string (no spaces)")
                elif t.__name__ == 'int':
                    valid.append("integer values")
            raise Exception(
                "Plugin option '%s.%s' takes %s, not %s" % (
                    self.plugin, self.name, ', '.join(valid),
                    type(val).__name__
                )
            )
        self.value = val


class Plugin():
    """This is the base class for sosreport plugins. Plugins should subclass
    this and set the class variables where applicable.

    :param commons:     A set of information that is shared internally so that
                        plugins may access the same dataset. This is provided
                        automatically by sos
    :type commons:      ``dict``

    Each `Plugin()` subclass should also subclass at least one tagging class,
    e.g. ``RedHatPlugin``, to support that distribution. If different
    distributions require different collections, each distribution should have
    its own subclass of the Plugin that also subclasses the tagging class for
    their respective distributions.

    :cvar plugin_name:  The name of the plugin, will be returned by `name()`
    :vartype plugin_name: ``str``

    :cvar packages:     Package name(s) that, if installed, enable this plugin
    :vartype packages:  ``tuple``

    :cvar files:        File path(s) that, if present, enable this plugin
    :vartype files:     ``tuple``

    :cvar commands:     Executables that, if present, enable this plugin
    :vartype commands:  ``tuple``

    :cvar kernel_mods:  Kernel module(s) that, if loaded, enable this plugin
    :vartype kernel_mods: ``tuple``

    :cvar services:     Service name(s) that, if running, enable this plugin
    :vartype services:  ``tuple``

    :cvar architectures: Architecture(s) this plugin is enabled for. Defaults
                         to 'none' to enable on all arches.
    :vartype architectures: ``tuple``, or ``None``

    :cvar profiles:     Name(s) of profile(s) this plugin belongs to
    :vartype profiles:  ``tuple``

    :cvar plugin_timeout: Timeout in seconds for this plugin as a whole
    :vartype plugin_timeout: ``int``

    :cvar cmd_timeout:  Timeout in seconds for individual commands
    :vartype cmd_timeout:   ``int``
    """

    plugin_name = None
    packages = ()
    files = ()
    commands = ()
    kernel_mods = ()
    services = ()
    containers = ()
    architectures = None
    archive = None
    profiles = ()
    sysroot = '/'
    plugin_timeout = TIMEOUT_DEFAULT
    cmd_timeout = TIMEOUT_DEFAULT
    _timeout_hit = False
    cmdtags = {}
    filetags = {}
    option_list = []

    # Default predicates
    predicate = None
    cmd_predicate = None

    def __init__(self, commons):

        self.copied_files = []
        self.executed_commands = []
        self._env_vars = set()
        self.alerts = []
        self.custom_text = ""
        self.commons = commons
        self.forbidden_paths = []
        self.copy_paths = set()
        self.container_copy_paths = []
        self.copy_strings = []
        self.collect_cmds = []
        self.options = {}
        self.sysroot = commons['sysroot']
        self.policy = commons['policy']
        self.devices = commons['devices']
        self.manifest = None
        self.skip_files = commons['cmdlineopts'].skip_files
        self.skip_commands = commons['cmdlineopts'].skip_commands
        self.default_environment = {}
        self._tail_files_list = []

        self.soslog = self.commons['soslog'] if 'soslog' in self.commons \
            else logging.getLogger('sos')

        # add the default plugin opts
        self.options.update(self.get_default_plugin_opts())
        for popt in self.options:
            self.options[popt].plugin = self.name()
        for opt in self.option_list:
            opt.plugin = self.name()
            self.options[opt.name] = opt

        # Initialise the default --dry-run predicate
        self.set_predicate(SoSPredicate(self))

    def get_default_plugin_opts(self):
        return {
            'timeout': PluginOpt(
                'timeout', default=-1, val_type=int,
                desc='Timeout in seconds for plugin to finish all collections'
            ),
            'cmd-timeout': PluginOpt(
                'cmd-timeout', default=-1, val_type=int,
                desc='Timeout in seconds for individual commands to finish'
            ),
            'postproc': PluginOpt(
                'postproc', default=True, val_type=bool,
                desc='Enable post-processing of collected data'
            )
        }

    def set_plugin_manifest(self, manifest):
        """Pass in a manifest object to the plugin to write to

        :param manifest: The manifest that the plugin will add metadata to
        :type manifest: ``SoSManifest``
        """
        self.manifest = manifest
        # add these here for organization when they actually get set later
        self.manifest.add_field('start_time', '')
        self.manifest.add_field('end_time', '')
        self.manifest.add_field('run_time', '')
        self.manifest.add_field('setup_start', '')
        self.manifest.add_field('setup_end', '')
        self.manifest.add_field('setup_time', '')
        self.manifest.add_field('timeout', self.timeout)
        self.manifest.add_field('timeout_hit', False)
        self.manifest.add_field('command_timeout', self.cmdtimeout)
        self.manifest.add_list('commands', [])
        self.manifest.add_list('files', [])
        self.manifest.add_field('strings', {})
        self.manifest.add_field('containers', {})
        self.manifest.add_list('collections', [])

    def set_default_cmd_environment(self, env_vars):
        """
        Specify a collection of environment variables that should always be
        passed to commands being executed by this plugin.

        :param env_vars:    The environment variables and their values to set
        :type env_vars:     ``dict{ENV_VAR_NAME: ENV_VAR_VALUE}``
        """
        if not isinstance(env_vars, dict):
            raise TypeError(
                "Environment variables for Plugin must be specified by dict"
            )
        self.default_environment = env_vars
        self._log_debug("Default environment for all commands now set to %s"
                        % self.default_environment)

    def add_default_cmd_environment(self, env_vars):
        """
        Add or modify a specific environment variable in the set of default
        environment variables used by this Plugin.

        :param env_vars:    The environment variables to add to the current
                            set of env vars in use
        :type env_vars:     ``dict``
        """
        if not isinstance(env_vars, dict):
            raise TypeError("Environment variables must be added via dict")
        self._log_debug("Adding %s to default environment" % env_vars)
        self.default_environment.update(env_vars)

    def _get_cmd_environment(self, env=None):
        """
        Get the merged set of environment variables for a command about to be
        executed by this plugin.

        :returns: The set of env vars to use for a command
        :rtype: ``dict``
        """
        if env is None:
            return self.default_environment
        if not isinstance(env, dict):
            raise TypeError("Command env vars must be passed as dict")
        _env = self.default_environment.copy()
        _env.update(env)
        return _env

    def timeout_from_options(self, optname, plugoptname, default_timeout):
        """
        Get the timeout value for either the plugin or a command, as
        determined by either the value provided via the
        plugin.timeout or plugin.cmd-timeout option, the global timeout or
        cmd-timeout options, or the default value set by the plugin or the
        collection, in that order of precendence.

        :param optname: The name of the cmdline option being checked, either
                        'plugin_timeout' or 'timeout'
        :type optname:  ``str``

        :param plugoptname: The name of the plugin option name being checked,
                            either 'timeout' or 'cmd-timeout'
        :type plugoptname: ``str``

        :param default_timeout: The timeout to default to if determination is
                                inconclusive or hits an error
        :type default_timeout:  ``int``

        :returns: The timeout value in seconds
        :rtype:   ``int``
        """
        _timeout = None
        try:
            opt_timeout = self.get_option(optname)
            own_timeout = int(self.get_option(plugoptname))
            if opt_timeout is None:
                _timeout = own_timeout
            elif opt_timeout is not None and own_timeout == -1:
                if opt_timeout == TIMEOUT_DEFAULT:
                    _timeout = default_timeout
                else:
                    _timeout = int(opt_timeout)
            elif opt_timeout is not None and own_timeout > -1:
                _timeout = own_timeout
            else:
                return None
        except ValueError:
            return default_timeout  # Default to known safe value
        if _timeout is not None and _timeout > -1:
            return _timeout
        return default_timeout

    @property
    def timeout(self):
        """Returns either the default plugin timeout value, the value as
        provided on the commandline via -k plugin.timeout=value, or the value
        of the global --plugin-timeout option.
        """
        _timeout = self.timeout_from_options('plugin_timeout', 'timeout',
                                             self.plugin_timeout)
        return _timeout

    @property
    def cmdtimeout(self):
        """Returns either the default command timeout value, the value as
        provided on the commandline via -k plugin.cmd-timeout=value, or the
        value of the global --cmd-timeout option.
        """
        _cmdtimeout = self.timeout_from_options('cmd_timeout', 'cmd-timeout',
                                                self.cmd_timeout)
        return _cmdtimeout

    def set_timeout_hit(self):
        self._timeout_hit = True
        self.manifest.add_field('end_time', datetime.now())
        self.manifest.add_field('timeout_hit', True)

    def check_timeout(self):
        """
        Checks to see if the plugin has hit its timeout.

        This is set when the sos.collect_plugin() method hits a timeout and
        terminates the thread. From there, a Popen() call can still continue to
        run, and we need to manually terminate it. Thus, check_timeout() should
        only be called in sos_get_command_output().

        Since sos_get_command_output() is not plugin aware, this method is
        handed to that call to use as a polling method, to avoid passing the
        entire plugin object.

        :returns: ``True`` if timeout has been hit, else ``False``
        :rtype: ``bool``

        """
        return self._timeout_hit

    @classmethod
    def name(cls):
        """Get the name of the plugin

        :returns: The name of the plugin, in lowercase
        :rtype: ``str``
        """
        if cls.plugin_name:
            return cls.plugin_name
        return cls.__name__.lower()

    @classmethod
    def display_help(cls, section):
        if cls.plugin_name is None:
            cls.display_self_help(section)
        else:
            cls.display_plugin_help(section)

    @classmethod
    def display_plugin_help(cls, section):
        from sos.help import TERMSIZE
        section.set_title("%s Plugin Information - %s"
                          % (cls.plugin_name.title(), cls.short_desc))
        missing = '\nDetailed information is not available for this plugin.\n'

        # Concatenate the docstrings of distro-specific plugins with their
        # base classes, if available.
        try:
            _doc = ''
            _sc = cls.__mro__[1]
            if _sc != Plugin and _sc.__doc__:
                _doc = _sc.__doc__
            if cls.__doc__:
                _doc += cls.__doc__
        except Exception:
            _doc = None

        section.add_text('\n    %s' % _doc if _doc else missing)

        if not any([cls.packages, cls.commands, cls.files, cls.kernel_mods,
                    cls.services, cls.containers]):
            section.add_text("This plugin is always enabled by default.")
        else:
            for trig in ['packages', 'commands', 'files', 'kernel_mods',
                         'services']:
                if getattr(cls, trig, None):
                    section.add_text(
                        "Enabled by %s: %s"
                        % (trig, ', '.join(getattr(cls, trig))),
                        newline=False
                    )
            if getattr(cls, 'containers'):
                section.add_text(
                    "Enabled by containers with names matching: %s"
                    % ', '.join(c for c in cls.containers),
                    newline=False
                )

        if cls.profiles:
            section.add_text(
                "Enabled with the following profiles: %s"
                % ', '.join(p for p in cls.profiles),
                newline=False
            )

        if hasattr(cls, 'verify_packages'):
            section.add_text(
                "\nVerfies packages (when using --verify): %s"
                % ', '.join(pkg for pkg in cls.verify_packages),
                newline=False,
            )

        if cls.postproc is not Plugin.postproc:
            section.add_text(
                'This plugin performs post-processing on potentially '
                'sensitive collections. Disabling post-processing may'
                ' leave sensitive data in plaintext.'
            )

        if not cls.option_list:
            return

        optsec = section.add_section('Plugin Options')
        optsec.add_text(
            "These options may be toggled or changed using '%s'"
            % bold("-k %s.option_name=$value" % cls.plugin_name)
        )
        optsec.add_text(bold(
            "\n{:<4}{:<20}{:<30}{:<20}\n".format(
                ' ', "Option Name", "Default", "Description")
            ), newline=False
        )

        opt_indent = ' ' * 54
        for opt in cls.option_list:
            _def = opt.default
            # convert certain values to text meanings
            if _def is None or _def == '':
                _def = "None/Unset"
            if isinstance(opt.default, bool):
                if opt.default:
                    _def = "True/On"
                else:
                    _def = "False/Off"
            _ln = "{:<4}{:<20}{:<30}{:<20}".format(' ', opt.name, _def,
                                                   opt.desc)
            optsec.add_text(
                textwrap.fill(_ln, width=TERMSIZE,
                              subsequent_indent=opt_indent),
                newline=False
            )
            if opt.long_desc:
                _size = TERMSIZE - 10
                space = ' ' * 8
                optsec.add_text(
                    textwrap.fill(opt.long_desc, width=_size,
                                  initial_indent=space,
                                  subsequent_indent=space),
                    newline=False
                )

