From 43754cadac553468c8b0f3e54c3e80c6a7e85e04 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Tue, 19 Nov 2024 13:04:52 +0100 Subject: [PATCH 1/3] cleanup(userspace/libsinsp): drop user and group infos embedded in threadinfo. Only store `uid`, `gid` and `loginuid` info. Signed-off-by: Federico Di Pierro --- userspace/libsinsp/parsers.cpp | 61 ++------- .../libsinsp/sinsp_filtercheck_group.cpp | 8 +- userspace/libsinsp/sinsp_filtercheck_user.cpp | 16 ++- .../libsinsp/test/parsers/parse_setregid.cpp | 4 +- .../libsinsp/test/parsers/parse_setreuid.cpp | 4 +- userspace/libsinsp/threadinfo.cpp | 128 +++++++----------- userspace/libsinsp/threadinfo.h | 83 +++--------- userspace/libsinsp/user.cpp | 14 ++ 8 files changed, 115 insertions(+), 203 deletions(-) diff --git a/userspace/libsinsp/parsers.cpp b/userspace/libsinsp/parsers.cpp index 1c119dad7e..895480d723 100644 --- a/userspace/libsinsp/parsers.cpp +++ b/userspace/libsinsp/parsers.cpp @@ -1240,7 +1240,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) { default: ASSERT(false); } - child_tinfo->set_user(uid); + child_tinfo->m_uid = uid; /* gid */ int32_t gid = 0; @@ -1267,7 +1267,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) { default: ASSERT(false); } - child_tinfo->set_group(gid); + child_tinfo->m_gid = gid; /* Set cgroups and heuristically detect container id */ switch(etype) { @@ -1311,7 +1311,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) { child_tinfo->m_tty = caller_tinfo->m_tty; - child_tinfo->m_loginuser = caller_tinfo->m_loginuser; + child_tinfo->m_loginuid = caller_tinfo->m_loginuid; child_tinfo->m_cap_permitted = caller_tinfo->m_cap_permitted; @@ -1349,13 +1349,6 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) { return; } - /* Refresh user / loginuser / group */ - if(new_child->m_container_id.empty() == false) { - new_child->set_user(new_child->m_user.uid()); - new_child->set_loginuser(new_child->m_loginuser.uid()); - new_child->set_group(new_child->m_group.gid()); - } - /* If there's a listener, invoke it */ if(m_inspector->get_observer()) { m_inspector->get_observer()->on_clone(evt, new_child.get(), tid_collision); @@ -1626,7 +1619,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) { child_tinfo->m_tty = lookup_tinfo->m_tty; - child_tinfo->m_loginuser = lookup_tinfo->m_loginuser; + child_tinfo->m_loginuid = lookup_tinfo->m_loginuid; child_tinfo->m_cap_permitted = lookup_tinfo->m_cap_permitted; @@ -1767,7 +1760,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) { default: ASSERT(false); } - child_tinfo->set_user(uid); + child_tinfo->m_uid = uid; /* gid */ int32_t gid = 0; @@ -1794,7 +1787,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) { default: ASSERT(false); } - child_tinfo->set_group(gid); + child_tinfo->m_gid = gid; /* Set cgroups and heuristically detect container id */ switch(etype) { @@ -1840,13 +1833,6 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) { */ evt->set_tinfo(new_child.get()); - /* Refresh user / loginuser / group */ - if(new_child->m_container_id.empty() == false) { - new_child->set_user(new_child->m_user.uid()); - new_child->set_loginuser(new_child->m_loginuser.uid()); - new_child->set_group(new_child->m_group.gid()); - } - // // If there's a listener, invoke it // @@ -2227,7 +2213,7 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) { // Get the loginuid if(evt->get_num_params() > 18) { - evt->get_tinfo()->set_loginuser(evt->get_param(18)->as()); + evt->get_tinfo()->m_loginuid = evt->get_param(18)->as(); } // Get execve flags @@ -2273,7 +2259,7 