CA-422743: Fix Kernel lockdown errors from debugfs accesses and remove Python 2.7 code

[bernhardkaindl]

CA-422743: Fix Kernel lockdown errors from debugfs accesses and remove Python 2.7 code

• The fix for Kernel lockdown errors caused by debugfs accesses was originally found by Kevin
  • I'm submitting it on his behalf because of account issues.
• I added the test case to test and cover the code change (and the rest of file_output().-
  • We need this type of coverage also for safely cleaning up this code in the future.

Review questions

Will any files be missing from the bug tool or have empty contents when Secure Boot is enabled?

• As the check is in this PR now, the files below /sys/kernel/debug without any r mode bits are skipped entirely (not just empty).
• But that only affects files that should not have had any content before (if the read() function is not implemented).
• The old behaviour is that bugtool tries to read those unreadable files, silently fails and moves on.

[...] Will any files be missing from the bug tool or have empty contents when Secure Boot is enabled?

• Currently, this check is not limited to secure boot or lockdown mode active or not, which is good for consistency.
• While /sys/kernel/security/lockdown could be checked to start with [none] or not,
• It is better to skip unreadable files below /sys/kernel/debug based on no r mode, for consistency.

As instructed by the xapi-clusterd plugin /etc/xensource/bugtool/xapi-clusterd/bugtool.xml, we will still loop over the toplevel dlm entries and call /usr/sbin/dlm_tool plocks <basename> and /usr/sbin/dlm_tool lockdebug -sv <basename> (but this does not descend into subdirs)

<command label="dlm_tool plocks">for i in /sys/kernel/dlm/*; do /usr/sbin/dlm_tool plocks $(basename $i); done</command>
<command label="dlm_tool lockdebug">for i in /sys/kernel/dlm/*; do /usr/sbin/dlm_tool lockdebug -sv $(basename $i); done</command>

bugtool itself would skip the files which trigger the errors (in the comms/ subdirectory):

--w------- /sys/kernel/debug/dlm/comms/1/rawmsg

This is the upstream commit adding them; they only have a write method for sending raw messages, so there is no "read":
https://cgit.freedesktop.org/drm-misc/commit/fs/dlm?id=9af5b8f0ead7cd90161b0555ed8e85ee38f79fa5

PR details

The tests use f-strings, requiring cleaning up the obsolete Python 2.7 pylint checks.

Because of this, I based this PR on two commits to remove outdated Python 2.7 checks and conditions (which are obsolete since the Yangtze EOL), and we switched to Python 3.6 on XS8 in December.

Commit 1: This is the removal of Python 2.7 code conformity checks (pylint cleanup)
Commit 2: This removes the now obsolete checks of if sys.version_info.major == 2:.

Commit 3 fixes the kernel lockdown errors: It depends on one and two; it touches the same context.

[bernhardkaindl]

I also have 4 docs-only PRs for review:

[docs]: Describe bugtool operation and how bugtool plugins are defined and working: #163
[docs]: Update notes on type annotations (PEP 484) for Python 3.x #159
[docs]: README-pytest.md: Document using logging and breakpoints to debug tests: #154
[docs]: Fix markdownlint warnings, add documentation on bugtool plugins: #150

This is an improvement for a test case to be more friendly for other, new test cases:
[tests]: test_main.py: Undo the temporary change to DB_CONF after test completion: #152

It would be terrific to have these done as well, many thanks!