diff --git a/test/libsinsp_e2e/container/container.cpp b/test/libsinsp_e2e/container/container.cpp index a51af849f3..505fc645eb 100644 --- a/test/libsinsp_e2e/container/container.cpp +++ b/test/libsinsp_e2e/container/container.cpp @@ -113,6 +113,7 @@ TEST_F(sys_call_test, container_cgroups) { filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, libsinsp::events::sinsp_state_sc_set()); }); ASSERT_TRUE(done); @@ -180,6 +181,7 @@ TEST_F(sys_call_test, container_clone_nspid) { filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, libsinsp::events::sinsp_state_sc_set()); }); ASSERT_TRUE(done); @@ -233,6 +235,7 @@ TEST_F(sys_call_test, container_clone_nspid_ioctl) { filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, libsinsp::events::sinsp_state_sc_set()); }); ASSERT_TRUE(done); @@ -312,6 +315,7 @@ static void run_container_docker_test(bool fork_after_container_start) { filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, libsinsp::events::sinsp_state_sc_set()); }); ASSERT_TRUE(done); @@ -351,7 +355,7 @@ TEST_F(sys_call_test, container_docker_bad_socket) { return; } - before_capture_t setup = [&](sinsp* inspector) { + before_open_t setup = [&](sinsp* inspector) { inspector->set_docker_socket_path("/invalid/path"); }; @@ -407,7 +411,9 @@ TEST_F(sys_call_test, container_docker_bad_socket) { inspector->set_docker_socket_path("/var/run/docker.sock"); }; - ASSERT_NO_FATAL_FAILURE({ event_capture::run(test, callback, filter, setup, cleanup); }); + ASSERT_NO_FATAL_FAILURE({ + event_capture::run(test, callback, filter, setup, event_capture::do_nothing, cleanup); + }); ASSERT_TRUE(done); } @@ -420,7 +426,7 @@ TEST_F(sys_call_test, container_libvirt) { } // Setup phase before capture has start, to avoid generating too many events - before_capture_t setup = [](sinsp* inspector) { + before_open_t setup = [](sinsp* inspector) { FILE* f = fopen("/tmp/conf.xml", "w"); ASSERT_TRUE(f != NULL); fprintf(f, @@ -495,6 +501,7 @@ TEST_F(sys_call_test, container_libvirt) { callback, filter, setup, + event_capture::do_nothing, cleanup, libsinsp::events::sinsp_state_sc_set()); }); @@ -643,6 +650,7 @@ static void healthcheck_helper( filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, libsinsp::events::sinsp_state_sc_set()); }); @@ -684,6 +692,7 @@ static void healthcheck_tracefile_helper( filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, libsinsp::events::sinsp_state_sc_set()); }); @@ -833,7 +842,7 @@ TEST_F(sys_call_test, docker_container_large_json) { ASSERT_TRUE(dhelper.build_image() == 0); - before_capture_t before = [&](sinsp* inspector) { + before_open_t before = [&](sinsp* inspector) { inspector->set_container_labels_max_len(60000); }; @@ -892,6 +901,7 @@ TEST_F(sys_call_test, docker_container_large_json) { callback, filter, before, + event_capture::do_nothing, cleanup, libsinsp::events::sinsp_state_sc_set()); }); diff --git a/test/libsinsp_e2e/event_capture.cpp b/test/libsinsp_e2e/event_capture.cpp index e0e85542b0..83f35be67c 100644 --- a/test/libsinsp_e2e/event_capture.cpp +++ b/test/libsinsp_e2e/event_capture.cpp @@ -31,14 +31,16 @@ std::string event_capture::s_engine_path; unsigned long event_capture::s_buffer_dim = DEFAULT_DRIVER_BUFFER_BYTES_DIM * 4; event_capture::event_capture(captured_event_callback_t