Skip to content

Commit

Permalink
fix(userspace/libsinsp): minimize master changes to preserve same beh…
Browse files Browse the repository at this point in the history 
…avior.

Signed-off-by: Federico Di Pierro <[email protected]>
  • Loading branch information
@FedeDP
FedeDP committed Nov 19, 2024
1 parent 43754ca commit 62dc215
Show file tree
Hide file tree
Showing 4 changed files with 77 additions and 31 deletions.
61 changes: 47 additions & 14 deletions userspace/libsinsp/parsers.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1240,7 +1240,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) {
default:
ASSERT(false);
}
child_tinfo->m_uid = uid;
child_tinfo->set_user(uid);

/* gid */
int32_t gid = 0;
Expand All @@ -1267,7 +1267,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) {
default:
ASSERT(false);
}
child_tinfo->m_gid = gid;
child_tinfo->set_group(gid);

/* Set cgroups and heuristically detect container id */
switch(etype) {
Expand Down Expand Up @@ -1311,7 +1311,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) {

child_tinfo->m_tty = caller_tinfo->m_tty;

child_tinfo->m_loginuid = caller_tinfo->m_loginuid;
child_tinfo->set_loginuser(caller_tinfo->m_loginuid);

child_tinfo->m_cap_permitted = caller_tinfo->m_cap_permitted;

Expand Down Expand Up @@ -1349,6 +1349,13 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) {
return;
}

/* Refresh user / loginuser / group */
if(new_child->m_container_id.empty() == false) {
new_child->set_group(new_child->m_gid);
new_child->set_user(new_child->m_uid);
new_child->set_loginuser(new_child->m_loginuid);
}

/* If there's a listener, invoke it */
if(m_inspector->get_observer()) {
m_inspector->get_observer()->on_clone(evt, new_child.get(), tid_collision);
Expand Down Expand Up @@ -1619,7 +1626,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) {

child_tinfo->m_tty = lookup_tinfo->m_tty;

child_tinfo->m_loginuid = lookup_tinfo->m_loginuid;
child_tinfo->set_loginuser(lookup_tinfo->m_loginuid);

child_tinfo->m_cap_permitted = lookup_tinfo->m_cap_permitted;

Expand Down Expand Up @@ -1760,7 +1767,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) {
default:
ASSERT(false);
}
child_tinfo->m_uid = uid;
child_tinfo->set_user(uid);

/* gid */
int32_t gid = 0;
Expand All @@ -1787,7 +1794,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) {
default:
ASSERT(false);
}
child_tinfo->m_gid = gid;
child_tinfo->set_group(gid);

/* Set cgroups and heuristically detect container id */
switch(etype) {
Expand Down Expand Up @@ -1833,6 +1840,13 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) {
*/
evt->set_tinfo(new_child.get());

/* Refresh user / loginuser / group */
if(new_child->m_container_id.empty() == false) {
new_child->set_group(new_child->m_gid);
new_child->set_user(new_child->m_uid);
new_child->set_loginuser(new_child->m_loginuid);
}

//
// If there's a listener, invoke it
//
Expand Down Expand Up @@ -2213,7 +2227,7 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) {

// Get the loginuid
if(evt->get_num_params() > 18) {
evt->get_tinfo()->m_loginuid = evt->get_param(18)->as<uint32_t>();
evt->get_tinfo()->set_loginuser(evt->get_param(18)->as<uint32_t>());
}

// Get execve flags
Expand Down Expand Up @@ -2259,7 +2273,7 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) {

// Get uid
if(evt->get_num_params() > 26) {
evt->get_tinfo()->m_uid = evt->get_param(26)->as<uint32_t>();
evt->get_tinfo()->set_user(evt->get_param(26)->as<uint32_t>());
}

// Get pgid
Expand Down Expand Up @@ -2302,6 +2316,16 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) {
//
evt->get_tinfo()->compute_program_hash();

//
// Refresh user / loginuser / group
// if we happen to change container id
//
if(container_id != evt->get_tinfo()->m_container_id) {
evt->get_tinfo()->set_group(evt->get_tinfo()->m_gid);
evt->get_tinfo()->set_user(evt->get_tinfo()->m_uid);
evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuid);
}