    @classmethod
    def display_self_help(cls, section):
        section.set_title("SoS Plugin Detailed Help")
        section.add_text(
            "Plugins are what define what collections occur for a given %s "
            "execution. Plugins are generally representative of a single "
            "system component (e.g. kernel), package (e.g. podman), or similar"
            " construct. Plugins will typically specify multiple files or "
            "directories to copy, as well as commands to execute and collect "
            "the output of for further analysis."
            % bold('sos report')
        )

        subsec = section.add_section('Plugin Enablement')
        subsec.add_text(
            'Plugins will be automatically enabled based on one of several '
            'triggers - a certain package being installed, a command or file '
            'existing, a kernel module being loaded, etc...'
        )
        subsec.add_text(
            "Plugins may also be enabled or disabled by name using the %s or "
            "%s options respectively."
            % (bold('-e $name'), bold('-n $name'))
        )

        subsec.add_text(
            "Certain plugins may only be available for specific distributions "
            "or may behave differently on different distributions based on how"
            " the component for that plugin is installed or how it operates."
            " When using %s, help will be displayed for the version of the "
            "plugin appropriate for your distribution."
            % bold('sos help report.plugins.$plugin')
        )

        optsec = section.add_section('Using Plugin Options')
        optsec.add_text(
            "Many plugins support additional options to enable/disable or in "
            "some other way modify the collections it makes. Plugin options "
            "are set using the %s syntax. Options that are on/off toggles "
            "may exclude setting a value, which will be interpreted as "
            "enabling that option.\n\nSee specific plugin help sections "
            "or %s for more information on these options"
            % (bold('-k $plugin_name.$option_name=$value'),
               bold('sos report -l'))
        )

        seealso = section.add_section('See Also')
        _also = {
            'report.plugins.$plugin': 'Help for a specific $plugin',
            'policies': 'Information on distribution policies'
        }
        seealso.add_text(
            "Additional relevant information may be available in these "
            "help sections:\n\n%s" % "\n".join(
                "{:>8}{:<30}{:<30}".format(' ', sec, desc)
                for sec, desc in _also.items()
            ), newline=False
        )

    def _format_msg(self, msg):
        return "[plugin:%s] %s" % (self.name(),
                                   # safeguard against non-UTF logging, see
                                   # #2790 for reference
                                   msg.encode('utf-8', 'replace').decode())

    def _log_error(self, msg):
        self.soslog.error(self._format_msg(msg))

    def _log_warn(self, msg):
        self.soslog.warning(self._format_msg(msg))

    def _log_info(self, msg):
        self.soslog.info(self._format_msg(msg))

    def _log_debug(self, msg):
        self.soslog.debug(self._format_msg(msg))

    def strip_sysroot(self, path):
        """Remove the configured sysroot from a filesystem path

        :param path:    The filesystem path to strip sysroot from
        :type path: ``str``

        :returns: The stripped filesystem path
        :rtype: ``str``
        """
        if not self.use_sysroot():
            return path
        if self.sysroot and path.startswith(self.sysroot):
            return path[len(self.sysroot):]
        return path

    def use_sysroot(self):
        """Determine if the configured sysroot needs to be used

        :returns: ``True`` if sysroot is not `/`, else ``False``
        :rtype: ``bool``
        """
        return self.sysroot != os.path.abspath(os.sep)

    def tmp_in_sysroot(self):
        """Check if sysroot is within the archive's temp directory

        :returns: ``True`` if sysroot is in the archive's temp directory, else
                  ``False``
        :rtype: ``bool``
        """
        # if sysroot is still None, that implies '/'
        _sysroot = self.sysroot or '/'
        paths = [_sysroot, self.archive.get_tmp_dir()]
        return os.path.commonprefix(paths) == _sysroot

    def is_installed(self, package_name):
        """Is the package $package_name installed?

        :param package_name:    The name of the package to check
        :type package_name:     ``str``

        :returns: ``True`` id the package is installed, else ``False``
        :rtype: ``bool``
        """
        return (
            len(self.policy.package_manager.all_pkgs_by_name(package_name)) > 0
        )

    def is_service(self, name):
        """Does the service $name exist on the system?

        :param name:    The name of the service to check
        :type name:     ``str``

        :returns: ``True`` if service is present on the system, else ``False``
        :rtype: ``bool``
        """
        return self.policy.init_system.is_service(name)

    def is_service_enabled(self, name):
        """Is the service $name enabled?

        :param name:    The name of the service to check
        :type name:     ``str``

        :returns: ``True if service is enabled on the system, else ``False``
        :rtype: ``bool``
        """
        return self.policy.init_system.is_enabled(name)

    def is_service_disabled(self, name):
        """Is the service $name disabled?

        :param name:    The name of the service to check
        :type name:     ``str``

        :returns: ``True`` if service is disabled on the system, else ``False``
        :rtype: ``bool``
        """
        return self.policy.init_system.is_disabled(name)

    def is_service_running(self, name):
        """Is the service $name currently running?

        :param name:    The name of the service to check
        :type name:     ``str``

        :returns: ``True`` if the service is running on the system, else
                  ``False``
        :rtype: ``bool``
        """
        return self.policy.init_system.is_running(name)

    def get_service_status(self, name):
        """Return the reported status for service $name

        :param name:    The name of the service to check
        :type name:     ``str``

        :returns: The state of the service according to the init system
        :rtype: ``str``
        """
        return self.policy.init_system.get_service_status(name)['status']

    def get_service_names(self, regex):
        """Get all service names matching regex

        :param regex:    A regex to match service names against
        :type regex:    ``str``

        :returns: All service name(s) matching the given `regex`
        :rtype: ``list``
        """
        return self.policy.init_system.get_service_names(regex)

    def set_predicate(self, pred):
        """Set or clear the default predicate for this plugin.

        :param pred:    The predicate to use as the default for this plugin
        :type pred:     ``SoSPredicate``
        """
        self.predicate = pred

    def set_cmd_predicate(self, pred):
        """Set or clear the default predicate for command collection for this
        plugin. If set, this predecate takes precedence over the `Plugin`
        default predicate for command and journal data collection.

        :param pred:    The predicate to use as the default command predicate
        :type pred:     ``SoSPredicate``
        """
        self.cmd_predicate = pred

    def get_predicate(self, cmd=False, pred=None):
        """Get the current default `Plugin` or command predicate.

        :param cmd:     If a command predicate is set, should it be used.
        :type cmd:      ``bool``

        :param pred:    An optional predicate to pass if no command or plugin
                        predicate is set
        :type pred:     ``SoSPredicate``

        :returns:   `pred` if neither a command predicate or plugin predicate
                    is set. The command predicate if one is set and `cmd` is
                    ``True``, else the plugin default predicate (which may be
                    ``None``).
        :rtype:     ``SoSPredicate`` or ``None``
        """
        if pred is not None:
            return pred
        if cmd and self.cmd_predicate is not None:
            return self.cmd_predicate
        return self.predicate

    def test_predicate(self, cmd=False, pred=None):
        """Test the current predicate and return its value.

        :param cmd: ``True`` if the predicate is gating a command or
                    ``False`` otherwise.
        :param pred: An optional predicate to override the current
                     ``Plugin`` or command predicate.

        :returns: ``True`` or ``False`` based on predicate evaluation, or
                  ``False`` if no predicate
        :rtype: ``bool``
        """
        pred = self.get_predicate(cmd=cmd, pred=pred)
        if pred is not None:
            return bool(pred)
        return False

    def log_skipped_cmd(self, cmd, pred, changes=False):
        """Log that a command was skipped due to predicate evaluation.

        Emit a warning message indicating that a command was skipped due
        to predicate evaluation. If ``kmods`` or ``services`` are ``True``
        then the list of expected kernel modules or services will be
        included in the log message. If ``allow_changes`` is ``True`` a
        message indicating that the missing data can be collected by using
        the "--allow-system-changes" command line option will be included.

        :param cmd:     The command that was skipped
        :type cmd:      ``str``

        :param pred:    The predicate that caused the command to be skipped
        :type pred:     ``SoSPredicate``

        :param changes: Is the `--allow-system-changes` enabled
        :type changes:  ``bool``
        """
        if pred is None:
            pred = SoSPredicate(self)
        msg = "skipped command '%s': %s" % (cmd, pred.report_failure())

        if changes:
            msg += " Use '--allow-system-changes' to enable collection."

        self._log_warn(msg)

    def do_cmd_private_sub(self, cmd, desc=""):
        """Remove certificate and key output archived by sos report.
        Any matching instances are replaced with: '-----SCRUBBED' and this
        function does not take a regexp or substituting string.

        :param cmd: The name of the binary to scrub certificate output from
        :type cmd:  ``str``

        :param desc: An identifier to add to the `SCRUBBED` header line
        :type desc: ``str``

        :returns: Number of replacements made
        :rtype: ``int``
        """
        if not self.executed_commands:
            return 0

        self._log_debug("Scrubbing certs and keys for commands matching %s"
                        % (cmd))

        replace = "%s %s" % (_cert_replace, desc) if desc else _cert_replace

        return self.do_cmd_output_sub(cmd, _certmatch, replace)

    def do_cmd_output_sub(self, cmd, regexp, subst):
        """Apply a regexp substitution to command output archived by sosreport.

        This is used to obfuscate sensitive information captured by command
        output collection via plugins.

        :param cmd: The command name/binary name for collected output that
                    needs to be obfuscated. Internally globbed with a leading
                    and trailing `*`
        :type cmd:  ``str``

        :param regexp: A regex to match the contents of the command output
                       against
        :type regexp: ``str`` or compile ``re`` object

        :param subst: The substitution string used to replace matches from
                      `regexp`
        :type subst: ``str``

        :returns: Number of replacements made
        :rtype: ``int``
        """
        globstr = '*' + cmd + '*'
        pattern = regexp.pattern if hasattr(regexp, "pattern") else regexp
        self._log_debug("substituting '%s' for '%s' in commands matching '%s'"
                        % (subst, pattern, globstr))

        if not self.executed_commands:
            return 0

        replacements = None
        try:
            for called in self.executed_commands:
                # was anything collected?
                if called['file'] is None:
                    continue
                if called['binary'] == 'yes':
                    self._log_warn("Cannot apply regex substitution to binary"
                                   " output: '%s'" % called['exe'])
                    continue
                if fnmatch.fnmatch(called['cmd'], globstr):
                    path = os.path.join(self.commons['cmddir'], called['file'])
                    self._log_debug("applying substitution to '%s'" % path)
                    readable = self.archive.open_file(path)
                    result, replacements = re.subn(
                        regexp, subst, readable.read())
                    if replacements:
                        self.archive.add_string(result, path)

        except Exception as e:
            msg = "regex substitution failed for '%s' with: '%s'"
            self._log_error(msg % (called['exe'], e))
            replacements = None
        return replacements

    def do_file_private_sub(self, pathregex, desc=""):
        """Scrub certificate/key/etc information from files collected by sos.

        Files matching the provided pathregex are searched for content that
        resembles certificate, ssh keys, or similar information. Any matches
        are replaced with "-----SCRUBBED $desc" where `desc` is a description
        of the specific type of content being replaced, e.g.
        "-----SCRUBBED RSA PRIVATE KEY" so that support representatives can
        at least be informed of what type of content it was originally.

        :param pathregex: A string or regex of a filename to match against
        :type pathregex: ``str``

        :param desc: A description of the replaced content
        :type desc: ``str``
        """
        self._log_debug("Scrubbing certs and keys for paths matching %s"
                        % pathregex)
        match = re.compile(pathregex).match
        replace = "%s %s" % (_cert_replace, desc) if desc else _cert_replace
        file_list = [f for f in self.copied_files if match(f['srcpath'])]
        for i in file_list:
            path = i['dstpath']
            if not path:
                continue
            self.do_file_sub(path, _certmatch, replace)

    def do_file_sub(self, srcpath, regexp, subst):
        """Apply a regexp substitution to a file archived by sosreport.

