From 62dc2159bcb84365f0d0e1f7ed2444884812afdc Mon Sep 17 00:00:00 2001
From: Federico Di Pierro <nierro92@gmail.com>
Date: Tue, 19 Nov 2024 14:28:15 +0100
Subject: [PATCH] fix(userspace/libsinsp): minimize master changes to preserve
 same behavior.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
---
 userspace/libsinsp/parsers.cpp    | 61 ++++++++++++++++++++++++-------
 userspace/libsinsp/threadinfo.cpp | 29 +++++++++++++--
 userspace/libsinsp/threadinfo.h   |  4 ++
 userspace/libsinsp/user.cpp       | 14 -------
 4 files changed, 77 insertions(+), 31 deletions(-)

diff --git a/userspace/libsinsp/parsers.cpp b/userspace/libsinsp/parsers.cpp
index 895480d723..5975a75331 100644
--- a/userspace/libsinsp/parsers.cpp
+++ b/userspace/libsinsp/parsers.cpp
@@ -1240,7 +1240,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) {
 	default:
 		ASSERT(false);
 	}
-	child_tinfo->m_uid = uid;
+	child_tinfo->set_user(uid);
 
 	/* gid */
 	int32_t gid = 0;
@@ -1267,7 +1267,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) {
 	default:
 		ASSERT(false);
 	}
-	child_tinfo->m_gid = gid;
+	child_tinfo->set_group(gid);
 
 	/* Set cgroups and heuristically detect container id */
 	switch(etype) {
@@ -1311,7 +1311,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) {
 
 		child_tinfo->m_tty = caller_tinfo->m_tty;
 
-		child_tinfo->m_loginuid = caller_tinfo->m_loginuid;
+		child_tinfo->set_loginuser(caller_tinfo->m_loginuid);
 
 		child_tinfo->m_cap_permitted = caller_tinfo->m_cap_permitted;
 
@@ -1349,6 +1349,13 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) {
 		return;
 	}
 
+	/* Refresh user / loginuser / group */
+	if(new_child->m_container_id.empty() == false) {
+		new_child->set_group(new_child->m_gid);
+		new_child->set_user(new_child->m_uid);
+		new_child->set_loginuser(new_child->m_loginuid);
+	}
+
 	/* If there's a listener, invoke it */
 	if(m_inspector->get_observer()) {
 		m_inspector->get_observer()->on_clone(evt, new_child.get(), tid_collision);
@@ -1619,7 +1626,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) {
 
 		child_tinfo->m_tty = lookup_tinfo->m_tty;
 
-		child_tinfo->m_loginuid = lookup_tinfo->m_loginuid;
+		child_tinfo->set_loginuser(lookup_tinfo->m_loginuid);
 
 		child_tinfo->m_cap_permitted = lookup_tinfo->m_cap_permitted;
 
@@ -1760,7 +1767,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) {
 	default:
 		ASSERT(false);
 	}
-	child_tinfo->m_uid = uid;
+	child_tinfo->set_user(uid);
 
 	/* gid */
 	int32_t gid = 0;
@@ -1787,7 +1794,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) {
 	default:
 		ASSERT(false);
 	}
-	child_tinfo->m_gid = gid;
+	child_tinfo->set_group(gid);
 
 	/* Set cgroups and heuristically detect container id */
 	switch(etype) {
@@ -1833,6 +1840,13 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) {
 	 */
 	evt->set_tinfo(new_child.get());
 
+	/* Refresh user / loginuser / group */
+	if(new_child->m_container_id.empty() == false) {
+		new_child->set_group(new_child->m_gid);
+		new_child->set_user(new_child->m_uid);
+		new_child->set_loginuser(new_child->m_loginuid);
+	}
+
 	//
 	// If there's a listener, invoke it
 	//
@@ -2213,7 +2227,7 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) {
 
 	// Get the loginuid
 	if(evt->get_num_params() > 18) {
-		evt->get_tinfo()->m_loginuid = evt->get_param(18)->as<uint32_t>();
+		evt->get_tinfo()->set_loginuser(evt->get_param(18)->as<uint32_t>());
 	}
 
