Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update the host of docs in logs #1565

Closed
wants to merge 112 commits into from

Conversation

dxsup
Copy link

@dxsup dxsup commented Dec 12, 2023

No description provided.

jcpittman144 and others added 30 commits October 6, 2021 18:08
…ailable

If Linux kernel is built with CONFIG_AUDIT=n, /proc loginuid file is not
available to provide the loginuid of the process.  Instead of failing to
add process into libscap thread table, record process loginuid=-1 instead.
Changes to support tracking how a container was configured with an
initial user and make that info available as user.name for
CONTAINER_JSON events:

1. Add a "container user" field m_container_user to container_info. By
default, the value is "<NA>".
2. In the docker and cri container engine resolvers, parse any
configured user info out of the json response and set
m_container_user.
3. Serialize the parsed username to the json blob that comprises a
CONTAINER_JSON event, and parse it out of the json blob when parsing a
CONTAINER_JSON event.
4. When creating the fake threadinfo that is attached to a container
event, also set m_exe to "container:<id>".
5. For the proc.name filtercheck, if the event type is container_json,
return not the thread uid but the container user.

This ends up being more robust in the face of containers where the
initial process might exec and then setuid than a different user. This
tracks the configured user rather than the uids of processes in the
container, which might change.
- Support terminating scan after specified timeout
- Support periodic log messages to report progress
- API to specify timeout, log interval, and log function
- Add last PID and total FDs processed, to /proc scan progress messages
- Enhance scap_open args and logic to record debug_log_fn and parameters
- Reworked /proc scan to reduce complexity and nesting depth
- Pass through API to specify log/timeout parameters to libscap /proc scan
This should explain the purpose of this class better
Rootless podman containers have multiple sockets (one per user
account), and we don't really want to spawn a separate thread
for each user.

This means that we can no longer use a single CURL handle but need
to create a new one for each individual request.
All the platform-specific code from docker_async_source is moved
to a new docker_connection class. The interface is almost identical,
so keep a single header file with two separate implementation files
(one for Linux, one for Windows).
This is a private implementation detail of the connection
class. Also, this fixes a but where (on Windows) we appended
`?size=true` to the wrong place in the request (to the Host
header, not the URL).
We need full control over the request to make this method
suitable for putting in a base class.
All the code after the initial docker container detection
is platform-agnostic and can be moved to a base class.
Now we're ready to make clean OS-specific subclasses.
They have different interfaces and different implementations,
keeping both under the same name doesn't really avoid
any duplication
Since it's very similar to Docker (modulo some quirks handled by
the previous commit), it inherits almos all the code from `docker_base`.

The cgroup detection for non-root containers is done manually
and due to the limitations of our driver (not easily bypassed),
we have to fall back to parsing cgroups files manually.
When opening a capture based on a fd (e.g. sinsp::fdopen), we cannot
reopen the capture by simply calling close/open_int, as gzclose()
at the end of the call chain originating from close() closes the file
descriptor and we cannot access it again.

So when we're reopening a fd-based capture, dup() the original fd,
lseek() it to the beginning and substitute it for the closed one.
If a container is started e.g. as `docker.io/library/httpd`,
this is what ends up in container.m_image. Then we match m_image
against the names on the container image list, but they always
have a tag, e.g. `docker.io/library/httpd:latest` so they won't
match the name without a tag.

Fix it by:
- defaulting to the `latest` tag a bit earlier (before fetching
  the image list)
- using repo + ':' + tag as the string to match to always have
  the tag in the name to compare
yhsmer and others added 13 commits February 17, 2023 14:30
support low kernel versions which do not support raw tracepoints
Signed-off-by: jundizhou <[email protected]>
* fix wrong cpu runqueue latency

Signed-off-by: sanyangji <[email protected]>

* fix wrong logic for focus events

Signed-off-by: sanyangji <[email protected]>

* remove useless codes and add comments

Signed-off-by: sanyangji <[email protected]>

* remove useless codes

Signed-off-by: sanyangji <[email protected]>

* update comments

Signed-off-by: sanyangji <[email protected]>

* refactor codes for cpu analysis

Signed-off-by: sanyangji <[email protected]>

* fix wrong time

Signed-off-by: sanyangji <[email protected]>

* refactor

Signed-off-by: sanyangji <[email protected]>

---------

Signed-off-by: sanyangji <[email protected]>
* add sendmmsg eBPF support

Signed-off-by: sanyangji <[email protected]>

* add sendmmsg kernel module support

Signed-off-by: sanyangji <[email protected]>

* fix

Signed-off-by: sanyangji <[email protected]>

* ignore incompatible-pointer-types-discards-qualifiers

Signed-off-by: sanyangji <[email protected]>

* fix data overwrite

Signed-off-by: sanyangji <[email protected]>

---------

Signed-off-by: sanyangji <[email protected]>
Signed-off-by: sanyangji <[email protected]>
* init workflow of driver build

* add workflow for drivers build

Signed-off-by: sanyangji <[email protected]>

* support workflow_dispatch trigger

Signed-off-by: sanyangji <[email protected]>

* refactor by action

Signed-off-by: sanyangji <[email protected]>

* add build mode to avoid race

Signed-off-by: sanyangji <[email protected]>

* remove directory prefix

Signed-off-by: sanyangji <[email protected]>

* separate package and check part from action.yml

Signed-off-by: sanyangji <[email protected]>

* add checklist for test

Signed-off-by: sanyangji <[email protected]>

* optimize build test

Signed-off-by: sanyangji <[email protected]>

---------

Signed-off-by: sanyangji <[email protected]>
* test

Signed-off-by: jundizhou <[email protected]>

* add delete

Signed-off-by: jundizhou <[email protected]>

---------

Signed-off-by: jundizhou <[email protected]>
@poiana
Copy link
Contributor

poiana commented Dec 12, 2023

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@poiana
Copy link
Contributor

poiana commented Dec 12, 2023

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dxsup
Once this PR has been reviewed and has the lgtm label, please assign leogr for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana
Copy link
Contributor

poiana commented Dec 12, 2023

Thanks for your pull request. Before we can look at it, you'll need to add a 'DCO signoff' to your commits.

📝 Please follow instructions in the contributing guide to update your commits with the DCO

Full details of the Developer Certificate of Origin can be found at developercertificate.org.

The list of commits missing DCO signoff:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@poiana
Copy link
Contributor

poiana commented Dec 12, 2023

Welcome @dxsup! It looks like this is your first PR to falcosecurity/libs 🎉

@poiana
Copy link
Contributor

poiana commented Dec 12, 2023

Adding label do-not-merge/contains-merge-commits because PR contains merge commits, which are not allowed in this repository.
Use git rebase to reapply your commits on top of the target branch. Detailed instructions for doing so can be found here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@poiana poiana requested review from gnosek and hbrueckner December 12, 2023 02:51
Copy link

github-actions bot commented Dec 12, 2023

Please double check driver/API_VERSION file. See versioning.

/hold

@dxsup dxsup deleted the update-docs-host branch December 12, 2023 02:51
@dxsup dxsup restored the update-docs-host branch December 12, 2023 02:52
@dxsup dxsup deleted the update-docs-host branch December 12, 2023 02:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.