        :param srcpath: Path in the archive where the file can be found
        :type srcpath: ``str``

        :param regexp:  A regex to match the contents of the file
        :type regexp: ``str`` or compiled ``re`` object

        :param subst: The substitution string to be used to replace matches
                      within the file
        :type subst: ``str``

        :returns: Number of replacements made
        :rtype: ``int``
        """
        try:
            path = self._get_dest_for_srcpath(srcpath)
            self._log_debug("substituting scrpath '%s'" % srcpath)
            self._log_debug("substituting '%s' for '%s' in '%s'"
                            % (subst,
                               regexp.pattern if hasattr(regexp, "pattern")
                               else regexp,
                               path))
            if not path:
                return 0
            replacements = self.archive.do_file_sub(path, regexp, subst)
        except (OSError, IOError) as e:
            # if trying to regexp a nonexisting file, dont log it as an
            # error to stdout
            if e.errno == errno.ENOENT:
                msg = "file '%s' not collected, substitution skipped"
                self._log_debug(msg % path)
            else:
                msg = "regex substitution failed for '%s' with: '%s'"
                self._log_error(msg % (path, e))
            replacements = 0
        return replacements

    def do_path_regex_sub(self, pathexp, regexp, subst):
        """Apply a regexp substituation to a set of files archived by
        sos. The set of files to be substituted is generated by matching
        collected file pathnames against `pathexp`.

        :param pathexp: A regex to match filenames within the archive
        :type pathexp: ``str`` or compiled ``re`` object

        :param regexp: A regex to match against the contents of each file
        :type regexp: ``str`` or compiled ``re`` object

        :param subst: The substituion string to be used to replace matches
        :type subst: ``str``
        """
        if not hasattr(pathexp, "match"):
            pathexp = re.compile(pathexp)
        match = pathexp.match
        file_list = [f for f in self.copied_files if match(f['srcpath'])]
        for file in file_list:
            self.do_file_sub(file['srcpath'], regexp, subst)

    def do_regex_find_all(self, regex, fname):
        return regex_findall(regex, fname)

    def _copy_symlink(self, srcpath):
        # the target stored in the original symlink
        linkdest = os.readlink(srcpath)
        dest = os.path.join(os.path.dirname(srcpath), linkdest)
        # Absolute path to the link target. If SYSROOT != '/' this path
        # is relative to the host root file system.
        absdest = os.path.normpath(dest)
        # adjust the target used inside the report to always be relative
        if os.path.isabs(linkdest):
            # Canonicalize the link target path to avoid additional levels
            # of symbolic links (that would affect the path nesting level).
            realdir = os.path.realpath(os.path.dirname(srcpath))
            reldest = os.path.relpath(linkdest, start=realdir)
            # trim leading /sysroot
            if self.use_sysroot():
                reldest = reldest[len(os.sep + os.pardir):]
            self._log_debug("made link target '%s' relative as '%s'"
                            % (linkdest, reldest))
        else:
            reldest = linkdest

        self._log_debug("copying link '%s' pointing to '%s' with isdir=%s"
                        % (srcpath, linkdest, self.path_isdir(absdest)))

        dstpath = self.strip_sysroot(srcpath)
        # use the relative target path in the tarball
        self.archive.add_link(reldest, dstpath)

        if self.path_isdir(absdest):
            self._log_debug("link '%s' is a directory, skipping..." % linkdest)
            return

        self.copied_files.append({'srcpath': srcpath,
                                  'dstpath': dstpath,
                                  'symlink': "yes",
                                  'pointsto': linkdest})

        # Check for indirect symlink loops by stat()ing the next step
        # in the link chain.
        try:
            os.stat(absdest)
        except OSError as e:
            if e.errno == 40:
                self._log_debug("link '%s' is part of a file system "
                                "loop, skipping target..." % dstpath)
                return

        # copy the symlink target translating relative targets
        # to absolute paths to pass to _do_copy_path.
        self._log_debug("normalized link target '%s' as '%s'"
                        % (linkdest, absdest))

        # skip recursive copying of symlink pointing to itself.
        if (absdest != srcpath):
            # this allows for ensuring we collect the host's file when copying
            # a symlink from within a container that is within the set sysroot
            force = (absdest.startswith(self.sysroot) and
                     self.policy._in_container)
            self._do_copy_path(absdest, force=force)
        else:
            self._log_debug("link '%s' points to itself, skipping target..."
                            % linkdest)

    def _copy_dir(self, srcpath):
        try:
            for name in self.listdir(srcpath):
                self._log_debug("recursively adding '%s' from '%s'"
                                % (name, srcpath))
                path = os.path.join(srcpath, name)
                self._do_copy_path(path)
        except OSError as e:
            if e.errno == errno.EPERM or errno.EACCES:
                msg = "Permission denied"
                self._log_warn("_copy_dir: '%s' %s" % (srcpath, msg))
                return
            if e.errno == errno.ELOOP:
                msg = "Too many levels of symbolic links copying"
                self._log_error("_copy_dir: %s '%s'" % (msg, srcpath))
                return
            raise

    def _get_dest_for_srcpath(self, srcpath):
        if self.use_sysroot():
            srcpath = self.path_join(srcpath)
        for copied in self.copied_files:
            if srcpath == copied["srcpath"]:
                return copied["dstpath"]
        return None

    def _is_forbidden_path(self, path):
        return any(
            re.match(forbid, path) for forbid in self.forbidden_paths
        )

    def _is_policy_forbidden_path(self, path):
        return any([
            fnmatch.fnmatch(path, fp) for fp in self.policy.forbidden_paths
        ])

    def _is_skipped_path(self, path):
        """Check if the given path matches a user-provided specification to
        ignore collection of via the ``--skip-files`` option

        :param path:    The filepath being collected
        :type path: ``str``

        :returns: ``True`` if file should be skipped, else ``False``
        """
        for _skip_path in self.skip_files:
            if fnmatch.fnmatch(path, _skip_path):
                return True
        return False

    def _copy_node(self, path, st):
        dev_maj = os.major(st.st_rdev)
        dev_min = os.minor(st.st_rdev)
        mode = st.st_mode
        self.archive.add_node(path, mode, os.makedev(dev_maj, dev_min))

    # Methods for copying files and shelling out
    def _do_copy_path(self, srcpath, dest=None, force=False):
        """Copy file or directory to the destination tree. If a directory, then
        everything below it is recursively copied. A list of copied files are
        saved for use later in preparing a report.
        """
        if self._timeout_hit:
            return None

        if self._is_forbidden_path(srcpath):
            self._log_debug("skipping forbidden path '%s'" % srcpath)
            return None

        if not dest:
            dest = srcpath

        if self.use_sysroot():
            dest = self.strip_sysroot(dest)

        try:
            st = os.lstat(srcpath)
        except (OSError, IOError):
            self._log_info("failed to stat '%s'" % srcpath)
            return None

        if stat.S_ISLNK(st.st_mode):
            self._copy_symlink(srcpath)
            return None
        else:
            if stat.S_ISDIR(st.st_mode) and os.access(srcpath, os.R_OK):
                # copy empty directory
                if not self.listdir(srcpath):
                    self.archive.add_dir(dest)
                    return None
                self._copy_dir(srcpath)
                return None

        # handle special nodes (block, char, fifo, socket)
        if not (stat.S_ISREG(st.st_mode) or stat.S_ISDIR(st.st_mode)):
            ntype = _node_type(st)
            self._log_debug("creating %s node at archive:'%s'"
                            % (ntype, dest))
            self._copy_node(dest, st)
            return None

        # if we get here, it's definitely a regular file (not a symlink or dir)
        self._log_debug("copying path '%s' to archive:'%s'" % (srcpath, dest))

        # if not readable(srcpath)
        if not st.st_mode & 0o444:
            # FIXME: reflect permissions in archive
            self.archive.add_string("", dest)
        else:
            self.archive.add_file(srcpath, dest, force=force)

        self.copied_files.append({
            'srcpath': srcpath,
            'dstpath': dest,
            'symlink': "no"
        })

        return None

    def add_forbidden_path(self, forbidden):
        """Specify a path, or list of paths, to not copy, even if it's part of
        an ``add_copy_spec()`` call

        :param forbidden: A filepath to forbid collection from
        :type forbidden: ``str`` or a ``list`` of strings
        """
        if isinstance(forbidden, str):
            forbidden = [forbidden]

        if self.use_sysroot():
            forbidden = [self.path_join(f) for f in forbidden]

        for forbid in forbidden:
            self._log_info("adding forbidden path '%s'" % forbid)
            if "*" in forbid:
                # calling translate() here on a dir-level path will break the
                # re.match() call during path comparison
                forbid = fnmatch.translate(forbid)
            self.forbidden_paths.append(forbid)

    def set_option(self, optionname, value):
        """Set the named option to value. Ensure the original type of the
        option value is preserved

        :param optioname: The name of the option to set
        :type optioname: ``str``

        :param value: The value to set the option to

        :returns: ``True`` if the option is successfully set, else ``False``
        :rtype: ``bool``
        """
        if optionname in self.options:
            try:
                self.options[optionname].set_value(value)
                return True
            except Exception as err:
                self._log_error(err)
                raise
        return False

    def get_option(self, optionname, default=0):
        """Retrieve the value of the requested option, searching in order:
        parameters passed from the command line, set via `set_option()`, or the
        global_plugin_options dict.

        `optionname` may be iterable, in which case this function will return
        the first match.

        :param optionname: The name of the option to retrieve the value of
        :type optionname: ``str``

        :param default: Optionally provide a default value to return if no
                        option matching `optionname` is found. Default 0

        :returns: The value of `optionname` if found, else `default`
        """

        global_options = (
            'all_logs', 'allow_system_changes', 'cmd_timeout', 'journal_size',
            'log_size', 'plugin_timeout', 'since', 'verify'
        )

        if optionname in global_options:
            return getattr(self.commons['cmdlineopts'], optionname)

        if optionname in self.options:
            opt = self.options[optionname]
            if not default or opt.value is not None:
                return opt.value
            return default
        return default

    def _add_copy_paths(self, copy_paths):
        self.copy_paths.update(copy_paths)

    def add_file_tags(self, tagdict):
        """Apply a tag to a file matching a given regex, for use when a file
        is copied by a more generic copyspec.

        :param tagdict: A dict containing the filepatterns to match and the
                        tag(s) to apply to those files
        :type tagdict: ``dict``

        `tagdict` takes the form `{file_pattern: tag}`, E.G. to match all bond
        devices from /proc/net/bonding with the tag `bond`, use
        `{'/proc/net/bonding/bond.*': ['bond']}`
        """
        for fname in tagdict:
            if isinstance(tagdict[fname], str):
                tagdict[fname] = [tagdict[fname]]
        self.filetags.update(tagdict)

    def get_tags_for_file(self, fname):
        """Get the tags that should be associated with a file matching a given
        regex

        :param fname:   A regex for filenames to be matched against
        :type fname: ``str``

        :returns:   The tag(s) associated with `fname`
        :rtype: ``list`` of strings
        """
        tags = []
        for key, val in self.filetags.items():
            if re.match(key, fname):
                tags.extend(val)
        return tags

    def generate_copyspec_tags(self):
        """After file collections have completed, retroactively generate
        manifest entries to apply tags to files copied by generic copyspecs
        """
        for file_regex in self.filetags:
            manifest_data = {
                'specification': file_regex,
                'files_copied': [],
                'tags': self.filetags[file_regex]
            }
            matched_files = []
            for cfile in self.copied_files:
                if re.match(file_regex, cfile['srcpath']):
                    matched_files.append(cfile['dstpath'].lstrip('/'))
            if matched_files:
                manifest_data['files_copied'] = matched_files
                self.manifest.files.append(manifest_data)

    def add_copy_spec(self, copyspecs, sizelimit=None, maxage=None,
                      tailit=True, pred=None, tags=[], container=None):
        """Add a file, directory, or globs matching filepaths to the archive

        :param copyspecs: Files, directories, or globs matching filepaths
        :type copyspecs: ``str`` or a ``list`` of strings

        :param sizelimit: Limit the total size of collections from `copyspecs`
                          to this size in MB
        :type sizelimit: ``int``

        :param maxage: Collect files with `mtime` not older than this many
                       hours
        :type maxage: ``int``

        :param tailit: Should a file that exceeds `sizelimit` be tail'ed to fit
                       the remaining space to meet `sizelimit`
        :type tailit: ``bool``

        :param pred: A predicate to gate if `copyspecs` should be collected
        :type pred: ``SoSPredicate``

        :param tags: A tag or set of tags to add to the metadata information
                     for this collection
        :type tags: ``str`` or a ``list`` of strings

        :param container: Container(s) from which this file should be copied
        :type container: ``str`` or a ``list`` of strings

        `copyspecs` will be expanded and/or globbed as appropriate. Specifying
        a directory here will cause the plugin to attempt to collect the entire
        directory, recursively.