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) { // Get uid if(evt->get_num_params() > 26) { - evt->get_tinfo()->m_user.set_uid(evt->get_param(26)->as()); + evt->get_tinfo()->m_uid = evt->get_param(26)->as(); } // Get pgid @@ -2316,16 +2302,6 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) { // evt->get_tinfo()->compute_program_hash(); - // - // Refresh user / loginuser / group - // if we happen to change container id - // - if(container_id != evt->get_tinfo()->m_container_id) { - evt->get_tinfo()->set_user(evt->get_tinfo()->m_user.uid()); - evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuser.uid()); - evt->get_tinfo()->set_group(evt->get_tinfo()->m_group.gid()); - } - // // If there's a listener, invoke it // @@ -4517,7 +4493,7 @@ void sinsp_parser::parse_setresuid_exit(sinsp_evt *evt) { if(new_euid < std::numeric_limits::max()) { sinsp_threadinfo *ti = evt->get_thread_info(); if(ti) { - ti->set_user(new_euid); + ti->m_uid = new_euid; } } } @@ -4537,7 +4513,7 @@ void sinsp_parser::parse_setreuid_exit(sinsp_evt *evt) { if(new_euid < std::numeric_limits::max()) { sinsp_threadinfo *ti = evt->get_thread_info(); if(ti) { - ti->set_user(new_euid); + ti->m_uid = new_euid; } } } @@ -4558,7 +4534,7 @@ void sinsp_parser::parse_setresgid_exit(sinsp_evt *evt) { if(new_egid < std::numeric_limits::max()) { sinsp_threadinfo *ti = evt->get_thread_info(); if(ti) { - ti->set_group(new_egid); + ti->m_gid = new_egid; } } } @@ -4578,7 +4554,7 @@ void sinsp_parser::parse_setregid_exit(sinsp_evt *evt) { if(new_egid < std::numeric_limits::max()) { sinsp_threadinfo *ti = evt->get_thread_info(); if(ti) { - ti->set_group(new_egid); + ti->m_gid = new_egid; } } } @@ -4597,7 +4573,7 @@ void sinsp_parser::parse_setuid_exit(sinsp_evt *evt) { uint32_t new_euid = enter_evt->get_param(0)->as(); sinsp_threadinfo *ti = evt->get_thread_info(); if(ti) { - ti->set_user(new_euid); + ti->m_uid = new_euid; } } } @@ -4615,7 +4591,7 @@ void sinsp_parser::parse_setgid_exit(sinsp_evt *evt) { uint32_t new_egid = enter_evt->get_param(0)->as(); sinsp_threadinfo *ti = evt->get_thread_info(); if(ti) { - ti->set_group(new_egid); + ti->m_gid = new_egid; } } } @@ -5070,15 +5046,6 @@ void sinsp_parser::parse_chroot_exit(sinsp_evt *evt) { m_inspector->m_container_manager.resolve_container( evt->get_tinfo(), m_inspector->is_live() || m_inspector->is_syscall_plugin()); - // - // Refresh user / loginuser / group - // if we happen to change container id - // - if(container_id != evt->get_tinfo()->m_container_id) { - evt->get_tinfo()->set_user(evt->get_tinfo()->m_user.uid()); - evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuser.uid()); - evt->get_tinfo()->set_group(evt->get_tinfo()->m_group.gid()); - } } } diff --git a/userspace/libsinsp/sinsp_filtercheck_group.cpp b/userspace/libsinsp/sinsp_filtercheck_group.cpp index da25214643..6fa8072ac0 100644 --- a/userspace/libsinsp/sinsp_filtercheck_group.cpp +++ b/userspace/libsinsp/sinsp_filtercheck_group.cpp @@ -67,11 +67,13 @@ uint8_t* sinsp_filter_check_group::extract_single(sinsp_evt* evt, switch(m_field_id) { case TYPE_GID: - m_gid = tinfo->m_group.gid(); + m_gid = tinfo->m_gid; RETURN_EXTRACT_VAR(m_gid); - case TYPE_NAME: - m_name = tinfo->m_group.name(); + case TYPE_NAME: { + auto group = tinfo->get_group(); + m_name = group->name; RETURN_EXTRACT_STRING(m_name); + } default: ASSERT(false); break; diff --git a/userspace/libsinsp/sinsp_filtercheck_user.cpp b/userspace/libsinsp/sinsp_filtercheck_user.cpp index a64f1091a3..9cfc551bc8 100644 --- a/userspace/libsinsp/sinsp_filtercheck_user.cpp +++ b/userspace/libsinsp/sinsp_filtercheck_user.cpp @@ -100,27 +100,29 @@ uint8_t* sinsp_filter_check_user::extract_single(sinsp_evt* evt, RETURN_EXTRACT_STRING(container_info->m_container_user); } + auto user = tinfo->get_user(); + auto loginuser = tinfo->get_loginuser(); switch(m_field_id) { case TYPE_UID: - m_val.u32 = tinfo->m_user.uid(); + m_val.u32 = tinfo->m_uid; RETURN_EXTRACT_VAR(m_val.u32); case TYPE_NAME: - m_strval = tinfo->m_user.name(); + m_strval = user->name; RETURN_EXTRACT_STRING(m_strval); case TYPE_HOMEDIR: - m_strval = tinfo->m_user.homedir(); + m_strval = user->homedir; RETURN_EXTRACT_STRING(m_strval); case TYPE_SHELL: - m_strval = tinfo->m_user.shell(); + m_strval = user->shell; RETURN_EXTRACT_STRING(m_strval); case TYPE_LOGINUID: m_val.s64 = (int64_t)-1; - if(tinfo->m_loginuser.uid() < UINT32_MAX) { - m_val.s64 = (int64_t)tinfo->m_loginuser.uid(); + if(tinfo->m_loginuid < UINT32_MAX) { + m_val.s64 = (int64_t)tinfo->m_loginuid; } RETURN_EXTRACT_VAR(m_val.s64); case TYPE_LOGINNAME: - m_strval = tinfo->m_loginuser.name(); + m_strval = loginuser->name; RETURN_EXTRACT_STRING(m_strval); default: ASSERT(false); diff --git a/userspace/libsinsp/test/parsers/parse_setregid.cpp b/userspace/libsinsp/test/parsers/parse_setregid.cpp index e281b17f3d..26a7b135b9 100644 --- a/userspace/libsinsp/test/parsers/parse_setregid.cpp +++ b/userspace/libsinsp/test/parsers/parse_setregid.cpp @@ -33,7 +33,7 @@ TEST_F(sinsp_with_test_input, SETREGID_failure) { sinsp_threadinfo* ti = m_inspector.get_thread_ref(p2_t2_tid, false).get(); ASSERT_TRUE(ti); - ASSERT_TRUE(ti->m_user.gid() == 0); + ASSERT_TRUE(ti->m_gid == 0); } TEST_F(sinsp_with_test_input, SETREGID_success) { @@ -50,5 +50,5 @@ TEST_F(sinsp_with_test_input, SETREGID_success) { sinsp_threadinfo* ti = m_inspector.get_thread_ref(p2_t2_tid, false).get(); ASSERT_TRUE(ti); - ASSERT_TRUE(ti->m_user.gid() == 1337); + ASSERT_TRUE(ti->m_gid == 1337); } diff --git a/userspace/libsinsp/test/parsers/parse_setreuid.cpp b/userspace/libsinsp/test/parsers/parse_setreuid.cpp index 1dc2a4d3a6..3d723000a3 100644 --- a/userspace/libsinsp/test/parsers/parse_setreuid.cpp +++ b/userspace/libsinsp/test/parsers/parse_setreuid.cpp @@ -33,7 +33,7 @@ TEST_F(sinsp_with_test_input, SETREUID_failure) { sinsp_threadinfo* ti = m_inspector.get_thread_ref(p2_t2_tid, false).get(); ASSERT_TRUE(ti); - ASSERT_TRUE(ti->m_user.uid() == 0); + ASSERT_TRUE(ti->m_uid == 0); } TEST_F(sinsp_with_test_input, SETREUID_success) { @@ -50,5 +50,5 @@ TEST_F(sinsp_with_test_input, SETREUID_success) { sinsp_threadinfo* ti = m_inspector.get_thread_ref(p2_t2_tid, false).get(); ASSERT_TRUE(ti); - ASSERT_TRUE(ti->m_user.uid() == 1337); + ASSERT_TRUE(ti->m_uid == 1337); } diff --git a/userspace/libsinsp/threadinfo.cpp b/userspace/libsinsp/threadinfo.cpp index b7fe4a2d17..6ccd261111 100644 --- a/userspace/libsinsp/threadinfo.cpp +++ b/userspace/libsinsp/threadinfo.cpp @@ -118,6 +118,9 @@ void sinsp_threadinfo::init() { m_ptid = (uint64_t)-1LL; m_vpgid = (uint64_t)-1LL; m_pgid = (uint64_t)-1LL; + m_uid = 0xffffffff; + m_gid = 0xffffffff; + m_loginuid = 0xffffffff; set_lastevent_data_validity(false); m_reaper_tid = -1; m_not_expired_children = 0; @@ -506,77 +509,9 @@ void sinsp_threadinfo::init(scap_threadinfo* pi) { this, m_inspector->is_live() || m_inspector->is_syscall_plugin()); - set_group(pi->gid); - set_user(pi->uid); - set_loginuser((uint32_t)pi->loginuid); -} - -void sinsp_threadinfo::set_user(uint32_t uid) { - scap_userinfo* user = m_inspector->m_usergroup_manager.get_user(m_container_id, uid); - if(!user) { - auto notify = m_inspector->is_live() || m_inspector->is_syscall_plugin(); - user = m_inspector->m_usergroup_manager - .add_user(m_container_id, m_pid, uid, m_group.gid(), {}, {}, {}, notify); - } - - if(user) { - m_user.set_uid(user->uid); - m_user.set_gid(m_group.gid()); - - if(m_inspector->is_user_details_enabled()) { - m_user.set_name(user->name, strnlen(user->name, MAX_CREDENTIALS_STR_LEN)); - m_user.set_homedir(user->homedir, strnlen(user->homedir, MAX_CREDENTIALS_STR_LEN)); - m_user.set_shell(user->shell, strnlen(user->shell, MAX_CREDENTIALS_STR_LEN)); - } - } else { - // No need to set name/homedir/shell, the default values from - // sinsp_userinfo are going to be used. - m_user.set_uid(uid); - m_user.set_gid(m_group.gid()); - } -} - -void sinsp_threadinfo::set_group(uint32_t gid) { - scap_groupinfo* group = m_inspector->m_usergroup_manager.get_group(m_container_id, gid); - if(!group) { - auto notify = m_inspector->is_live() || m_inspector->is_syscall_plugin(); - group = m_inspector->m_usergroup_manager.add_group(m_container_id, m_pid, gid, {}, notify); - } - if(group) { - m_group.set_gid(group->gid); - - if(m_inspector->is_user_details_enabled()) { - m_group.set_name(group->name, strnlen(group->name, MAX_CREDENTIALS_STR_LEN)); - } - } else { - // No need to set name/homedir/shell, the default values from - // sinsp_userinfo are going to be used. - m_group.set_gid(gid); - } - m_user.set_gid(m_group.gid()); -} - -void sinsp_threadinfo::set_loginuser(uint32_t loginuid) { - scap_userinfo* login_user = m_inspector->m_usergroup_manager.get_user(m_container_id, loginuid); - - if(login_user) { - m_loginuser.set_uid(login_user->uid); - m_loginuser.set_gid(m_group.gid()); - - if(m_inspector->is_user_details_enabled()) { - m_loginuser.set_name(login_user->name, - strnlen(login_user->name, MAX_CREDENTIALS_STR_LEN)); - m_loginuser.set_homedir(login_user->homedir, - strnlen(login_user->homedir, MAX_CREDENTIALS_STR_LEN)); - m_loginuser.set_shell(login_user->shell, - strnlen(login_user->shell, MAX_CREDENTIALS_STR_LEN)); - } - } else { - // No need to set name/homedir/shell, the default values from - // sinsp_userinfo are going to be used. - m_loginuser.set_uid(loginuid); - m_loginuser.set_gid(m_group.gid()); - } + m_uid = pi->uid; + m_gid = pi->gid; + m_loginuid = ((uint32_t)pi->loginuid); } const sinsp_threadinfo::cgroups_t& sinsp_threadinfo::cgroups() const { @@ -595,6 +530,45 @@ std::string sinsp_threadinfo::get_exepath() const { return m_exepath; } +scap_userinfo* sinsp_threadinfo::get_user() const { + auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, m_uid); + if(user != nullptr) { + return user; + } + static scap_userinfo usr{}; + usr.uid = m_uid; + usr.gid = m_gid; + strlcpy(usr.name, m_uid == 0 ? "root" : "", sizeof(usr.name)); + strlcpy(usr.homedir, m_uid == 0 ? "/root" : "", sizeof(usr.homedir)); + strlcpy(usr.shell, "", sizeof(usr.shell)); + return &usr; +} + +scap_groupinfo* sinsp_threadinfo::get_group() const { + auto group = m_inspector->m_usergroup_manager.get_group(m_container_id, m_gid); + if(group != nullptr) { + return group; + } + static scap_groupinfo grp = {}; + grp.gid = m_gid; + strlcpy(grp.name, m_gid == 0 ? "root" : "", sizeof(grp.name)); + return &grp; +} + +scap_userinfo* sinsp_threadinfo::get_loginuser() const { + auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, m_loginuid); + if(user != nullptr) { + return user; + } + static scap_userinfo usr{}; + usr.uid = m_loginuid; + usr.gid = m_gid; + strlcpy(usr.name, m_loginuid == 0 ? "root" : "", sizeof(usr.name)); + strlcpy(usr.homedir, m_loginuid == 0 ? "/root" : "", sizeof(usr.homedir)); + strlcpy(usr.shell, "", sizeof(usr.shell)); + return &usr; +} + void sinsp_threadinfo::set_args(const char* args, size_t len) { if(len > 0 && args[len - 1] == '\0') { len--; @@ -1778,8 +1752,8 @@ void sinsp_thread_manager::thread_to_scap(sinsp_threadinfo& tinfo, scap_threadin sctinfo->flags = tinfo.m_flags; sctinfo->fdlimit = tinfo.m_fdlimit; - sctinfo->uid = tinfo.m_user.uid(); - sctinfo->gid = tinfo.m_group.gid(); + sctinfo->uid = tinfo.m_uid; + sctinfo->gid = tinfo.m_gid; sctinfo->vmsize_kb = tinfo.m_vmsize_kb; sctinfo->vmrss_kb = tinfo.m_vmrss_kb; sctinfo->vmswap_kb = tinfo.m_vmswap_kb; @@ -1788,7 +1762,7 @@ void sinsp_thread_manager::thread_to_scap(sinsp_threadinfo& tinfo, scap_threadin sctinfo->vtid = tinfo.m_vtid; sctinfo->vpid = tinfo.m_vpid; sctinfo->fdlist = NULL; - sctinfo->loginuid = tinfo.m_loginuser.uid(); + sctinfo->loginuid = tinfo.m_loginuid; sctinfo->filtered_out = tinfo.m_filtered_out; } @@ -2010,9 +1984,9 @@ const threadinfo_map_t::ptr_t& sinsp_thread_manager::get_thread_ref(int64_t tid, newti->m_not_expired_children = 0; newti->m_comm = ""; newti->m_exe = ""; - newti->m_user.set_uid(0xffffffff); - newti->m_group.set_gid(0xffffffff); - newti->m_loginuser.set_uid(0xffffffff); + newti->m_uid = 0xffffffff; + newti->m_gid = 0xffffffff; + newti->m_loginuid = 0xffffffff; } // diff --git a/userspace/libsinsp/threadinfo.h b/userspace/libsinsp/threadinfo.h index f14a04f841..de5ddaac92 100644 --- a/userspace/libsinsp/threadinfo.h +++ b/userspace/libsinsp/threadinfo.h @@ -62,64 +62,6 @@ struct erase_fd_params { */ class SINSP_PUBLIC sinsp_threadinfo : public libsinsp::state::table_entry { public: - class sinsp_userinfo { - public: - sinsp_userinfo() { - m_uid = 0xffffffff; - m_gid = 0xffffffff; - } - uint32_t uid() const { return m_uid; } - uint32_t gid() const { return m_gid; } - std::string name() const { - if(m_name.empty()) { - return (m_uid == 0) ? "root" : ""; - } else { - return m_name; - } - }; - std::string homedir() const { - if(m_homedir.empty()) { - return (m_uid == 0) ? "/root" : ""; - } else { - return m_homedir; - } - }; - std::string shell() const { return m_shell.empty() ? "" : m_shell; }; - - void set_uid(uint32_t uid) { m_uid = uid; }; - void set_gid(uint32_t gid) { m_gid = gid; }; - void set_name(char* name, size_t length) { m_name.assign(name, length); }; - void set_homedir(char* homedir, size_t length) { m_homedir.assign(homedir, length); }; - void set_shell(char* shell, size_t length) { m_shell.assign(shell, length); }; - - private: - uint32_t m_uid; ///< User ID - uint32_t m_gid; ///< Group ID - std::string m_name; ///< Username - std::string m_homedir; ///< Home directory - std::string m_shell; ///< Shell program - }; - - class sinsp_groupinfo { - public: - sinsp_groupinfo() { m_gid = 0xffffffff; } - uint32_t gid() const { return m_gid; }; - std::string name() const { - if(m_name.empty()) { - return (m_gid == 0) ? "root" : ""; - } else { - return m_name; - } - }; - - void set_gid(uint32_t gid) { m_gid = gid; }; - void set_name(char* name, size_t length) { m_name.assign(name, length); }; - - private: - uint32_t m_gid; ///< Group ID - std::string m_name; ///< Group name - }; - sinsp_threadinfo(sinsp* inspector = nullptr, const std::shared_ptr& dyn_fields = nullptr); @@ -142,6 +84,21 @@ class SINSP_PUBLIC sinsp_threadinfo : public libsinsp::state::table_entry { */ std::string get_exepath() const; + /*! + \brief Return the full info about thread uid. + */ + scap_userinfo* get_user() const; + + /*! + \brief Return the full info about