captured_event_callback, - before_capture_t before_open, + before_open_t before_open, + before_capture_t before_capture, after_capture_t before_close, event_filter_t filter, uint32_t max_thread_table_size, uint64_t thread_timeout_ns, uint64_t inactive_thread_scan_time_ns) { m_captured_event_callback = std::move(captured_event_callback); - m_before_capture = std::move(before_open); + m_before_open = std::move(before_open); + m_before_capture = std::move(before_capture); m_after_capture = std::move(before_close); m_filter = std::move(filter); @@ -68,7 +70,7 @@ void event_capture::start(bool dump, libsinsp::events::set& sc_set) } } } - m_before_capture(m_inspector.get()); + m_before_open(m_inspector.get()); open_engine(event_capture::get_engine(), sc_set); const ::testing::TestInfo* const test_info = @@ -84,6 +86,8 @@ void event_capture::start(bool dump, libsinsp::events::set& sc_set) 0, true); } + + m_before_capture(m_inspector.get()); m_inspector->start_capture(); } diff --git a/test/libsinsp_e2e/event_capture.h b/test/libsinsp_e2e/event_capture.h index 203ddcad39..d5acd3c2c2 100644 --- a/test/libsinsp_e2e/event_capture.h +++ b/test/libsinsp_e2e/event_capture.h @@ -46,6 +46,8 @@ class callback_param { sinsp* m_inspector; }; +// Right before inspector->open_*() gets called. +typedef std::function before_open_t; // Right before inspector->start_capture() gets called. // Engine is already opened (thus scap handle is already alive). typedef std::function before_capture_t; @@ -62,7 +64,8 @@ typedef std::function run_callback_async_t; class event_capture { public: event_capture(captured_event_callback_t captured_event_callback, - before_capture_t before_open, + before_open_t before_open, + before_capture_t before_capture, after_capture_t before_close, event_filter_t filter, uint32_t max_thread_table_size, @@ -87,7 +90,8 @@ class event_capture { static void run(const run_callback_t& run_function, captured_event_callback_t captured_event_callback, event_filter_t filter, - before_capture_t before_open = event_capture::do_nothing, + before_open_t before_open = event_capture::do_nothing, + before_capture_t before_capture = event_capture::do_nothing, after_capture_t before_close = event_capture::do_nothing, libsinsp::events::set sc_set = {}, uint32_t max_thread_table_size = 131072, @@ -96,6 +100,7 @@ class event_capture { bool dump = true) { event_capture capturing(std::move(captured_event_callback), std::move(before_open), + std::move(before_capture), std::move(before_close), std::move(filter), max_thread_table_size, @@ -125,7 +130,8 @@ class event_capture { static void run(const run_callback_async_t& run_function, captured_event_callback_t captured_event_callback, event_filter_t filter, - before_capture_t before_open = event_capture::do_nothing, + before_open_t before_open = event_capture::do_nothing, + before_capture_t before_capture = event_capture::do_nothing, after_capture_t before_close = event_capture::do_nothing, libsinsp::events::set sc_set = {}, uint32_t max_thread_table_size = 131072, @@ -134,6 +140,7 @@ class event_capture { bool dump = true) { event_capture capturing(std::move(captured_event_callback), std::move(before_open), + std::move(before_capture), std::move(before_close), std::move(filter), max_thread_table_size, @@ -176,6 +183,7 @@ class event_capture { std::unique_ptr m_dumper; event_filter_t m_filter; captured_event_callback_t m_captured_event_callback; + before_open_t m_before_open; before_capture_t m_before_capture; after_capture_t m_after_capture; callback_param m_param{}; diff --git a/test/libsinsp_e2e/forking.cpp b/test/libsinsp_e2e/forking.cpp index 4528713721..2d242dea4f 100644 --- a/test/libsinsp_e2e/forking.cpp +++ b/test/libsinsp_e2e/forking.cpp @@ -277,6 +277,7 @@ TEST_F(sys_call_test, forking_process_expired) { filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, {}, 131072, 5 * ONE_SECOND_IN_NS, @@ -579,8 +580,14 @@ TEST_F(sys_call_test, forking_clone_nofs) { after_capture_t cleanup = [&](sinsp* inspector) { free(stack); }; - ASSERT_NO_FATAL_FAILURE( - { event_capture::run(test, callback, filter, event_capture::do_nothing, cleanup); }); + ASSERT_NO_FATAL_FAILURE({ + event_capture::run(test, + callback, + filter, + event_capture::do_nothing, + event_capture::do_nothing, + cleanup); + }); EXPECT_EQ(callnum, 4); } @@ -687,8 +694,14 @@ TEST_F(sys_call_test, forking_clone_cwd) { after_capture_t cleanup = [&](sinsp* inspector) { free(stack); }; - ASSERT_NO_FATAL_FAILURE( - { event_capture::run(test, callback, filter, event_capture::do_nothing, cleanup); }); + ASSERT_NO_FATAL_FAILURE({ + event_capture::run(test, + callback, + filter, + event_capture::do_nothing, + event_capture::do_nothing, + cleanup); + }); EXPECT_EQ(3, callnum); } @@ -759,6 +772,7 @@ TEST_F(sys_call_test, forking_main_thread_exit) { filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, libsinsp::events::all_sc_set()); }); EXPECT_EQ(3, callnum); diff --git a/test/libsinsp_e2e/fs.cpp b/test/libsinsp_e2e/fs.cpp index a39211e596..69c5c47031 100644 --- a/test/libsinsp_e2e/fs.cpp +++ b/test/libsinsp_e2e/fs.cpp @@ -544,6 +544,7 @@ TEST_F(sys_call_test, fs_readv) { filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, libsinsp::events::all_sc_set()); }); @@ -1248,6 +1249,7 @@ TEST_F(sys_call_test, large_read_write) { event_capture::run(test, callback, filter, + event_capture::do_nothing, setup, event_capture::do_nothing, libsinsp::events::all_sc_set(), @@ -1367,6 +1369,7 @@ TEST_F(sys_call_test, large_readv_writev) { event_capture::run(test, callback, filter, + event_capture::do_nothing, setup, event_capture::do_nothing, libsinsp::events::all_sc_set(), diff --git a/test/libsinsp_e2e/process.cpp b/test/libsinsp_e2e/process.cpp index 7991669f41..d585e85eca 100644 --- a/test/libsinsp_e2e/process.cpp +++ b/test/libsinsp_e2e/process.cpp @@ -208,6 +208,7 @@ TEST_F(sys_call_test, process_signalfd_kill) { filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, libsinsp::events::all_sc_set()); }); @@ -349,6 +350,7 @@ TEST_F(sys_call_test, process_inotify) { filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, libsinsp::events::all_sc_set()); }); @@ -569,8 +571,14 @@ TEST_F(sys_call_test, process_prlimit) { syscall(SYS_prlimit64, getpid(), RLIMIT_NOFILE, &orirl, NULL); }; - ASSERT_NO_FATAL_FAILURE( - { event_capture::run(test, callback, filter, event_capture::do_nothing, cleanup); }); + ASSERT_NO_FATAL_FAILURE({ + event_capture::run(test, + callback, + filter, + event_capture::do_nothing, + event_capture::do_nothing, + cleanup); + }); EXPECT_EQ(6, callnum); } diff --git a/test/libsinsp_e2e/suppress_events.cpp b/test/libsinsp_e2e/suppress_events.cpp index 243c0c645a..a0f7d8b4af 100644 --- a/test/libsinsp_e2e/suppress_events.cpp +++ b/test/libsinsp_e2e/suppress_events.cpp @@ -119,6 +119,7 @@ static void test_helper_quotactl(test_helper_args& hargs) { event_capture::run(test, callback, filter, + event_capture::do_nothing, before_open, before_close, {}, @@ -289,8 +290,14 @@ void suppress_types::run_test(std::vector supp_syscalls) { } }; - ASSERT_NO_FATAL_FAILURE( - { event_capture::run(test, callback, m_tid_filter, before_open, before_close); }); + ASSERT_NO_FATAL_FAILURE({ + event_capture::run(test, + callback, + m_tid_filter, + event_capture::do_nothing, + before_open, + before_close); + }); EXPECT_EQ(m_expected_calls, callnum); } diff --git a/test/libsinsp_e2e/sys_call_test.cpp b/test/libsinsp_e2e/sys_call_test.cpp index 9c79a0482e..4f018d936a 100644 --- a/test/libsinsp_e2e/sys_call_test.cpp +++ b/test/libsinsp_e2e/sys_call_test.cpp @@ -189,7 +189,8 @@ TEST_F(sys_call_test, fcntl_getfd_dropping) { captured_event_callback_t callback = [&](const callback_param& param) { callnum++; }; - ASSERT_NO_FATAL_FAILURE({ event_capture::run(test, callback, filter, setup); }); + ASSERT_NO_FATAL_FAILURE( + { event_capture::run(test, callback, filter, event_capture::do_nothing, setup); }); EXPECT_EQ(0, callnum); } @@ -220,7 +221,8 @@ TEST_F(sys_call_test, bind_error_dropping) { captured_event_callback_t callback = [&](const callback_param& param) { callnum++; }; - ASSERT_NO_FATAL_FAILURE({ event_capture::run(test, callback, filter, setup); }); + ASSERT_NO_FATAL_FAILURE( + { event_capture::run(test, callback, filter, event_capture::do_nothing, setup); }); EXPECT_EQ(1, callnum); } @@ -271,7 +273,8 @@ TEST_F(sys_call_test, close_badfd_dropping) { } }; - ASSERT_NO_FATAL_FAILURE({ event_capture::run(test, callback, filter, setup); }); + ASSERT_NO_FATAL_FAILURE( + { event_capture::run(test, callback, filter, event_capture::do_nothing, setup); }); EXPECT_EQ(0, callnum); } @@ -502,6 +505,7 @@ TEST_F(sys_call_test, timerfd) { filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, libsinsp::events::all_sc_set()); }); @@ -547,7 +551,8 @@ TEST_F(sys_call_test, timestamp) { } }; - ASSERT_NO_FATAL_FAILURE({ event_capture::run(test, callback, filter, setup); }); + ASSERT_NO_FATAL_FAILURE( + { event_capture::run(test, callback, filter, event_capture::do_nothing, setup); }); EXPECT_EQ((int)(sizeof(timestampv) / sizeof(timestampv[0])), callnum); } @@ -1083,7 +1088,9 @@ TEST_F(sys_call_test32, execve_ia32_emulation) { } } }; - ASSERT_NO_FATAL_FAILURE({ event_capture::run(test, callback, filter, before_open); }); + ASSERT_NO_FATAL_FAILURE({ + event_capture::run(test, callback, filter, event_capture::do_nothing, before_open); + }); EXPECT_EQ(8, callnum); } @@ -1718,7 +1725,9 @@ TEST_F(sys_call_test32, failing_execve) { } } }; - ASSERT_NO_FATAL_FAILURE({ event_capture::run(test, callback, filter, before_open); }); + ASSERT_NO_FATAL_FAILURE({ + event_capture::run(test, callback, filter, event_capture::do_nothing, before_open); + }); EXPECT_EQ(10, callnum); } diff --git a/test/libsinsp_e2e/tcp_client_server.cpp b/test/libsinsp_e2e/tcp_client_server.cpp index 23e861849e..8558070a82 100644 --- a/test/libsinsp_e2e/tcp_client_server.cpp +++ b/test/libsinsp_e2e/tcp_client_server.cpp @@ -273,6 +273,7 @@ void runtest(iotype iot, event_capture::run(test, callback, filter, + event_capture::do_nothing, before, event_capture::do_nothing, libsinsp::events::all_sc_set(), @@ -371,6 +372,7 @@ TEST_F(sys_call_test, tcp_client_server_with_connection_before_capturing_starts) filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, {}, 131072, (uint64_t)60 * 1000 * 1000 * 1000, diff --git a/test/libsinsp_e2e/tcp_client_server_ipv4_mapped.cpp b/test/libsinsp_e2e/tcp_client_server_ipv4_mapped.cpp index f60d306226..a7648ba48e 100644 --- a/test/libsinsp_e2e/tcp_client_server_ipv4_mapped.cpp +++ b/test/libsinsp_e2e/tcp_client_server_ipv4_mapped.cpp @@ -570,6 +570,7 @@ void runtest_ipv4m(iotype iot, filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, {}, 131072, (uint64_t)60 * 1000 * 1000 * 1000, diff --git a/test/libsinsp_e2e/udp_client_server.cpp b/test/libsinsp_e2e/udp_client_server.cpp index 9c57ce0187..439bee079b 100644 --- a/test/libsinsp_e2e/udp_client_server.cpp +++ b/test/libsinsp_e2e/udp_client_server.cpp @@ -772,7 +772,9 @@ static void run_fd_name_changed_test(bool use_sendmsg, } }; - ASSERT_NO_FATAL_FAILURE({ event_capture::run(test, callback, filter, before_open); }); + ASSERT_NO_FATAL_FAILURE({ + event_capture::run(test, callback, filter, event_capture::do_nothing, before_open); + }); ASSERT_EQ(num_name_changed_evts, expected_name_changed_evts); } @@ -872,7 +874,9 @@ TEST_F(sys_call_test, udp_client_server_multiple_connect_name_changed) { } }; - ASSERT_NO_FATAL_FAILURE({ event_capture::run(test, callback, filter, before_open); }); + ASSERT_NO_FATAL_FAILURE({ + event_capture::run(test, callback, filter, event_capture::do_nothing, before_open); + }); // Every connect should result in a name changed event other than the duplicate port. ASSERT_EQ(num_name_changed_evts, 4u); @@ -938,7 +942,8 @@ TEST_F(sys_call_test, statsd_client_snaplen) { n++; }; - ASSERT_NO_FATAL_FAILURE({ event_capture::run(test, callback, filter, setup); }); + ASSERT_NO_FATAL_FAILURE( + { event_capture::run(test, callback, filter, event_capture::do_nothing, setup); }); EXPECT_EQ(4, n); } diff --git a/test/libsinsp_e2e/unix_client_server.cpp b/test/libsinsp_e2e/unix_client_server.cpp index e123ab0aad..0e9f0de51e 100644 --- a/test/libsinsp_e2e/unix_client_server.cpp +++ b/test/libsinsp_e2e/unix_client_server.cpp @@ -254,6 +254,7 @@ TEST_F(sys_call_test, unix_client_server) { filter, event_capture::do_nothing, event_capture::do_nothing, + event_capture::do_nothing, libsinsp::events::sinsp_state_sc_set()); }); EXPECT_FALSE(first_connect_or_accept_seen); diff --git a/userspace/libsinsp/runc.cpp b/userspace/libsinsp/runc.cpp index a565e77e7b..a631ab4a3a 100644 --- a/userspace/libsinsp/runc.cpp +++ b/userspace/libsinsp/runc.cpp @@ -43,7 +43,8 @@ inline static bool endswith(const std::string &s, const std::string &suffix) { inline static bool is_host(const std::string &cgroup) { // A good approximation to minize false-positives is to exclude systemd suffixes. if(endswith(cgroup, ".scope")) { - if(cgroup.find("crio-") != std::string::npos) { + if(cgroup.find("crio-") != std::string::npos || + cgroup.find("docker-") != std::string::npos) { return false; } return true;