        If `container` is specified, `copyspecs` may only be explicit paths,
        not globs as currently container runtimes do not support glob expansion
        as part of the copy operation.

        Note that `sizelimit` is applied to each `copyspec`, not each file
        individually. For example, a copyspec of
        ``['/etc/foo', '/etc/bar.conf']`` and a `sizelimit` of 25 means that
        sos will collect up to 25MB worth of files within `/etc/foo`, and will
        collect the last 25MB of `/etc/bar.conf`.
        """
        since = None
        if self.get_option('since'):
            since = self.get_option('since')

        logarchive_pattern = re.compile(r'.*((\.(zip|gz|bz2|xz))|[-.][\d]+)$')
        configfile_pattern = re.compile(r"^%s/*" % self.path_join("etc"))

        if not self.test_predicate(pred=pred):
            self._log_info("skipped copy spec '%s' due to predicate (%s)" %
                           (copyspecs, self.get_predicate(pred=pred)))
            return None

        if sizelimit is None:
            sizelimit = self.get_option("log_size")

        if self.get_option('all_logs'):
            sizelimit = None

        if sizelimit:
            sizelimit *= 1024 * 1024  # in MB

        if not copyspecs:
            return False

        if isinstance(copyspecs, str):
            copyspecs = [copyspecs]

        if isinstance(tags, str):
            tags = [tags]

        def get_filename_tag(fname):
            """Generate a tag to add for a single file copyspec

            This tag will be set to the filename, minus any extensions
            except for special extensions like .conf or .log, which will be
            mangled to _conf or similar.
            """
            if fname.startswith(('/proc', '/sys')):
                return None
            _fname = fname.split('/')[-1]
            _fname = _fname.replace('-', '_')
            if _fname.endswith(('.conf', '.log', '.txt')):
                return _fname.replace('.', '_')
            return None

        for copyspec in copyspecs:
            if not (copyspec and len(copyspec)):
                return False

            if not container:
                if self.use_sysroot():
                    copyspec = self.path_join(copyspec)
                files = self._expand_copy_spec(copyspec)
                if len(files) == 0:
                    continue
            else:
                files = [copyspec]

            _spec_tags = []
            if len(files) == 1:
                _spec = get_filename_tag(files[0])
                if _spec:
                    _spec_tags.append(_spec)
                _spec_tags.extend(self.get_tags_for_file(files[0]))

            _spec_tags.extend(tags)
            _spec_tags = list(set(_spec_tags))

            if container:
                if isinstance(container, str):
                    container = [container]
                for con in container:
                    if not self.container_exists(con):
                        continue
                    _tail = False
                    if sizelimit:
                        # to get just the size, stat requires a literal '%s'
                        # which conflicts with python string formatting
                        cmd = "stat -c %s " + copyspec
                        ret = self.exec_cmd(cmd, container=con)
                        if ret['status'] == 0:
                            try:
                                consize = int(ret['output'])
                                if consize > sizelimit:
                                    _tail = True
                            except ValueError:
                                self._log_info(
                                    "unable to determine size of '%s' in "
                                    "container '%s'. Skipping collection."
                                    % (copyspec, con)
                                )
                                continue
                        else:
                            self._log_debug(
                                "stat of '%s' in container '%s' failed, "
                                "skipping collection: %s"
                                % (copyspec, con, ret['output'])
                            )
                            continue
                    self.container_copy_paths.append(
                        (con, copyspec, sizelimit, _tail, _spec_tags)
                    )
                    self._log_info(
                        "added collection of '%s' from container '%s'"
                        % (copyspec, con)
                    )
                # break out of the normal flow here as container file
                # copies are done via command execution, not raw cp/mv
                # operations
                continue

            # Files should be sorted in most-recently-modified order, so that
            # we collect the newest data first before reaching the limit.
            def getmtime(path):
                try:
                    return os.path.getmtime(path)
                except OSError:
                    return 0

            def time_filter(path):
                """ When --since is passed, or maxage is coming from the
                plugin, we need to filter out older files """

                # skip config files or not-logarchive files from the filter
                if ((logarchive_pattern.search(path) is None) or
                   (configfile_pattern.search(path) is not None)):
                    return True
                filetime = datetime.fromtimestamp(getmtime(path))
                if ((since and filetime < since) or
                   (maxage and (time()-filetime < maxage*3600))):
                    return False
                return True

            if since or maxage:
                files = list(filter(lambda f: time_filter(f), files))

            files.sort(key=getmtime, reverse=True)
            current_size = 0
            limit_reached = False

            _manifest_files = []

            for _file in files:
                if _file in self.copy_paths:
                    self._log_debug("skipping redundant file '%s'" % _file)
                    continue
                if self._is_forbidden_path(_file):
                    self._log_debug("skipping forbidden path '%s'" % _file)
                    continue
                if self._is_policy_forbidden_path(_file):
                    self._log_debug("skipping policy forbidden path '%s'"
                                    % _file)
                    continue
                if self._is_skipped_path(_file):
                    self._log_debug("skipping excluded path '%s'" % _file)
                    continue
                if limit_reached:
                    self._log_info("skipping '%s' over size limit" % _file)
                    continue

                try:
                    file_size = os.stat(_file)[stat.ST_SIZE]
                except OSError:
                    # if _file is a broken symlink, we should collect it,
                    # otherwise skip it
                    if self.path_islink(_file):
                        file_size = 0
                    else:
                        self._log_info("failed to stat '%s', skipping" % _file)
                        continue
                current_size += file_size

                if sizelimit and current_size > sizelimit:
                    limit_reached = True

                    if tailit:
                        if file_is_binary(_file):
                            self._log_info(
                                "File '%s' is over size limit and is binary. "
                                "Skipping collection." % _file
                            )
                            continue

                        self._log_info(
                            "File '%s' is over size limit, will instead tail "
                            "the file during collection phase." % _file
                        )
                        add_size = sizelimit + file_size - current_size
                        self._tail_files_list.append((_file, add_size))
                        _manifest_files.append(_file.lstrip('/'))
                else:
                    # size limit not exceeded, copy the file
                    _manifest_files.append(_file.lstrip('/'))
                    self._add_copy_paths([_file])
                    # in the corner case we just reached the sizelimit, we
                    # should collect the whole file and stop
                    limit_reached = (sizelimit and current_size == sizelimit)

            if not container:
                # container collection manifest additions are handled later
                if self.manifest:
                    self.manifest.files.append({
                        'specification': copyspec,
                        'files_copied': _manifest_files,
                        'tags': _spec_tags
                    })
        return None

    def add_device_cmd(self, cmds, devices, timeout=None, sizelimit=None,
                       chroot=True, runat=None, env=None, binary=False,
                       prepend_path=None, whitelist=[], blacklist=[], tags=[],
                       priority=10, subdir=None):
        """Run a command or list of commands against devices discovered during
        sos initialization.

        Any commands specified by cmd will be iterated over the list of the
        specified devices. Commands passed to this should include a '%(dev)s'
        variable for substitution.

        :param cmds:    The command(s) to run against the list of devices
        :type cmds:     ``str`` or a ``list`` of strings

        :param devices: The device paths to run `cmd` against. This should be
                        either a list of devices/device paths or a key in the
                        devices dict discovered by sos during initialization.
        :type devices:  ``str`` or a ``list`` of devices or device paths.

        :param timeout: Timeout in seconds to allow each `cmd` to run
        :type timeout: ``int``

        :param sizelimit: Maximum amount of output to collect, in MB
        :type sizelimit: ``int``

        :param chroot: Should sos chroot the command(s) being run
        :type chroot: ``bool``

        :param runat: Set the filesystem location to execute the command from
        :type runat: ``str``

        :param env: Set environment variables for the command(s) being run
        :type env: ``dict``

        :param binary: Is the output collected going to be binary data
        :type binary: ``bool``

        :param prepend_path: The leading path for block device names
        :type prepend_path: ``str`` or ``None``

        :param whitelist: Limit the devices the `cmds` will be run against to
                          devices matching these item(s)
        :type whitelist: ``list`` of ``str``

        :param blacklist: Do not run `cmds` against devices matching these
                          item(s)
        :type blacklist: ``list`` of ``str``

        :param subdir:  Write the command output to this subdir within the
                        Plugin directory
        :type subdir:   ``str``
        """

        _dev_tags = []
        if isinstance(tags, str):
            tags = [tags]
        if isinstance(devices, str):
            devices = [devices]

        _devs = recursive_dict_values_by_key(self.devices, devices)

        if whitelist:
            if isinstance(whitelist, str):
                whitelist = [whitelist]

            _devs = [d for d in _devs if
                     any(re.match("(.*)?%s" % wl, d) for wl in whitelist)]

        if blacklist:
            if isinstance(blacklist, str):
                blacklist = [blacklist]

            _devs = [d for d in _devs if not
                     any(re.match("(.*)?%s" % bl, d) for bl in blacklist)]

        _dev_tags.extend(tags)
        self._add_device_cmd(cmds, _devs, timeout=timeout,
                             sizelimit=sizelimit, chroot=chroot, runat=runat,
                             env=env, binary=binary, prepend_path=prepend_path,
                             tags=_dev_tags, priority=priority, subdir=subdir)

    def _add_device_cmd(self, cmds, devices, timeout=None, sizelimit=None,
                        chroot=True, runat=None, env=None, binary=False,
                        prepend_path=None, tags=[], priority=10, subdir=None):
        """Run a command against all specified devices on the system.
        """
        if isinstance(cmds, str):
            cmds = [cmds]
        if isinstance(devices, str):
            devices = [devices]
        sizelimit = sizelimit or self.get_option('log_size')
        for cmd in cmds:
            for device in devices:
                _dev_tags = [device]
                _dev_tags.extend(tags)
                if prepend_path:
                    device = self.path_join(prepend_path, device)
                _cmd = cmd % {'dev': device}
                self._add_cmd_output(cmd=_cmd, timeout=timeout,
                                     sizelimit=sizelimit, chroot=chroot,
                                     runat=runat, env=env, binary=binary,
                                     tags=_dev_tags, priority=priority,
                                     subdir=subdir)

    def _add_cmd_output(self, **kwargs):
        """Internal helper to add a single command to the collection list."""
        pred = kwargs.pop('pred') if 'pred' in kwargs else SoSPredicate(self)
        if 'priority' not in kwargs:
            kwargs['priority'] = 10
        if 'changes' not in kwargs:
            kwargs['changes'] = False
        if self.get_option('all_logs') or kwargs['sizelimit'] == 0:
            kwargs['to_file'] = True
        soscmd = SoSCommand(**kwargs)
        self._log_debug("packed command: " + soscmd.__str__())
        for _skip_cmd in self.skip_commands:
            # This probably seems weird to be doing filename matching on the
            # commands, however we want to remain consistent with our regex
            # matching with file paths, which sysadmins are almost guaranteed
            # to assume will use shell-style unix matching
            if fnmatch.fnmatch(soscmd.cmd, _skip_cmd):
                self._log_debug("skipping excluded command '%s'" % soscmd.cmd)
                return
        if self.test_predicate(cmd=True, pred=pred):
            self.collect_cmds.append(soscmd)
            self._log_info("added cmd output '%s'" % soscmd.cmd)
        else:
            self.log_skipped_cmd(soscmd.cmd, pred, changes=soscmd.changes)

    def add_cmd_output(self, cmds, suggest_filename=None,
                       root_symlink=None, timeout=None, stderr=True,
                       chroot=True, runat=None, env=None, binary=False,
                       sizelimit=None, pred=None, subdir=None,
                       changes=False, foreground=False, tags=[],
                       priority=10, cmd_as_tag=False, container=None,
                       to_file=False):
        """Run a program or a list of programs and collect the output

        Output will be limited to `sizelimit`, collecting the last X amount
        of command output matching `sizelimit`. Unless `suggest_filename` is
        set, the file that the output is saved to will match the command as
        it was executed, and will be saved under `sos_commands/$plugin`