thread gid. + */ + scap_groupinfo* get_group() const; + + /*! + \brief Return the full info about thread loginuid. + */ + scap_userinfo* get_loginuser() const; + /*! \brief Return the working directory of the process containing this thread. */ @@ -419,10 +376,6 @@ class SINSP_PUBLIC sinsp_threadinfo : public libsinsp::state::table_entry { */ std::string get_path_for_dir_fd(int64_t dir_fd); - void set_user(uint32_t uid); - void set_group(uint32_t gid); - void set_loginuser(uint32_t loginuid); - using cgroups_t = std::vector>; const cgroups_t& cgroups() const; @@ -449,9 +402,9 @@ class SINSP_PUBLIC sinsp_threadinfo : public libsinsp::state::table_entry { std::string m_container_id; ///< heuristic-based container id uint32_t m_flags; ///< The thread flags. See the PPM_CL_* declarations in ppm_events_public.h. int64_t m_fdlimit; ///< The maximum number of FDs this thread can open - sinsp_userinfo m_user; ///< user infos - sinsp_userinfo m_loginuser; ///< loginuser infos (auid) - sinsp_groupinfo m_group; ///< group infos + uint32_t m_uid; ///< uid + uint32_t m_gid; ///< gid + uint32_t m_loginuid; ///< loginuid uint64_t m_cap_permitted; ///< permitted capabilities uint64_t m_cap_effective; ///< effective capabilities uint64_t m_cap_inheritable; ///< inheritable capabilities diff --git a/userspace/libsinsp/user.cpp b/userspace/libsinsp/user.cpp index 6ae8af3794..be597e063e 100644 --- a/userspace/libsinsp/user.cpp +++ b/userspace/libsinsp/user.cpp @@ -135,6 +135,20 @@ void sinsp_usergroup_manager::subscribe_container_mgr() { [&](const sinsp_container_info &cinfo) -> void { delete_container_users_groups(cinfo); }); + // Emplace container manager listener to load users/groups from new containers + m_inspector->m_container_manager.subscribe_on_new_container( + [&](const sinsp_container_info & /*cinfo*/, sinsp_threadinfo *tinfo) -> void { + const bool notify = m_inspector->is_live() || m_inspector->is_syscall_plugin(); + add_user(tinfo->m_container_id, + tinfo->m_pid, + tinfo->m_uid, + tinfo->m_gid, + {}, + {}, + {}, + notify); + add_group(tinfo->m_container_id, tinfo->m_pid, tinfo->m_gid, {}, notify); + }); } } From 62dc2159bcb84365f0d0e1f7ed2444884812afdc Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Tue, 19 Nov 2024 14:28:15 +0100 Subject: [PATCH 2/3] fix(userspace/libsinsp): minimize master changes to preserve same behavior. Signed-off-by: Federico Di Pierro --- userspace/libsinsp/parsers.cpp | 61 ++++++++++++++++++++++++------- userspace/libsinsp/threadinfo.cpp | 29 +++++++++++++-- userspace/libsinsp/threadinfo.h | 4 ++ userspace/libsinsp/user.cpp | 14 ------- 4 files changed, 77 insertions(+), 31 deletions(-) diff --git a/userspace/libsinsp/parsers.cpp b/userspace/libsinsp/parsers.cpp index 895480d723..5975a75331 100644 --- a/userspace/libsinsp/parsers.cpp +++ b/userspace/libsinsp/parsers.cpp @@ -1240,7 +1240,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) { default: ASSERT(false); } - child_tinfo->m_uid = uid; + child_tinfo->set_user(uid); /* gid */ int32_t gid = 0; @@ -1267,7 +1267,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) { default: ASSERT(false); } - child_tinfo->m_gid = gid; + child_tinfo->set_group(gid); /* Set cgroups and heuristically detect container id */ switch(etype) { @@ -1311,7 +1311,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) { child_tinfo->m_tty = caller_tinfo->m_tty; - child_tinfo->m_loginuid = caller_tinfo->m_loginuid; + child_tinfo->set_loginuser(caller_tinfo->m_loginuid); child_tinfo->m_cap_permitted = caller_tinfo->m_cap_permitted; @@ -1349,6 +1349,13 