 	// Get execve flags
@@ -2259,7 +2273,7 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) {
 
 	// Get uid
 	if(evt->get_num_params() > 26) {
-		evt->get_tinfo()->m_uid = evt->get_param(26)->as<uint32_t>();
+		evt->get_tinfo()->set_user(evt->get_param(26)->as<uint32_t>());
 	}
 
 	// Get pgid
@@ -2302,6 +2316,16 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) {
 	//
 	evt->get_tinfo()->compute_program_hash();
 
+	//
+	// Refresh user / loginuser / group
+	// if we happen to change container id
+	//
+	if(container_id != evt->get_tinfo()->m_container_id) {
+		evt->get_tinfo()->set_group(evt->get_tinfo()->m_gid);
+		evt->get_tinfo()->set_user(evt->get_tinfo()->m_uid);
+		evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuid);
+	}
+
 	//
 	// If there's a listener, invoke it
 	//
@@ -4493,7 +4517,7 @@ void sinsp_parser::parse_setresuid_exit(sinsp_evt *evt) {
 		if(new_euid < std::numeric_limits<uint32_t>::max()) {
 			sinsp_threadinfo *ti = evt->get_thread_info();
 			if(ti) {
-				ti->m_uid = new_euid;
+				ti->set_user(new_euid);
 			}
 		}
 	}
@@ -4513,7 +4537,7 @@ void sinsp_parser::parse_setreuid_exit(sinsp_evt *evt) {
 		if(new_euid < std::numeric_limits<uint32_t>::max()) {
 			sinsp_threadinfo *ti = evt->get_thread_info();
 			if(ti) {
-				ti->m_uid = new_euid;
+				ti->set_user(new_euid);
 			}
 		}
 	}
@@ -4534,7 +4558,7 @@ void sinsp_parser::parse_setresgid_exit(sinsp_evt *evt) {
 		if(new_egid < std::numeric_limits<uint32_t>::max()) {
 			sinsp_threadinfo *ti = evt->get_thread_info();
 			if(ti) {
-				ti->m_gid = new_egid;
+				ti->set_group(new_egid);
 			}
 		}
 	}
@@ -4554,7 +4578,7 @@ void sinsp_parser::parse_setregid_exit(sinsp_evt *evt) {
 		if(new_egid < std::numeric_limits<uint32_t>::max()) {
 			sinsp_threadinfo *ti = evt->get_thread_info();
 			if(ti) {
-				ti->m_gid = new_egid;
+				ti->set_group(new_egid);
 			}
 		}
 	}
@@ -4573,7 +4597,7 @@ void sinsp_parser::parse_setuid_exit(sinsp_evt *evt) {
 		uint32_t new_euid = enter_evt->get_param(0)->as<uint32_t>();
 		sinsp_threadinfo *ti = evt->get_thread_info();
 		if(ti) {
-			ti->m_uid = new_euid;
+			ti->set_user(new_euid);
 		}
 	}
 }
@@ -4591,7 +4615,7 @@ void sinsp_parser::parse_setgid_exit(sinsp_evt *evt) {
 		uint32_t new_egid = enter_evt->get_param(0)->as<uint32_t>();
 		sinsp_threadinfo *ti = evt->get_thread_info();
 		if(ti) {
-			ti->m_gid = new_egid;
+			ti->set_group(new_egid);
 		}
 	}
 }
@@ -5046,6 +5070,15 @@ void sinsp_parser::parse_chroot_exit(sinsp_evt *evt) {
 		m_inspector->m_container_manager.resolve_container(
 		        evt->get_tinfo(),
 		        m_inspector->is_live() || m_inspector->is_syscall_plugin());
+		//
+		// Refresh user / loginuser / group
+		// if we happen to change container id
+		//
+		if(container_id != evt->get_tinfo()->m_container_id) {
+			evt->get_tinfo()->set_group(evt->get_tinfo()->m_gid);
+			evt->get_tinfo()->set_user(evt->get_tinfo()->m_uid);
+			evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuid);
+		}
 	}
 }
 
diff --git a/userspace/libsinsp/threadinfo.cpp b/userspace/libsinsp/threadinfo.cpp
index 6ccd261111..c60c0a6010 100644
--- a/userspace/libsinsp/threadinfo.cpp
+++ b/userspace/libsinsp/threadinfo.cpp
@@ -509,9 +509,9 @@ void sinsp_threadinfo::init(scap_threadinfo* pi) {
 	        this,
 	        m_inspector->is_live() || m_inspector->is_syscall_plugin());
 