        :param cmds: The command(s) to execute
        :type cmds: ``str`` or a ``list`` of strings

        :param suggest_filename: Override the name of the file output is saved
                                 to within the archive
        :type suggest_filename: ``str``

        :param root_symlink: If set, create a symlink with this name in the
                             archive root
        :type root_symlink: ``str``

        :param timeout: Timeout in seconds to allow each `cmd` to run for
        :type timeout: ``int``

        :param stderr: Should stderr output be collected
        :type stderr: ``bool``

        :param chroot: Should sos chroot the `cmds` being run
        :type chroot: ``bool``

        :param runat: Run the `cmds` from this location in the filesystem
        :type runat: ``str``

        :param env: Set environment variables for the `cmds` being run
        :type env: ``dict``

        :param binary: Is the command expected to produce binary output
        :type binary: ``bool``

        :param sizelimit: Maximum amount of output in MB to save
        :type sizelimit: ``int``

        :param pred: A predicate to gate if `cmds` should be collected or not
        :type pred: ``SoSPredicate``

        :param subdir: Save output to this subdirectory, within the plugin's
                       directory under sos_commands
        :type subdir: ``str``

        :param changes: Do `cmds` have the potential to change system state
        :type changes: ``int``

        :param foreground: Should the `cmds` be run in the foreground, with an
                           attached TTY
        :type foreground: ``bool``

        :param tags: A tag or set of tags to add to the metadata entries for
                     the `cmds` being run
        :type tags: ``str`` or a ``list`` of strings

        :param priority:  The priority with which this command should be run,
                          lower values will run before higher values
        :type priority: ``int``

        :param cmd_as_tag: Should the command string be automatically formatted
                           to a tag?
        :type cmd_as_tag: ``bool``

        :param container: Run the specified `cmds` inside a container with this
                          ID or name
        :type container:  ``str``

        :param to_file: Should command output be written directly to a new
                        file rather than stored in memory?
        :type to_file:  ``bool``
        """
        if isinstance(cmds, str):
            cmds = [cmds]
        if len(cmds) > 1 and (suggest_filename or root_symlink):
            self._log_warn("ambiguous filename or symlink for command list")
        if sizelimit is None:
            sizelimit = self.get_option("log_size")
        if pred is None:
            pred = self.get_predicate(cmd=True)
        for cmd in cmds:
            container_cmd = None
            if container:
                ocmd = cmd
                container_cmd = (ocmd, container)
                cmd = self.fmt_container_cmd(container, cmd)
                if not cmd:
                    self._log_debug("Skipping command '%s' as the requested "
                                    "container '%s' does not exist."
                                    % (ocmd, container))
                    continue
            self._add_cmd_output(cmd=cmd, suggest_filename=suggest_filename,
                                 root_symlink=root_symlink, timeout=timeout,
                                 stderr=stderr, chroot=chroot, runat=runat,
                                 env=env, binary=binary, sizelimit=sizelimit,
                                 pred=pred, subdir=subdir, tags=tags,
                                 changes=changes, foreground=foreground,
                                 priority=priority, cmd_as_tag=cmd_as_tag,
                                 to_file=to_file, container_cmd=container_cmd)

    def add_cmd_tags(self, tagdict):
        """Retroactively add tags to any commands that have been run by this
        plugin that match a given regex

        :param tagdict: A dict containing the command regex and associated tags
        :type tagdict: ``dict``

        `tagdict` takes the form of {cmd_regex: tags}, for example to tag all
        commands starting with `foo` with the tag `bar`, use
        {'foo.*': ['bar']}
        """
        for cmd in tagdict:
            if isinstance(tagdict[cmd], str):
                tagdict[cmd] = [tagdict[cmd]]
        self.cmdtags.update(tagdict)

    def get_tags_for_cmd(self, cmd):
        """Get the tag(s) that should be associated with the given command

        :param cmd: The command that tags should be applied to
        :type cmd: ``str``

        :returns: Any tags associated with the command
        :rtype: ``list``
        """
        for key, val in self.cmdtags.items():
            if re.match(key, cmd):
                return val
        return []

    def get_cmd_output_path(self, name=None, make=True):
        """Get the path where this plugin will save command output

        :param name: Optionally specify a filename to use as part of the
                     command output path
        :type name: ``str`` or ``None``

        :param make: Attempt to create the command output path
        :type make: ``bool``

        :returns: The path where the plugin will write command output data
                  within the archive
        :rtype: ``str``
        """
        cmd_output_path = os.path.join(self.archive.get_tmp_dir(),
                                       'sos_commands', self.name())
        if name:
            cmd_output_path = os.path.join(cmd_output_path, name)
        if make:
            os.makedirs(cmd_output_path, exist_ok=True)

        return cmd_output_path

    def file_grep(self, regexp, *fnames):
        """Grep through file(s) for a specific string or regex

        :param regexp: The string or regex to search for
        :type regexp: ``str``

        :param fnames: Paths to grep through
        :type fnames: ``str``, ``list`` of string, or open file objects

        :returns: Lines matching `regexp`
        :rtype: ``str``
        """
        return grep(regexp, *fnames)

    def _mangle_command(self, exe):
        name_max = self.archive.name_max()
        return _mangle_command(exe, name_max)

    def _make_command_filename(self, exe, subdir=None):
        """The internal function to build up a filename based on a command."""

        plugin_dir = self.name()
        if subdir:
            plugin_dir += "/%s" % subdir
        outdir = os.path.join(self.commons['cmddir'], plugin_dir)
        outfn = self._mangle_command(exe)

        # check for collisions
        if os.path.exists(os.path.join(self.archive.get_tmp_dir(),
                                       outdir, outfn)):
            inc = 1
            name_max = self.archive.name_max()
            while True:
                suffix = ".%d" % inc
                newfn = outfn
                if name_max < len(newfn)+len(suffix):
                    newfn = newfn[:(name_max-len(newfn)-len(suffix))]
                newfn = newfn + suffix
                if not os.path.exists(os.path.join(self.archive.get_tmp_dir(),
                                                   outdir, newfn)):
                    outfn = newfn
                    break
                inc += 1

        return os.path.join(outdir, outfn)

    def add_env_var(self, name):
        """Add an environment variable to the list of to-be-collected env vars.

        Collected environment variables will be saved to an `environment` file
        in the archive root, and any variable specified for collection will be
        collected in lowercase, uppercase, and the form provided

        :param name: The name of the environment variable to collect
        :type name: ``str``
        """
        if not isinstance(name, list):
            name = [name]
        for env in name:
            # get both upper and lower cased vars since a common support issue
            # is setting the env vars to the wrong case, and if the plugin
            # adds a mixed case variable name, still get that as well
            self._env_vars.update([env, env.upper(), env.lower()])

    def add_string_as_file(self, content, filename, pred=None, plug_dir=False,
                           tags=[]):
        """Add a string to the archive as a file

        :param content: The string to write to the archive
        :type content: ``str``

        :param filename: The name of the file to write `content` to
        :type filename: ``str``

        :param pred: A predicate to gate if the string should be added to the
                     archive or not
        :type pred: ``SoSPredicate``

        :param plug_dir: Should the string be saved under the plugin's dir in
                         sos_commands/? If false, save to sos_strings/
        :type plug_dir: ``bool``

        :param tags: A tag or set of tags to add to the manifest entry for this
                     collection
        :type tags: ``str`` or a ``list`` of strings
        """

        if not self.test_predicate(cmd=False, pred=pred):
            self._log_info("skipped string due to predicate (%s)" %
                           (self.get_predicate(pred=pred)))
            return

        sos_dir = 'sos_commands' if plug_dir else 'sos_strings'
        filename = os.path.join(sos_dir, self.name(), filename)

        if isinstance(tags, str):
            tags = [tags]

        self.copy_strings.append((content, filename, tags))
        self._log_debug("added string as '%s'" % filename)

    def _collect_cmd_output(self, cmd, suggest_filename=None,
                            root_symlink=False, timeout=None,
                            stderr=True, chroot=True, runat=None, env=None,
                            binary=False, sizelimit=None, subdir=None,
                            changes=False, foreground=False, tags=[],
                            priority=10, cmd_as_tag=False, to_file=False,
                            container_cmd=False):
        """Execute a command and save the output to a file for inclusion in the
        report.

        Positional Arguments:
            :param cmd:                 The command to run

        Keyword Arguments:
            :param suggest_filename:    Filename to use when writing to the
                                        archive
            :param root_symlink:        Create a symlink in the archive root
            :param timeout:             Time in seconds to allow a cmd to run
            :param stderr:              Write stderr to stdout?
            :param chroot:              Perform chroot before running cmd?
            :param runat:               Run the command from this location,
                                        overriding chroot
            :param env:                 Dict of env vars to set for the cmd
            :param binary:              Is the output in binary?
            :param sizelimit:           Maximum size in MB of output to save
            :param subdir:              Subdir in plugin directory to save to
            :param changes:             Does this cmd potentially make a change
                                        on the system?
            :param foreground:          Run the `cmd` in the foreground with a
                                        TTY
            :param tags:                Add tags in the archive manifest
            :param cmd_as_tag:          Format command string to tag
            :param to_file:             Write output directly to file instead
                                        of saving in memory

        :returns:       dict containing status, output, and filename in the
                        archive for the executed cmd

        """
        if self._timeout_hit:
            return None

        if timeout is None:
            timeout = self.cmdtimeout
        _tags = []

        if isinstance(tags, str):
            tags = [tags]

        _tags.extend(tags)
        _tags.extend(self.get_tags_for_cmd(cmd))

        if cmd_as_tag:
            _tags.append(re.sub(r"[^\w\.]+", "_", cmd))

        _tags = list(set(_tags))

        _env = self._get_cmd_environment(env)

        if chroot or self.commons['cmdlineopts'].chroot == 'always':
            root = self.sysroot
        else:
            root = None

        if suggest_filename:
            outfn = self._make_command_filename(suggest_filename, subdir)
        else:
            outfn = self._make_command_filename(cmd, subdir)

        outfn_strip = outfn[len(self.commons['cmddir'])+1:]

        if to_file:
            self._log_debug("collecting '%s' output directly to disk"
                            % cmd)
            self.archive.check_path(outfn, P_FILE)
            out_file = os.path.join(self.archive.get_archive_path(), outfn)
        else:
            out_file = False

        start = time()

        result = sos_get_command_output(
            cmd, timeout=timeout, stderr=stderr, chroot=root,
            chdir=runat, env=_env, binary=binary, sizelimit=sizelimit,
            poller=self.check_timeout, foreground=foreground,
            to_file=out_file
        )

        end = time()
        run_time = end - start

        if result['status'] == 124:
            warn = "command '%s' timed out after %ds" % (cmd, timeout)
            self._log_warn(warn)
            if to_file:
                msg = (" - output up until the timeout may be available at "
                       "%s" % outfn)
                self._log_debug("%s%s" % (warn, msg))

        manifest_cmd = {
            'command': cmd.split(' ')[0],
            'parameters': cmd.split(' ')[1:],
            'exec': cmd,
            'filepath': outfn if to_file else None,
            'truncated': result['truncated'],
            'return_code': result['status'],
            'priority': priority,
            'start_time': start,
            'end_time': end,
            'run_time': run_time,
            'tags': _tags
        }

        # command not found or not runnable
        if result['status'] == 126 or result['status'] == 127:
            # automatically retry chroot'ed commands in the host namespace
            if root and root != '/':
                if self.commons['cmdlineopts'].chroot != 'always':
                    self._log_info("command '%s' not found in %s - "
                                   "re-trying in host root"
                                   % (cmd.split()[0], root))
                    result = sos_get_command_output(
                        cmd, timeout=timeout, chroot=False, chdir=runat,
                        env=env, binary=binary, sizelimit=sizelimit,
                        poller=self.check_timeout, to_file=out_file
                    )
                    run_time = time() - start
            self._log_debug("could not run '%s': command not found" % cmd)
            # Exit here if the command was not found in the chroot check above
            # as otherwise we will create a blank file in the archive
            if result['status'] in [126, 127]:
                if self.manifest:
                    self.manifest.commands.append(manifest_cmd)
                    return result

        self._log_debug("collected output of '%s' in %s (changes=%s)"
                        % (cmd.split()[0], run_time, changes))

        if result['truncated']:
            self._log_info("collected output of '%s' was truncated"
                           % cmd.split()[0])
            linkfn = outfn
            outfn = outfn.replace('sos_commands', 'sos_strings') + '.tailed'

        if not to_file:
            if binary:
                self.archive.add_binary(result['output'], outfn)
            else:
                self.archive.add_string(result['output'], outfn)

        if result['truncated']:
            # we need to manually build the relative path from the paths that
            # exist within the build dir to properly drop these symlinks
            _outfn_path = os.path.join(self.archive.get_archive_path(), outfn)
            _link_path = os.path.join(self.archive.get_archive_path(), linkfn)
            rpath = os.path.relpath(_outfn_path, _link_path)
            rpath = rpath.replace('../', '', 1)
            self.archive.add_link(rpath, linkfn)
        if root_symlink:
            self.archive.add_link(outfn, root_symlink)