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) { return; } + /* Refresh user / loginuser / group */ + if(new_child->m_container_id.empty() == false) { + new_child->set_group(new_child->m_gid); + new_child->set_user(new_child->m_uid); + new_child->set_loginuser(new_child->m_loginuid); + } + /* If there's a listener, invoke it */ if(m_inspector->get_observer()) { m_inspector->get_observer()->on_clone(evt, new_child.get(), tid_collision); @@ -1619,7 +1626,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) { child_tinfo->m_tty = lookup_tinfo->m_tty; - child_tinfo->m_loginuid = lookup_tinfo->m_loginuid; + child_tinfo->set_loginuser(lookup_tinfo->m_loginuid); child_tinfo->m_cap_permitted = lookup_tinfo->m_cap_permitted; @@ -1760,7 +1767,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) { default: ASSERT(false); } - child_tinfo->m_uid = uid; + child_tinfo->set_user(uid); /* gid */ int32_t gid = 0; @@ -1787,7 +1794,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) { default: ASSERT(false); } - child_tinfo->m_gid = gid; + child_tinfo->set_group(gid); /* Set cgroups and heuristically detect container id */ switch(etype) { @@ -1833,6 +1840,13 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) { */ evt->set_tinfo(new_child.get()); + /* Refresh user / loginuser / group */ + if(new_child->m_container_id.empty() == false) { + new_child->set_group(new_child->m_gid); + new_child->set_user(new_child->m_uid); + new_child->set_loginuser(new_child->m_loginuid); + } + // // If there's a listener, invoke it // @@ -2213,7 +2227,7 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) { // Get the loginuid if(evt->get_num_params() > 18) { - evt->get_tinfo()->m_loginuid = evt->get_param(18)->as(); + evt->get_tinfo()->set_loginuser(evt->get_param(18)->as()); } // Get execve flags @@ -2259,7 +2273,7 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) { // Get uid if(evt->get_num_params() > 26) { - evt->get_tinfo()->m_uid = evt->get_param(26)->as(); + evt->get_tinfo()->set_user(evt->get_param(26)->as()); } // Get pgid @@ -2302,6 +2316,16 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) { // evt->get_tinfo()->compute_program_hash(); + // + // Refresh user / loginuser / group + // if we happen to change container id + // + if(container_id != evt->get_tinfo()->m_container_id) { + evt->get_tinfo()->set_group(evt->get_tinfo()->m_gid); + evt->get_tinfo()->set_user(evt->get_tinfo()->m_uid); + evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuid); + } + // // If there's a listener, invoke it // @@ -4493,7 +4517,7 @@ void sinsp_parser::parse_setresuid_exit(sinsp_evt *evt) { if(new_euid < std::numeric_limits::max()) { sinsp_threadinfo *ti = evt->get_thread_info(); if(ti) { - ti->m_uid = new_euid; + ti->set_user(new_euid); } } } @@ -4513,7 +4537,7 @@ void sinsp_parser::parse_setreuid_exit(sinsp_evt *evt) { if(new_euid < std::numeric_limits::max()) { sinsp_threadinfo *ti = evt->get_thread_info(); if(ti) { - ti->m_uid = new_euid; + ti->set_user(new_euid); } } } @@ -4534,7 +4558,7 @@ void sinsp_parser::parse_setresgid_exit(sinsp_evt *evt) { if(new_egid < std::numeric_limits::max()) { sinsp_threadinfo *ti = evt->get_thread_info(); if(ti) { - ti->m_gid = new_egid; + ti->set_group(new_egid); } } } @@ -4554,7 +4578,7 @@ void sinsp_parser::parse_setregid_exit(sinsp_evt *evt) { if(new_egid < std::numeric_limits::max()) { sinsp_threadinfo *ti = evt->get_thread_info(); if(ti) { - ti->m_gid = new_egid; + ti->set_group(new_egid); } } } @@ -4573,7 +4597,7 @@ void sinsp_parser::parse_setuid_exit(sinsp_evt *evt) { uint32_t