//
// If there's a listener, invoke it
//
Expand Down Expand Up @@ -4493,7 +4517,7 @@ void sinsp_parser::parse_setresuid_exit(sinsp_evt *evt) {
if(new_euid < std::numeric_limits<uint32_t>::max()) {
sinsp_threadinfo *ti = evt->get_thread_info();
if(ti) {
ti->m_uid = new_euid;
ti->set_user(new_euid);
}
}
}
Expand All @@ -4513,7 +4537,7 @@ void sinsp_parser::parse_setreuid_exit(sinsp_evt *evt) {
if(new_euid < std::numeric_limits<uint32_t>::max()) {
sinsp_threadinfo *ti = evt->get_thread_info();
if(ti) {
ti->m_uid = new_euid;
ti->set_user(new_euid);
}
}
}
Expand All @@ -4534,7 +4558,7 @@ void sinsp_parser::parse_setresgid_exit(sinsp_evt *evt) {
if(new_egid < std::numeric_limits<uint32_t>::max()) {
sinsp_threadinfo *ti = evt->get_thread_info();
if(ti) {
ti->m_gid = new_egid;
ti->set_group(new_egid);
}
}
}
Expand All @@ -4554,7 +4578,7 @@ void sinsp_parser::parse_setregid_exit(sinsp_evt *evt) {
if(new_egid < std::numeric_limits<uint32_t>::max()) {
sinsp_threadinfo *ti = evt->get_thread_info();
if(ti) {
ti->m_gid = new_egid;
ti->set_group(new_egid);
}
}
}
Expand All @@ -4573,7 +4597,7 @@ void sinsp_parser::parse_setuid_exit(sinsp_evt *evt) {
uint32_t new_euid = enter_evt->get_param(0)->as<uint32_t>();
sinsp_threadinfo *ti = evt->get_thread_info();
if(ti) {
ti->m_uid = new_euid;
ti->set_user(new_euid);
}
}
}
Expand All @@ -4591,7 +4615,7 @@ void sinsp_parser::parse_setgid_exit(sinsp_evt *evt) {
uint32_t new_egid = enter_evt->get_param(0)->as<uint32_t>();
sinsp_threadinfo *ti = evt->get_thread_info();
if(ti) {
ti->m_gid = new_egid;
ti->set_group(new_egid);
}
}
}
Expand Down Expand Up @@ -5046,6 +5070,15 @@ void sinsp_parser::parse_chroot_exit(sinsp_evt *evt) {
m_inspector->m_container_manager.resolve_container(
evt->get_tinfo(),
m_inspector->is_live() || m_inspector->is_syscall_plugin());
//
// Refresh user / loginuser / group
// if we happen to change container id
//
if(container_id != evt->get_tinfo()->m_container_id) {
evt->get_tinfo()->set_group(evt->get_tinfo()->m_gid);
evt->get_tinfo()->set_user(evt->get_tinfo()->m_uid);
evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuid);
}
}
}

Expand Down
29 changes: 26 additions & 3 deletions userspace/libsinsp/threadinfo.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -509,9 +509,9 @@ void sinsp_threadinfo::init(scap_threadinfo* pi) {
this,
m_inspector->is_live() || m_inspector->is_syscall_plugin());

m_uid = pi->uid;
m_gid = pi->gid;
m_loginuid = ((uint32_t)pi->loginuid);
set_group(pi->gid);
set_user(pi->uid);
set_loginuser((uint32_t)pi->loginuid);
}

const sinsp_threadinfo::cgroups_t& sinsp_threadinfo::cgroups() const {
Expand All @@ -530,6 +530,29 @@ std::string sinsp_threadinfo::get_exepath() const {
return m_exepath;
}

void sinsp_threadinfo::set_user(uint32_t uid) {
m_uid = uid;
scap_userinfo* user = m_inspector->m_usergroup_manager.get_user(m_container_id, uid);
if(!user) {
auto notify = m_inspector->is_live() || m_inspector->is_syscall_plugin();
m_inspector->m_usergroup_manager
.add_user(m_container_id, m_pid, uid, m_gid, {}, {}, {}, notify);
}
}

void sinsp_threadinfo::set_group(uint32_t gid) {
m_gid = gid;
scap_groupinfo* group = m_inspector->m_usergroup_manager.get_group(m_container_id, gid);
if(!group) {
auto notify = m_inspector->is_live() || m_inspector->is_syscall_plugin();
m_inspector->m_usergroup_manager.add_group(m_container_id, m_pid, gid, {}, notify);
}
}

void sinsp_threadinfo::set_loginuser(uint32_t loginuid) {
m_loginuid = loginuid;
}

scap_userinfo* sinsp_threadinfo::get_user() const {
auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, m_uid);
if(user != nullptr) {
Expand Down
4 changes: 4 additions & 0 deletions userspace/libsinsp/threadinfo.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -376,6 +376,10 @@ class SINSP_PUBLIC sinsp_threadinfo : public libsinsp::state::table_entry {
*/
std::string get_path_for_dir_fd(int64_t dir_fd);

void set_user(uint32_t uid);
void set_group(uint32_t gid);
void set_loginuser(uint32_t loginuid);

using cgroups_t = std::vector<std::pair<std::string, std::string>>;
const cgroups_t& cgroups() const;

Expand Down
14 changes: 0 additions & 14 deletions userspace/libsinsp/user.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,20 +135,6 @@ void sinsp_usergroup_manager::subscribe_container_mgr() {
[&](const sinsp_container_info &cinfo) -> void {
delete_container_users_groups(cinfo);
});
// Emplace container manager listener to load users/groups from new containers
m_inspector->m_container_manager.subscribe_on_new_container(
[&](const sinsp_container_info & /*cinfo*/, sinsp_threadinfo *tinfo) -> void {
const bool notify = m_inspector->is_live() || m_inspector->is_syscall_plugin();
add_user(tinfo->m_container_id,
tinfo->m_pid,
tinfo->m_uid,
tinfo->m_gid,
{},
{},
{},
notify);
add_group(tinfo->m_container_id, tinfo->m_pid, tinfo->m_gid, {}, notify);
});
}
}

Expand Down

0 comments on commit 62dc215

Please sign in to comment.