        # save info for later
        self.executed_commands.append({'cmd': cmd, 'file': outfn_strip,
                                       'binary': 'yes' if binary else 'no'})

        result['filename'] = (
            os.path.join(self.archive.get_archive_path(), outfn) if outfn else
            ''
        )

        if self.manifest:
            manifest_cmd['filepath'] = outfn
            manifest_cmd['run_time'] = run_time
            self.manifest.commands.append(manifest_cmd)
            if container_cmd:
                self._add_container_cmd_to_manifest(manifest_cmd.copy(),
                                                    container_cmd)
        return result

    def collect_cmd_output(self, cmd, suggest_filename=None,
                           root_symlink=False, timeout=None,
                           stderr=True, chroot=True, runat=None, env=None,
                           binary=False, sizelimit=None, pred=None,
                           changes=False, foreground=False, subdir=None,
                           tags=[]):
        """Execute a command and save the output to a file for inclusion in the
        report, then return the results for further use by the plugin

        :param cmd:                 The command to run
        :type cmd: ``str``

        :param suggest_filename:    Filename to use when writing to the
                                    archive
        :param suggest_filename: ``str``

        :param root_symlink:        Create a symlink in the archive root
        :type root_symlink: ``bool``

        :param timeout:             Time in seconds to allow a cmd to run
        :type timeout: ``int``

        :param stderr:              Write stderr to stdout?
        :type stderr: ``bool``

        :param chroot:              Perform chroot before running cmd?
        :type chroot: ``bool``

        :param runat:               Run the command from this location,
                                    overriding chroot
        :type runat: ``str``

        :param env:                 Environment vars to set for the cmd
        :type env: ``dict``

        :param binary:              Is the output in binary?
        :type binary: ``bool``

        :param sizelimit:           Maximum size in MB of output to save
        :type sizelimit: ``int``

        :param subdir:              Subdir in plugin directory to save to
        :type subdir: ``str``

        :param changes:             Does this cmd potentially make a change
                                    on the system?
        :type changes: ``bool``

        :param foreground:          Run the `cmd` in the foreground with a TTY
        :type foreground: ``bool``

        :param tags:                Add tags in the archive manifest
        :type tags: ``str`` or a ``list`` of strings

        :returns:       `cmd` exit status, output, and the filepath within the
                        archive output was saved to
        :rtype: ``dict``
        """
        if not self.test_predicate(cmd=True, pred=pred):
            self.log_skipped_cmd(cmd, pred, changes=changes)
            return {
                'status': None,  # don't match on if result['status'] checks
                'output': '',
                'filename': ''
            }

        return self._collect_cmd_output(
            cmd, suggest_filename=suggest_filename, root_symlink=root_symlink,
            timeout=timeout, stderr=stderr, chroot=chroot, runat=runat,
            env=env, binary=binary, sizelimit=sizelimit, foreground=foreground,
            subdir=subdir, tags=tags
        )

    def exec_cmd(self, cmd, timeout=None, stderr=True, chroot=True,
                 runat=None, env=None, binary=False, pred=None,
                 foreground=False, container=False, quotecmd=False):
        """Execute a command right now and return the output and status, but
        do not save the output within the archive.

        Use this method in a plugin's setup() if command output is needed to
        build subsequent commands added to a report via add_cmd_output().

        :param cmd:                 The command to run
        :type cmd: ``str``

        :param timeout:             Time in seconds to allow a cmd to run
        :type timeout: ``int``

        :param stderr:              Write stderr to stdout?
        :type stderr: ``bool``

        :param chroot:              Perform chroot before running cmd?
        :type chroot: ``bool``

        :param runat:               Run the command from this location,
                                    overriding chroot
        :type runat: ``str``

        :param env:                 Environment vars to set for the cmd
        :type env: ``dict``

        :param binary:              Is the output in binary?
        :type binary: ``bool``

        :param pred:                A predicate to gate execution of the `cmd`
        :type pred: ``SoSPredicate``

        :param foreground:          Run the `cmd` in the foreground with a TTY
        :type foreground: ``bool``

        :param container:           Execute this command in a container with
                                    this name
        :type container: ``str``

        :param quotecmd:            Whether the cmd should be quoted.
        :type quotecmd: ``bool``

        :returns:                   Command exit status and output
        :rtype: ``dict``
        """
        _default = {'status': None, 'output': ''}
        if not self.test_predicate(cmd=True, pred=pred):
            return _default

        if timeout is None:
            timeout = self.cmdtimeout

        if chroot or self.commons['cmdlineopts'].chroot == 'always':
            root = self.sysroot
        else:
            root = None

        _env = self._get_cmd_environment(env)

        if container:
            if self._get_container_runtime() is None:
                self._log_info("Cannot run cmd '%s' in container %s: no "
                               "runtime detected on host." % (cmd, container))
                return _default
            if self.container_exists(container):
                cmd = self.fmt_container_cmd(container, cmd, quotecmd)
            else:
                self._log_info("Cannot run cmd '%s' in container %s: no such "
                               "container is running." % (cmd, container))

        return sos_get_command_output(cmd, timeout=timeout, chroot=root,
                                      chdir=runat, binary=binary, env=_env,
                                      foreground=foreground, stderr=stderr)

    def _add_container_file_to_manifest(self, container, path, arcpath, tags):
        """Adds a file collection to the manifest for a particular container
        and file path.

        :param container:   The name of the container
        :type container:    ``str``

        :param path:        The filename from the container filesystem
        :type path:         ``str``

        :param arcpath:     Where in the archive the file is written to
        :type arcpath:      ``str``

        :param tags:        Metadata tags for this collection
        :type tags:         ``str`` or ``list`` of strings
        """
        if container not in self.manifest.containers:
            self.manifest.containers[container] = {'files': [], 'commands': []}
        self.manifest.containers[container]['files'].append({
            'specification': path,
            'files_copied': arcpath,
            'tags': tags
        })

    def _add_container_cmd_to_manifest(self, manifest, contup):
        """Adds a command collection to the manifest for a particular container
        and creates a symlink to that collection from the relevant
        sos_containers/ location

        :param manifest:    The manifest entry for the command
        :type manifest:     ``dict``

        :param contup:      A tuple of (original_cmd, container_name)
        :type contup:       ``tuple``
        """

        cmd, container = contup
        if container not in self.manifest.containers:
            self.manifest.containers[container] = {'files': [], 'commands': []}
        manifest['exec'] = cmd
        manifest['command'] = cmd.split(' ')[0]
        manifest['parameters'] = cmd.split(' ')[1:]

        _cdir = "sos_containers/%s/sos_commands/%s" % (container, self.name())
        _outloc = "../../../../%s" % manifest['filepath']
        cmdfn = self._mangle_command(cmd)
        conlnk = "%s/%s" % (_cdir, cmdfn)

        # If check_path return None, it means that the sym link already exits,
        # so to avoid Error 17, trying to recreate, we will skip creation and
        # trust on the existing sym link (e.g. duplicate command)
        if self.archive.check_path(conlnk, P_LINK):
            os.symlink(_outloc, self.archive.dest_path(conlnk))

        manifest['filepath'] = conlnk
        self.manifest.containers[container]['commands'].append(manifest)

    def _get_container_runtime(self, runtime=None):
        """Based on policy and request by the plugin, return a usable
        ContainerRuntime if one exists
        """
        if runtime is None:
            if 'default' in self.policy.runtimes.keys():
                return self.policy.runtimes['default']
        else:
            for pol_runtime in list(self.policy.runtimes.keys()):
                if runtime == pol_runtime:
                    return self.policy.runtimes[pol_runtime]
        return None

    def container_exists(self, name):
        """If a container runtime is present, check to see if a container with
        a given name is currently running

        :param name:    The name or ID of the container to check presence of
        :type name: ``str``

        :returns: ``True`` if `name` exists, else ``False``
        :rtype: ``bool``
        """
        _runtime = self._get_container_runtime()
        if _runtime is not None:
            return (_runtime.container_exists(name) or
                    _runtime.get_container_by_name(name) is not None)
        return False

    def get_all_containers_by_regex(self, regex, get_all=False):
        """Get a list of all container names and ID matching a regex

        :param regex:   The regular expression to match
        :type regex:    ``str``

        :param get_all: Return all containers found, even terminated ones
        :type get_all:  ``bool``

        :returns:   All container IDs and names matching ``regex``
        :rtype:     ``list`` of ``tuples`` as (id, name)
        """
        _runtime = self._get_container_runtime()
        if _runtime is not None:
            _containers = _runtime.get_containers(get_all=get_all)
            return [c for c in _containers if re.match(regex, c[1])]
        return []

    def get_container_by_name(self, name):
        """Get the container ID for a specific container

        :param name:    The name of the container
        :type name: ``str``

        :returns: The ID of the container if it exists
        :rtype: ``str`` or ``None``
        """
        _runtime = self._get_container_runtime()
        if _runtime is not None:
            return _runtime.get_container_by_name(name)
        return None

    def get_containers(self, runtime=None, get_all=False):
        """Return a list of all container IDs from the ``Policy``
        ``ContainerRuntime``

        If `runtime` is not provided, use the ``Policy`` default

        :param runtime:     The container runtime to use, if not the default
                            runtime detected and loaded by the ``Policy``
        :type runtime: ``str``

        :param get_all:     Return all containers known to the `runtime`, even
                            those that have terminated
        :type get_all: ``bool``

        :returns: All container IDs found by the ``ContainerRuntime``
        :rtype: ``list``
        """
        _runtime = self._get_container_runtime(runtime=runtime)
        if _runtime is not None:
            if get_all:
                return _runtime.get_containers(get_all=True)
            else:
                return _runtime.containers
        return []

    def get_container_images(self, runtime=None):
        """Return a list of all image names from the Policy's
        ContainerRuntime

        If `runtime` is not provided, use the Policy default. If the specified
        `runtime` is not loaded, return empty.

        :param runtime:     The container runtime to use, if not using the
                            default runtime detected by the ``Policy``
        :type runtime: ``str``

        :returns: A list of container images known to the `runtime`
        :rtype: ``list``
        """
        _runtime = self._get_container_runtime(runtime=runtime)
        if _runtime is not None:
            return _runtime.images
        return []

    def get_container_volumes(self, runtime=None):
        """Return a list of all volume names from the Policy's
        ContainerRuntime

        If `runtime` is not provided, use the Policy default. If the specified
        `runtime` is not loaded, return empty.

        :param runtime:     The container runtime to use, if not using the
                            default runtime detected by the ``Policy``
        :type runtime: ``str``

        :returns: A list of container volumes known to the `runtime`
        :rtype: ``list``
        """
        _runtime = self._get_container_runtime(runtime=runtime)
        if _runtime is not None:
            return _runtime.volumes
        return []

    def add_container_logs(self, containers, get_all=False, **kwargs):
        """Helper to get the ``logs`` output for a given container or list
        of container names and/or regexes.

