Skip to content
Permalink

Comparing changes

This is a direct comparison between two commits made in this repository or its related repositories. View the default comparison for this range or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: falcosecurity/libs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 7c3c3604bd97304a90b715f36725c98f9c7fe805
Choose a base ref
..
head repository: falcosecurity/libs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: b0e0a9083ed106d0975fcf4416523f1f4b8419a1
Choose a head ref
Showing with 15 additions and 22 deletions.
  1. +15 −19 userspace/libsinsp/container_engine/containerd.cpp
  2. +0 −3 userspace/libsinsp/container_engine/containerd.h
34 changes: 15 additions & 19 deletions userspace/libsinsp/container_engine/containerd.cpp
View file
Original file line number Diff line number Diff line change
@@ -52,6 +52,10 @@ containerd_interface::containerd_interface(const std::string &socket_path) {
auto deadline = std::chrono::system_clock::now() +
std::chrono::milliseconds(libsinsp::cri::cri_settings::get_cri_timeout());

Check warning on line 53 in userspace/libsinsp/container_engine/containerd.cpp

Codecov / codecov/patch

userspace/libsinsp/container_engine/containerd.cpp#L53 

Added line #L53 was not covered by tests
context.set_deadline(deadline);

// The `default` namesapce is the default one of containerd
// and the one used by host-containers in bottlerocket.
// This is mandatory to query the containers.
context.AddMetadata("containerd-namespace", "default");
grpc::Status status = m_stub->List(&context, req, &resp);

@@ -71,12 +75,9 @@ grpc::Status containerd_interface::list_container_resp(
ContainerdService::ListContainersResponse &resp) {
ContainerdService::ListContainersRequest req;

Check warning on line 76 in userspace/libsinsp/container_engine/containerd.cpp

Codecov / codecov/patch

userspace/libsinsp/container_engine/containerd.cpp#L76 

Added line #L76 was not covered by tests

std::string filter("id~=");
// REPORTED_CONTAINERD_ID_LENGTH = 12
filter.reserve(16);
filter.append(container_id);

req.add_filters(filter);
// To match the container using a truncated containerd id
// we need to use a match filter (~=).
req.add_filters("id~=" + container_id);
grpc::ClientContext context;
context.AddMetadata("containerd-namespace", "default");
auto deadline = std::chrono::system_clock::now() +
@@ -85,18 +86,6 @@ grpc::Status containerd_interface::list_container_resp(
return m_stub->List(&context, req, &resp);
}

grpc::Status containerd_interface::get_container_resp(
const std::string &container_id,
ContainerdService::GetContainerResponse &resp) {
ContainerdService::GetContainerRequest req;
req.set_id(container_id);
grpc::ClientContext context;
auto deadline = std::chrono::system_clock::now() +
std::chrono::milliseconds(libsinsp::cri::cri_settings::get_cri_timeout());
context.set_deadline(deadline);
return m_stub->Get(&context, req, &resp);
}

libsinsp::container_engine::containerd::containerd(container_cache_interface &cache):
container_engine_base(cache) {
for(const auto &p : CONTAINERD_SOCKETS) {
@@ -150,27 +139,33 @@ bool libsinsp::container_engine::containerd::parse_containerd(sinsp_container_in
return false;
}

// Usually the image has this form: `docker.io/library/ubuntu:22.04`
auto raw_image_splits = sinsp_split(containers[0].image(), ':');

container.m_id = container_id;
container.m_full_id = containers[0].id();
// We assume that the last `/`-separated field is the image
container.m_image = raw_image_splits[0].substr(raw_image_splits[0].rfind("/") + 1);
// and the first part is the repo
container.m_imagerepo = raw_image_splits[0].substr(0, raw_image_splits[0].rfind("/"));
container.m_imagetag = raw_image_splits[1];
container.m_image = raw_image_splits[0].substr(raw_image_splits[0].rfind("/") + 1);
container.m_imagedigest = "";
container.m_type = CT_CONTAINERD;

Check warning on line 153 in userspace/libsinsp/container_engine/containerd.cpp

Codecov / codecov/patch

userspace/libsinsp/container_engine/containerd.cpp#L153 

Added line #L153 was not covered by tests

// Retrieve the labels.
for(const auto &pair : containers[0].labels()) {
if(pair.second.length() <= sinsp_container_info::m_container_label_max_length) {
container.m_labels[pair.first] = pair.second;
}
}

// The spec field keeps the information about the mounts.
Json::Value spec;
Json::Reader reader;
// The spec field of the response is just a raw json.
reader.parse(containers[0].spec().value(), spec);

// Retrieve the mounts.
for(const auto &m : spec["mounts"]) {
bool readonly = false;

Check warning on line 170 in userspace/libsinsp/container_engine/containerd.cpp

Codecov / codecov/patch

userspace/libsinsp/container_engine/containerd.cpp#L170 

Added line #L170 was not covered by tests
std::string mode;
@@ -189,6 +184,7 @@ bool libsinsp::container_engine::containerd::parse_containerd(sinsp_container_in
spec["linux"]["rootfsPropagation"].asString());
}

// Retrieve the env.
for(const auto &env : spec["process"]["env"]) {
container.m_env.emplace_back(env.asString());
}
3 changes: 0 additions & 3 deletions userspace/libsinsp/container_engine/containerd.h
View file
Original file line number Diff line number Diff line change
@@ -37,9 +37,6 @@ class containerd_interface {
grpc::Status list_container_resp(const std::string &container_id,
ContainerdService::ListContainersResponse &resp);

grpc::Status get_container_resp(const std::string &container_id,
ContainerdService::GetContainerResponse &resp);

bool is_ok();

private: