new(sinsp-example): add gvisor support

Signed-off-by: Andrea Terzolo <[email protected]>
falcosecurity · Dec 5, 2024 · e2ae71e · e2ae71e
1 parent 9bf9463
commit e2ae71e
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 4 deletions.
diff --git a/userspace/libscap/engine/gvisor/CMakeLists.txt b/userspace/libscap/engine/gvisor/CMakeLists.txt
@@ -60,10 +60,10 @@ add_library(
 	scap_engine_gvisor ${scap_engine_gvisor_sources} ${scap_engine_gvisor_generated_sources}
 )
 
-add_dependencies(scap_engine_gvisor uthash jsoncpp)
+add_dependencies(scap_engine_gvisor uthash jsoncpp scap_event_schema)
 target_link_libraries(
 	scap_engine_gvisor PUBLIC scap_platform_util scap_error ${CMAKE_THREAD_LIBS_INIT}
-							  ${PROTOBUF_LIB} ${JSONCPP_LIB}
+							  ${PROTOBUF_LIB} ${JSONCPP_LIB} scap_event_schema
 )
 
 target_include_directories(scap_engine_gvisor PRIVATE ${CMAKE_CURRENT_BINARY_DIR})

diff --git a/userspace/libsinsp/examples/test.cpp b/userspace/libsinsp/examples/test.cpp
@@ -59,6 +59,7 @@ static string engine_string;
 static string filter_string = "";
 static string file_path = "";
 static string bpf_path = "";
+static string gvisor_config_path = "/etc/docker/runsc_falco_config.json";
 static unsigned long buffer_bytes_dim = DEFAULT_DRIVER_BUFFER_BYTES_DIM;
 static uint64_t max_events = UINT64_MAX;
 static std::shared_ptr<sinsp_plugin> plugin;
@@ -110,6 +111,7 @@ Overview: Goal of sinsp-example binary is to test and debug sinsp functionality
   -b <path>, --bpf <path>                    BPF probe.
   -m, --modern_bpf                           modern BPF probe.
   -k, --kmod                                 Kernel module
+  -G <config_path>, --gvisor <config_path>   Gvisor engine
   -s <path>, --scap_file <path>              Scap file
   -p <path>, --plugin <path>                 Plugin. Path can follow the pattern "filepath.so|init_cfg|open_params".
   -d <dim>, --buffer_dim <dim>               Dimension in bytes that every per-CPU buffer will have.
@@ -155,13 +157,17 @@ void parse_CLI_options(sinsp& inspector, int argc, char** argv) {
 	                                       {"remove-io-sc-state", no_argument, 0, 'q'},
 	                                       {"enable-glogger", no_argument, 0, 'g'},
 	                                       {"raw", no_argument, 0, 'r'},
+	                                       {"gvisor", optional_argument, 0, 'G'},
 	                                       {0, 0, 0, 0}};
 
 	bool format_set = false;
 	int op;
 	int long_index = 0;
-	while((op = getopt_long(argc, argv, "hf:jab:mks:p:d:o:En:zxqgr", long_options, &long_index)) !=
-	      -1) {
+	while((op = getopt_long(argc,
+	                        argv,
+	                        "hf:jab:mks:p:d:o:En:zxqgrG::",
+	                        long_options,
+	                        &long_index)) != -1) {
 		switch(op) {
 		case 'h':
 			usage();
@@ -186,6 +192,12 @@ void parse_CLI_options(sinsp& inspector, int argc, char** argv) {
 			select_engine(BPF_ENGINE);
 			bpf_path = optarg;
 			break;
+		case 'G':
+			engine_string = GVISOR_ENGINE;
+			if(optarg != nullptr) {
+				gvisor_config_path = optarg;
+			}
+			break;
 		case 'm':
 			select_engine(MODERN_BPF_ENGINE);
 			break;
@@ -349,6 +361,11 @@ void open_engine(sinsp& inspector, libsinsp::events::set<ppm_sc_code> events_sc_
 		                      plugin->id() == 0 ? sinsp_plugin_platform::SINSP_PLATFORM_FULL
 		                                        : sinsp_plugin_platform::SINSP_PLATFORM_HOSTINFO);
 	}
+#endif
+#ifdef HAS_ENGINE_GVISOR
+	else if(!engine_string.compare(GVISOR_ENGINE)) {
+		inspector.open_gvisor(gvisor_config_path, "", false, -1);
+	}
 #endif
 	else {
 		std::cerr << "Unknown engine" << std::endl;