        Supports passthru of add_cmd_output() options

        :param containers:   The name of the container to retrieve logs from,
                             may be a single name or a regex
        :type containers:    ``str`` or ``list`` of strs

        :param get_all:     Should non-running containers also be queried?
                            Default: False
        :type get_all:      ``bool``

        :param kwargs:      Any kwargs supported by ``add_cmd_output()`` are
                            supported here
        """
        _runtime = self._get_container_runtime()
        if _runtime is not None:
            if isinstance(containers, str):
                containers = [containers]
            for container in containers:
                _cons = self.get_all_containers_by_regex(container, get_all)
                for _con in _cons:
                    cmd = _runtime.get_logs_command(_con[1])
                    self.add_cmd_output(cmd, **kwargs)

    def fmt_container_cmd(self, container, cmd, quotecmd=False):
        """Format a command to be executed by the loaded ``ContainerRuntime``
        in a specified container

        :param container:   The name of the container to execute the `cmd` in
        :type container: ``str``

        :param cmd:         The command to run within the container
        :type cmd: ``str``

        :param quotecmd:    Whether the cmd should be quoted.
        :type quotecmd: ``bool``

        :returns: The command to execute so that the specified `cmd` will run
                  within the `container` and not on the host
        :rtype: ``str``
        """
        if self.container_exists(container):
            _runtime = self._get_container_runtime()
            return _runtime.fmt_container_cmd(container, cmd, quotecmd)
        return ''

    def is_module_loaded(self, module_name):
        """Determine whether specified module is loaded or not

        :param module_name: Name of kernel module to check for presence
        :type module_name: ``str``

        :returns: ``True`` if the module is loaded, else ``False``
        :rtype: ``bool``
        """
        return module_name in self.policy.kernel_mods

    # For adding output
    def add_alert(self, alertstring):
        """Add an alert to the collection of alerts for this plugin. These
        will be displayed in the report

        :param alertstring: The text to add as an alert
        :type alertstring: ``str``
        """
        self.alerts.append(alertstring)

    def add_custom_text(self, text):
        """Append text to the custom text that is included in the report. This
        is freeform and can include html.

        :param text:    The text to include in the report
        :type text:     ``str``
        """
        self.custom_text += text

    def add_service_status(self, services, **kwargs):
        """Collect service status information based on the ``InitSystem`` used

        :param services: Service name(s) to collect statuses for
        :type services: ``str`` or a ``list`` of strings

        :param kwargs:   Optional arguments to pass to add_cmd_output
                         (timeout, predicate, suggest_filename,..)

        """
        if isinstance(services, str):
            services = [services]

        query = self.policy.init_system.query_cmd
        if not query:
            # No policy defined InitSystem, cannot use add_service_status
            self._log_debug('Cannot add service output, policy does not define'
                            ' an InitSystem to use')
            return

        for service in services:
            self.add_cmd_output("%s %s" % (query, service), **kwargs)

    def add_journal(self, units=None, boot=None, since=None, until=None,
                    lines=None, allfields=False, output=None,
                    timeout=None, identifier=None, catalog=None,
                    sizelimit=None, pred=None, tags=None, priority=10):
        """Collect journald logs from one of more units.

        :param units:   Which journald units to collect
        :type units: ``str`` or a ``list`` of strings

        :param boot:    A boot index using the journalctl syntax. The special
                        values 'this' and 'last' are also accepted.
        :type boot: ``str``

        :param since:   Start time for journal messages
        :type since: ``str``

        :param until:   End time forjournal messages
        :type until: ``str``

        :param lines: The maximum number of lines to be collected
        :type lines: ``int``

        :param allfields: Include all journal fields regardless of size or
                          non-printable characters
        :type allfields: ``bool``

        :param output:  Journalctl output control string, for example "verbose"
        :type output: ``str``

        :param timeout: An optional timeout in seconds
        :type timeout: ``int``

        :param identifier: An optional message identifier
        :type identifier: ``str``

        :param catalog: Augment lines with descriptions from the system catalog
        :type catalog: ``bool``

        :param sizelimit: Limit to the size of output returned in MB.
                          Defaults to the value of --log-size.
        :type sizelimit: ``int``
        """
        journal_cmd = "journalctl --no-pager "
        unit_opt = " --unit %s"
        boot_opt = " --boot %s"
        since_opt = " --since '%s'"
        until_opt = " --until %s"
        lines_opt = " --lines %s"
        output_opt = " --output %s"
        identifier_opt = " --identifier %s"
        catalog_opt = " --catalog"

        if sizelimit == 0 or self.get_option("all_logs"):
            # allow for specific sizelimit overrides in plugins
            log_size = 0
        else:
            log_size = sizelimit or self.get_option('journal_size')

        if isinstance(units, str):
            units = [units]

        if isinstance(tags, str):
            tags = [tags]
        elif not tags:
            tags = []

        if units:
            for unit in units:
                journal_cmd += unit_opt % unit
                tags.append("journal_%s" % unit)

        if identifier:
            journal_cmd += identifier_opt % identifier

        if catalog:
            journal_cmd += catalog_opt

        if allfields:
            journal_cmd += " --all"

        if boot:
            if boot == "this":
                boot = ""
            if boot == "last":
                boot = "-1"
            journal_cmd += boot_opt % boot

        if since:
            journal_cmd += since_opt % since

        if until:
            journal_cmd += until_opt % until

        if lines:
            journal_cmd += lines_opt % lines

        if output:
            journal_cmd += output_opt % output

        self._log_debug("collecting journal: %s" % journal_cmd)
        self._add_cmd_output(cmd=journal_cmd, timeout=timeout,
                             sizelimit=log_size, pred=pred, tags=tags,
                             priority=priority)

    def _expand_copy_spec(self, copyspec):
        def __expand(paths):
            found_paths = []
            paths = glob.glob(paths)
            for path in paths:
                try:
                    # avoid recursive symlink dirs
                    if self.path_isfile(path) or self.path_islink(path):
                        found_paths.append(path)
                    elif self.path_isdir(path) and self.listdir(path):
                        found_paths.extend(__expand(self.path_join(path, '*')))
                    else:
                        found_paths.append(path)
                except PermissionError:
                    # when running in LXD, we've seen os.access return True for
                    # some /sys or /proc paths yet still get a PermissionError
                    # when calling os.listdir(), so rather than rely on that,
                    # just catch and ignore permissions errors resulting from
                    # security modules like apparmor/selinux
                    # Ref: https://github.com/lxc/lxd/issues/5688
                    pass
            return list(set(found_paths))

        if (os.access(copyspec, os.R_OK) and self.path_isdir(copyspec) and
                self.listdir(copyspec)):
            # the directory exists and is non-empty, recurse through it
            copyspec = self.path_join(copyspec, '*')
        expanded = glob.glob(copyspec, recursive=True)
        recursed_files = []
        for _path in expanded:
            try:
                if self.path_isdir(_path) and self.listdir(_path):
                    # remove the top level dir to avoid duplicate attempts to
                    # copy the dir and its contents
                    expanded.remove(_path)
                    recursed_files.extend(__expand(os.path.join(_path, '*')))
            except PermissionError:
                # same as the above in __expand(), but this time remove the
                # path so we don't hit another PermissionError during the
                # actual copy
                expanded.remove(_path)
        expanded.extend(recursed_files)
        return list(set(expanded))

    def _collect_copy_specs(self):
        for path in sorted(self.copy_paths, reverse=True):
            self._log_info("collecting path '%s'" % path)
            self._do_copy_path(path)
        self.generate_copyspec_tags()

    def _collect_container_copy_specs(self):
        """Copy any requested files from containers here. This is done
        separately from normal file collection as this requires the use of
        a container runtime.

        This method will iterate over self.container_copy_paths which is a set
        of 5-tuples as (container, path, sizelimit, stdout, tags).
        """
        if not self.container_copy_paths:
            return
        rt = self._get_container_runtime()
        if not rt:
            self._log_info("Cannot collect container based files - no runtime "
                           "is present/active.")
            return
        if not rt.check_can_copy():
            self._log_info("Loaded runtime '%s' does not support copying "
                           "files from containers. Skipping collections.")
            return
        for contup in self.container_copy_paths:
            con, path, sizelimit, tailit, tags = contup
            self._log_info("collecting '%s' from container '%s'" % (path, con))

            arcdest = "sos_containers/%s/%s" % (con, path.lstrip('/'))
            self.archive.check_path(arcdest, P_FILE)
            dest = self.archive.dest_path(arcdest)

            cpcmd = rt.get_copy_command(
                con, path, dest, sizelimit=sizelimit if tailit else None
            )
            cpret = self.exec_cmd(cpcmd, timeout=10)

            if cpret['status'] == 0:
                if tailit:
                    # current runtimes convert files sent to stdout to tar
                    # archives, with no way to control that
                    self.archive.add_string(cpret['output'], arcdest)
                self._add_container_file_to_manifest(con, path, arcdest, tags)
            else:
                self._log_info("error copying '%s' from container '%s': %s"
                               % (path, con, cpret['output']))

    def _collect_cmds(self):
        self.collect_cmds.sort(key=lambda x: x.priority)
        for soscmd in self.collect_cmds:
            self._log_debug("unpacked command: " + soscmd.__str__())
            self._log_info("collecting output of '%s'" % soscmd.cmd)
            self._collect_cmd_output(**soscmd.__dict__)

    def _collect_tailed_files(self):
        for _file, _size in self._tail_files_list:
            self._log_info(f"collecting tail of '{_file}' due to size limit")
            file_name = _file
            if file_name[0] == os.sep:
                file_name = file_name.lstrip(os.sep)
            strfile = (
                file_name.replace(os.path.sep, ".") + ".tailed"
            )
            self.add_string_as_file(tail(_file, _size), strfile)
            rel_path = os.path.relpath('/', os.path.dirname(_file))
            link_path = os.path.join(rel_path, 'sos_strings',
                                     self.name(), strfile)
            self.archive.add_link(link_path, _file)

    def _collect_strings(self):
        for string, file_name, tags in self.copy_strings:
            if self._timeout_hit:
                return
            self._log_info("collecting string as '%s'" % file_name)
            try:
                self.archive.add_string(string, file_name)
                _name = file_name.split('/')[-1].replace('.', '_')
                self.manifest.strings[_name] = {
                    'path': file_name,
                    'tags': tags
                }
            except Exception as e:
                self._log_debug("could not add string '%s': %s"
                                % (file_name, e))

    def _collect_manual(self):
        """Kick off manual collections performed by the plugin. These manual
        collections are anything the plugin collects outside of existing
        files and/or command output. Anything the plugin manually compiles or
        constructs for data that is included in the final archive.

        Plugins will need to define these collections by overriding the
        ``collect()`` method, similar to how plugins define their own
        ``setup()`` methods.
        """
        try:
            self.collect()
        except Exception as err:
            self._log_error(f"Error during plugin collections: {err}")

    def collect(self):
        """If a plugin needs to manually compile some data for a collection,
        that should be specified here by overriding this method.

        These collections are run last during a plugin's execution, and as such
        are more likely to be interrupted by timeouts than file or command
        output collections.
        """
        pass

    @contextlib.contextmanager
    def collection_file(self, fname, subdir=None, tags=[]):
        """Handles creating and managing files within a plugin's subdirectory
        within the archive, and is intended to be used to save manually
        compiled data generated during a plugin's ``_collect_manual()`` step
        of the collection phase.

        Plugins should call this method using a ``with`` context manager.

        :param fname:       The name of the file within the plugin directory
        :type fname:        ``str``

        :param subdir:      If needed, specify a subdir to write the file to
        :type subdir:       ``str``

        :param tags:        Tags to be added to this file in the manifest
        :type tags:         ``str`` or ``list`` of ``str``
        """
        try:
            start = time()
            _pfname = self._make_command_filename(fname, subdir=subdir)
            self.archive.check_path(_pfname, P_FILE)
            _name = self.archive.dest_path(_pfname)
            with open(_name, 'w') as _file:
                self._log_debug(f"manual collection file opened: {_name}")
                yield _file
            end = time()
            run = end - start
            self._log_info(f"manual collection '{fname}' finished in {run}")
            if isinstance(tags, str):
                tags = [tags]
            self.manifest.collections.append({
                'name': fname,
                'filepath': _pfname,
                'tags': tags
            })
        except Exception as err:
            self._log_info(f"Error with collection file '{fname}': {err}")

    def collect_plugin(self):
        """Collect the data for a plugin."""
        start = time()
        self._collect_copy_specs()
        self._collect_container_copy_specs()
        self._collect_tailed_files()
        self._collect_strings()
        self._collect_cmds()
        self._collect_manual()
        fields = (self.name(), time() - start)
        self._log_debug("collected plugin '%s' in %s" % fields)

    def get_description(self):
        """This function will return the description for the plugin"""
        try:
            return self.short_desc
        except Exception:
            return "<no description available>"

    def check_enabled(self):
        """This method will be used to verify that a plugin should execute
        given the condition of the underlying environment.

        The default implementation will return True if none of class.files,
        class.packages, nor class.commands is specified. If any of these is
        specified the plugin will check for the existence of any of the
        corresponding paths, packages or commands and return True if any
        are present.

