fix(src/matchers): fixed runc to latest libs.

Signed-off-by: Federico Di Pierro <[email protected]>
FedeDP · Jan 16, 2025 · 76348e1 · 76348e1
1 parent 9b93d53
commit 76348e1
Showing 1 changed file with 17 additions and 23 deletions.
diff --git a/src/matchers/runc.cpp b/src/matchers/runc.cpp
@@ -3,6 +3,7 @@
 namespace {
 const size_t CONTAINER_ID_LENGTH = 64;
 const size_t REPORTED_CONTAINER_ID_LENGTH = 12;
+const char *CONTAINER_ID_VALID_CHARACTERS = "0123456789abcdefABCDEF";
 
 static_assert(REPORTED_CONTAINER_ID_LENGTH <= CONTAINER_ID_LENGTH,
 "Reported container ID length cannot be longer than actual length");
@@ -16,21 +17,6 @@ inline static bool endswith(const std::string &s, const std::string &suffix) {
 	return s.rfind(suffix) == (s.size() - suffix.size());
 }
 
-inline static bool is_host(const std::string &cgroup) {
-	// A good approximation to minize false-positives is to exclude systemd suffixes.
-	if(endswith(cgroup, ".slice") || endswith(cgroup, ".service")) {
-		return true;
-	} else if(endswith(cgroup, ".scope")) {
-		if(cgroup.find("crio-") != std::string::npos ||
-		   cgroup.find("docker-") != std::string::npos) {
-			return false;
-		}
-		return true;
-	}
-
-	return false;
-}
-
 // check if cgroup ends with <prefix><container_id><suffix>
 // If true, set <container_id> to a truncated version of the id and return true.
 // Otherwise return false and leave container_id unchanged
@@ -49,22 +35,30 @@ bool match_one_container_id(const std::string &cgroup,
         return false;
     }
 
-    // In some container runtimes the container id is not
+    if(end_pos - start_pos == CONTAINER_ID_LENGTH &&
+       cgroup.find_first_not_of(CONTAINER_ID_VALID_CHARACTERS, start_pos) >= CONTAINER_ID_LENGTH) {
+        container_id = cgroup.substr(start_pos, REPORTED_CONTAINER_ID_LENGTH);
+        return true;
+    }
+
+    // In some container runtimes the container the container id is not
     // necessarly CONTAINER_ID_LENGTH long and can be arbitrarly defined.
     // To keep it simple we only discard the container id > of CONTAINER_ID_LENGTH.
     if(end_pos - start_pos > CONTAINER_ID_LENGTH || end_pos - start_pos == 0) {
         return false;
     }
 
-    if(is_host(cgroup)) {
-        return false;
+    // For containerd, make sure to skip systemd host cgroups
+    if(!endswith(cgroup, ".service") &&
+       !endswith(cgroup, ".slice")) {
+        const size_t reported_len = end_pos - start_pos >= REPORTED_CONTAINER_ID_LENGTH
+                                      ? REPORTED_CONTAINER_ID_LENGTH
+                                      : end_pos - start_pos;
+        container_id = cgroup.substr(start_pos, reported_len);
+        return true;
     }
 
-    size_t reported_len = end_pos - start_pos >= REPORTED_CONTAINER_ID_LENGTH
-                                  ? REPORTED_CONTAINER_ID_LENGTH
-                                  : end_pos;
-    container_id = cgroup.substr(start_pos, reported_len);
-    return true;
+    return false;
 }
 
 bool matches_runc_cgroup(const std::string &cgroup,