-	m_uid = pi->uid;
-	m_gid = pi->gid;
-	m_loginuid = ((uint32_t)pi->loginuid);
+	set_group(pi->gid);
+	set_user(pi->uid);
+	set_loginuser((uint32_t)pi->loginuid);
 }
 
 const sinsp_threadinfo::cgroups_t& sinsp_threadinfo::cgroups() const {
@@ -530,6 +530,29 @@ std::string sinsp_threadinfo::get_exepath() const {
 	return m_exepath;
 }
 
+void sinsp_threadinfo::set_user(uint32_t uid) {
+	m_uid = uid;
+	scap_userinfo* user = m_inspector->m_usergroup_manager.get_user(m_container_id, uid);
+	if(!user) {
+		auto notify = m_inspector->is_live() || m_inspector->is_syscall_plugin();
+		m_inspector->m_usergroup_manager
+		        .add_user(m_container_id, m_pid, uid, m_gid, {}, {}, {}, notify);
+	}
+}
+
+void sinsp_threadinfo::set_group(uint32_t gid) {
+	m_gid = gid;
+	scap_groupinfo* group = m_inspector->m_usergroup_manager.get_group(m_container_id, gid);
+	if(!group) {
+		auto notify = m_inspector->is_live() || m_inspector->is_syscall_plugin();
+		m_inspector->m_usergroup_manager.add_group(m_container_id, m_pid, gid, {}, notify);
+	}
+}
+
+void sinsp_threadinfo::set_loginuser(uint32_t loginuid) {
+	m_loginuid = loginuid;
+}
+
 scap_userinfo* sinsp_threadinfo::get_user() const {
 	auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, m_uid);
 	if(user != nullptr) {
diff --git a/userspace/libsinsp/threadinfo.h b/userspace/libsinsp/threadinfo.h
index de5ddaac92..4e15fc3b3a 100644
--- a/userspace/libsinsp/threadinfo.h
+++ b/userspace/libsinsp/threadinfo.h
@@ -376,6 +376,10 @@ class SINSP_PUBLIC sinsp_threadinfo : public libsinsp::state::table_entry {
 	 */
 	std::string get_path_for_dir_fd(int64_t dir_fd);
 
+	void set_user(uint32_t uid);
+	void set_group(uint32_t gid);
+	void set_loginuser(uint32_t loginuid);
+
 	using cgroups_t = std::vector<std::pair<std::string, std::string>>;
 	const cgroups_t& cgroups() const;
 
diff --git a/userspace/libsinsp/user.cpp b/userspace/libsinsp/user.cpp
index be597e063e..6ae8af3794 100644
--- a/userspace/libsinsp/user.cpp
+++ b/userspace/libsinsp/user.cpp
@@ -135,20 +135,6 @@ void sinsp_usergroup_manager::subscribe_container_mgr() {
 		        [&](const sinsp_container_info &cinfo) -> void {
 			        delete_container_users_groups(cinfo);
 		        });
-		// Emplace container manager listener to load users/groups from new containers
-		m_inspector->m_container_manager.subscribe_on_new_container(
-		        [&](const sinsp_container_info & /*cinfo*/, sinsp_threadinfo *tinfo) -> void {
-			        const bool notify = m_inspector->is_live() || m_inspector->is_syscall_plugin();
-			        add_user(tinfo->m_container_id,
-			                 tinfo->m_pid,
-			                 tinfo->m_uid,
-			                 tinfo->m_gid,
-			                 {},
-			                 {},
-			                 {},
-			                 notify);
-			        add_group(tinfo->m_container_id, tinfo->m_pid, tinfo->m_gid, {}, notify);
-		        });
 	}
 }