        For SCLPlugin subclasses, it will check whether the plugin can be run
        for any of installed SCLs. If so, it will store names of these SCLs
        on the plugin class in addition to returning True.

        For plugins with more complex enablement checks this method may be
        overridden.

        :returns:   ``True`` if the plugin should be run for this system, else
                    ``False``
        :rtype: ``bool``
        """
        # some files or packages have been specified for this package
        if any([self.files, self.packages, self.commands, self.kernel_mods,
                self.services, self.containers, self.architectures]):
            if isinstance(self.files, str):
                self.files = [self.files]

            if isinstance(self.packages, str):
                self.packages = [self.packages]

            if isinstance(self.commands, str):
                self.commands = [self.commands]

            if isinstance(self.kernel_mods, str):
                self.kernel_mods = [self.kernel_mods]

            if isinstance(self.services, str):
                self.services = [self.services]

            if isinstance(self, SCLPlugin):
                # save SCLs that match files or packages
                type(self)._scls_matched = []
                for scl in self._get_scls():
                    files = [f % {"scl_name": scl} for f in self.files]
                    packages = [p % {"scl_name": scl} for p in self.packages]
                    commands = [c % {"scl_name": scl} for c in self.commands]
                    services = [s % {"scl_name": scl} for s in self.services]
                    if self._check_plugin_triggers(files,
                                                   packages,
                                                   commands,
                                                   services,
                                                   # SCL containers don't exist
                                                   ()):
                        type(self)._scls_matched.append(scl)
                if type(self)._scls_matched:
                    return True

            return self._check_plugin_triggers(self.files,
                                               self.packages,
                                               self.commands,
                                               self.services,
                                               self.containers)

        if isinstance(self, SCLPlugin):
            # if files and packages weren't specified, we take all SCLs
            type(self)._scls_matched = self._get_scls()

        return True

    def _check_plugin_triggers(self, files, packages, commands, services,
                               containers):

        if not any([files, packages, commands, services, containers]):
            # no checks beyond architecture restrictions
            return self.check_is_architecture()

        return ((any(self.path_exists(fname) for fname in files) or
                any(self.is_installed(pkg) for pkg in packages) or
                any(is_executable(cmd, self.sysroot) for cmd in commands) or
                any(self.is_module_loaded(mod) for mod in self.kernel_mods) or
                any(self.is_service(svc) for svc in services) or
                any(self.container_exists(cntr) for cntr in containers)) and
                self.check_is_architecture())

    def check_is_architecture(self):
        """Checks whether or not the system is running on an architecture that
        the plugin allows. If not architecture is set, assume plugin can run
        on all arches.

        :returns:   ``True`` if the host's architecture allows the plugin to
                    run, else ``False``
        :rtype: ``bool``
        """
        if self.architectures is None:
            return True
        regex = '(?:%s)' % '|'.join(self.architectures)
        return re.match(regex, self.policy.get_arch())

    def default_enabled(self):
        """This decides whether a plugin should be automatically loaded or
        only if manually specified in the command line."""
        return True

    def add_default_collections(self):
        """Based on the class attrs defined for plugin enablement, add a
        standardized set of collections before we call the plugin's own setup()
        method.
        """
        # For any service used for enablement checks, collect its current
        # status if it exists
        for service in self.services:
            if self.is_service(service):
                self.add_service_status(service)
                self.add_journal(service)
        for kmod in self.kernel_mods:
            if self.is_module_loaded(kmod):
                self.add_cmd_output(f"modinfo {kmod}")

    def setup(self):
        """Collect the list of files declared by the plugin. This method
        may be overridden to add further copy_specs, forbidden_paths, and
        external programs if required.
        """
        self.add_copy_spec(list(self.files))

    def setup_verify(self):
        if not hasattr(self, "verify_packages") or not self.verify_packages:
            if hasattr(self, "packages") and self.packages:
                # Limit automatic verification to only the named packages
                self.verify_packages = [p + "$" for p in self.packages]
            else:
                return

        pm = self.policy.package_manager
        verify_cmd = pm.build_verify_command(self.verify_packages)
        if verify_cmd:
            self.add_cmd_output(verify_cmd)

    def path_exists(self, path):
        """Helper to call the sos.utilities wrapper that allows the
        corresponding `os` call to account for sysroot

        :param path:        The canonical path for a specific file/directory
        :type path:         ``str``


        :returns:           True if the path exists in sysroot, else False
        :rtype:             ``bool``
        """
        return path_exists(path, self.sysroot)

    def path_isdir(self, path):
        """Helper to call the sos.utilities wrapper that allows the
        corresponding `os` call to account for sysroot

        :param path:        The canonical path for a specific file/directory
        :type path:         ``str``


        :returns:           True if the path is a dir, else False
        :rtype:             ``bool``
        """
        return path_isdir(path, self.sysroot)

    def path_isfile(self, path):
        """Helper to call the sos.utilities wrapper that allows the
        corresponding `os` call to account for sysroot

        :param path:        The canonical path for a specific file/directory
        :type path:         ``str``


        :returns:           True if the path is a file, else False
        :rtype:             ``bool``
        """
        return path_isfile(path, self.sysroot)

    def path_islink(self, path):
        """Helper to call the sos.utilities wrapper that allows the
        corresponding `os` call to account for sysroot

        :param path:        The canonical path for a specific file/directory
        :type path:         ``str``


        :returns:           True if the path is a link, else False
        :rtype:             ``bool``
        """
        return path_islink(path, self.sysroot)

    def listdir(self, path):
        """Helper to call the sos.utilities wrapper that allows the
        corresponding `os` call to account for sysroot

        :param path:        The canonical path for a specific file/directory
        :type path:         ``str``


        :returns:           Contents of path, if it is a directory
        :rtype:             ``list``
        """
        return listdir(path, self.sysroot)

    def path_join(self, path, *p):
        """Helper to call the sos.utilities wrapper that allows the
        corresponding `os` call to account for sysroot

        :param path:    The leading path passed to os.path.join()
        :type path:     ``str``

        :param p:       Following path section(s) to be joined with ``path``,
                        an empty parameter will result in a path that ends with
                        a separator
        :type p:        ``str``
        """
        return path_join(path, *p, sysroot=self.sysroot)

    def postproc(self):
        """Perform any postprocessing. To be replaced by a plugin if required.
        """
        pass

    def check_process_by_name(self, process):
        """Checks if a named process is found in /proc/[0-9]*/cmdline.

        :param process:     The name of the process
        :type process:      ``str``

        :returns: ``True`` if the process exists, else ``False``
        :rtype: ``bool``
        """
        status = False
        cmd_line_glob = "/proc/[0-9]*/cmdline"
        try:
            cmd_line_paths = glob.glob(cmd_line_glob)
            for path in cmd_line_paths:
                with open(self.path_join(path), 'r') as pfile:
                    cmd_line = pfile.read().strip()
                    if process in cmd_line:
                        status = True
        except IOError:
            return False
        return status

    def get_process_pids(self, process):
        """Get a list of all PIDs that match a specified name

        :param process:     The name of the process the get PIDs for
        :type process:  ``str``

        :returns: A list of PIDs
        :rtype: ``list``
        """
        pids = []
        cmd_line_glob = "/proc/[0-9]*/cmdline"
        cmd_line_paths = glob.glob(cmd_line_glob)
        for path in cmd_line_paths:
            try:
                with open(path, 'r') as f:
                    cmd_line = f.read().strip()
                    if process in cmd_line:
                        pids.append(path.split("/")[2])
            except IOError:
                continue
        return pids

    def get_network_namespaces(self, ns_pattern=None, ns_max=None):
        if ns_max is None and self.commons['cmdlineopts'].namespaces:
            ns_max = self.commons['cmdlineopts'].namespaces
        return self.filter_namespaces(self.commons['namespaces']['network'],
                                      ns_pattern, ns_max)

    def filter_namespaces(self, ns_list, ns_pattern=None, ns_max=None):
        """Filter a list of namespaces by regex pattern or max number of
        namespaces (options originally present in the networking plugin.)
        """
        out_ns = []

        # Regex initialization outside of for loop
        if ns_pattern:
            pattern = (
                '(?:%s$)' % '$|'.join(ns_pattern.split()).replace('*', '.*')
                )
        for ns in ns_list:
            # if ns_pattern defined, skip namespaces not matching the pattern
            if ns_pattern and not bool(re.match(pattern, ns)):
                continue
            out_ns.append(ns)

            # if ns_max is defined at all, break the loop when the limit is
            # reached
            # this allows the use of both '0' and `None` to mean unlimited
            if ns_max:
                if len(out_ns) == ns_max:
                    self._log_warn("Limiting namespace iteration "
                                   "to first %s namespaces found"
                                   % ns_max)
                    break

        return out_ns


class PluginDistroTag():
    """The base tagging class for distro-specific classes used to signify that
    a Plugin is written for that distro.

    Use IndependentPlugin for plugins that are distribution agnostic
    """
    pass


class RedHatPlugin(PluginDistroTag):
    """Tagging class for Red Hat's Linux distributions"""
    pass


class UbuntuPlugin(PluginDistroTag):
    """Tagging class for Ubuntu Linux"""
    pass


class DebianPlugin(PluginDistroTag):
    """Tagging class for Debian Linux"""
    pass


class SuSEPlugin(PluginDistroTag):
    """Tagging class for SuSE Linux distributions"""
    pass


class OpenEulerPlugin(PluginDistroTag):
    """Tagging class for openEuler linux distributions"""
    pass


class CosPlugin(PluginDistroTag):
    """Tagging class for Container-Optimized OS"""
    pass


class IndependentPlugin(PluginDistroTag):
    """Tagging class for plugins that can run on any platform"""
    pass


class ExperimentalPlugin(PluginDistroTag):
    """Tagging class that indicates that this plugin is experimental"""
    pass


class SCLPlugin(RedHatPlugin):
    """Superclass for plugins operating on Software Collections (SCLs).

    Subclasses of this plugin class can specify class.files and class.packages
    using "%(scl_name)s" interpolation. The plugin invoking mechanism will try
    to match these against all found SCLs on the system. SCLs that do match
    class.files or class.packages are then accessible via self.scls_matched
    when the plugin is invoked.
    """

    @property
    def scls_matched(self):
        if not hasattr(type(self), '_scls_matched'):
            type(self)._scls_matched = []
        return type(self)._scls_matched

    def _get_scls(self):
        output = sos_get_command_output("scl -l")["output"]
        return [scl.strip() for scl in output.splitlines()]

    def convert_cmd_scl(self, scl, cmd):
        """wrapping command in "scl enable" call
        """
        scl_cmd = "scl enable %s \"%s\"" % (scl, cmd)
        return scl_cmd

    # config files for Software Collections are under /etc/${prefix}/${scl} and
    # var files are under /var/${prefix}/${scl} where the ${prefix} is distro
    # specific path. So we need to insert the paths after the appropriate root
    # dir.
    def convert_copyspec_scl(self, scl, copyspec):
        scl_prefix = self.policy.get_default_scl_prefix()
        for rootdir in ['etc', 'var']:
            p = re.compile('^/%s/' % rootdir)
            copyspec = os.path.abspath(p.sub('/%s/%s/%s/' %
                                       (rootdir, scl_prefix, scl),
                                       copyspec))
        return copyspec

    def add_copy_spec_scl(self, scl, copyspecs):
        """Same as add_copy_spec, except that it prepends path to SCL root
        to "copyspecs".
        """
        if scl not in self.scls_matched:
            return
        if isinstance(copyspecs, str):
            copyspecs = [copyspecs]
        scl_copyspecs = []
        for copyspec in copyspecs:
            scl_copyspecs.append(self.convert_copyspec_scl(scl, copyspec))
        self.add_copy_spec(scl_copyspecs)


def import_plugin(name, superclasses=None):
    """Import name as a module and return a list of all classes defined in that
    module. superclasses should be a tuple of valid superclasses to import,
    this defaults to (Plugin,).
    """
    plugin_fqname = "sos.report.plugins.%s" % name
    if not superclasses:
        superclasses = (Plugin,)
    return import_module(plugin_fqname, superclasses)

# vim: set et ts=4 sw=4 :

Mr. DellatioNx196 GaLers xh3LL Backd00r 1.0, Coded By Mr. DellatioNx196 - Bogor BlackHat