new_euid = enter_evt->get_param(0)->as(); sinsp_threadinfo *ti = evt->get_thread_info(); if(ti) { - ti->m_uid = new_euid; + ti->set_user(new_euid); } } } @@ -4591,7 +4615,7 @@ void sinsp_parser::parse_setgid_exit(sinsp_evt *evt) { uint32_t new_egid = enter_evt->get_param(0)->as(); sinsp_threadinfo *ti = evt->get_thread_info(); if(ti) { - ti->m_gid = new_egid; + ti->set_group(new_egid); } } } @@ -5046,6 +5070,15 @@ void sinsp_parser::parse_chroot_exit(sinsp_evt *evt) { m_inspector->m_container_manager.resolve_container( evt->get_tinfo(), m_inspector->is_live() || m_inspector->is_syscall_plugin()); + // + // Refresh user / loginuser / group + // if we happen to change container id + // + if(container_id != evt->get_tinfo()->m_container_id) { + evt->get_tinfo()->set_group(evt->get_tinfo()->m_gid); + evt->get_tinfo()->set_user(evt->get_tinfo()->m_uid); + evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuid); + } } } diff --git a/userspace/libsinsp/threadinfo.cpp b/userspace/libsinsp/threadinfo.cpp index 6ccd261111..c60c0a6010 100644 --- a/userspace/libsinsp/threadinfo.cpp +++ b/userspace/libsinsp/threadinfo.cpp @@ -509,9 +509,9 @@ void sinsp_threadinfo::init(scap_threadinfo* pi) { this, m_inspector->is_live() || m_inspector->is_syscall_plugin()); - m_uid = pi->uid; - m_gid = pi->gid; - m_loginuid = ((uint32_t)pi->loginuid); + set_group(pi->gid); + set_user(pi->uid); + set_loginuser((uint32_t)pi->loginuid); } const sinsp_threadinfo::cgroups_t& sinsp_threadinfo::cgroups() const { @@ -530,6 +530,29 @@ std::string sinsp_threadinfo::get_exepath() const { return m_exepath; } +void sinsp_threadinfo::set_user(uint32_t uid) { + m_uid = uid; + scap_userinfo* user = m_inspector->m_usergroup_manager.get_user(m_container_id, uid); + if(!user) { + auto notify = m_inspector->is_live() || m_inspector->is_syscall_plugin(); + m_inspector->m_usergroup_manager + .add_user(m_container_id, m_pid, uid, m_gid, {}, {}, {}, notify); + } +} + +void sinsp_threadinfo::set_group(uint32_t gid) { + m_gid = gid; + scap_groupinfo* group = m_inspector->m_usergroup_manager.get_group(m_container_id, gid); + if(!group) { + auto notify = m_inspector->is_live() || m_inspector->is_syscall_plugin(); + m_inspector->m_usergroup_manager.add_group(m_container_id, m_pid, gid, {}, notify); + } +} + +void sinsp_threadinfo::set_loginuser(uint32_t loginuid) { + m_loginuid = loginuid; +} + scap_userinfo* sinsp_threadinfo::get_user() const { auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, m_uid); if(user != nullptr) { diff --git a/userspace/libsinsp/threadinfo.h b/userspace/libsinsp/threadinfo.h index de5ddaac92..4e15fc3b3a 100644 --- a/userspace/libsinsp/threadinfo.h +++ b/userspace/libsinsp/threadinfo.h @@ -376,6 +376,10 @@ class SINSP_PUBLIC sinsp_threadinfo : public libsinsp::state::table_entry { */ std::string get_path_for_dir_fd(int64_t dir_fd); + void set_user(uint32_t uid); + void set_group(uint32_t gid); + void set_loginuser(uint32_t loginuid); + using cgroups_t = std::vector>; const cgroups_t& cgroups() const; diff --git a/userspace/libsinsp/user.cpp b/userspace/libsinsp/user.cpp index be597e063e..6ae8af3794 100644 --- a/userspace/libsinsp/user.cpp +++ b/userspace/libsinsp/user.cpp @@ -135,20 +135,6 @@ void sinsp_usergroup_manager::subscribe_container_mgr() { [&](const sinsp_container_info &cinfo) -> void { delete_container_users_groups(cinfo); }); - // Emplace container manager listener to load users/groups from new containers - m_inspector->m_container_manager.subscribe_on_new_container( - [&](const sinsp_container_info & /*cinfo*/, sinsp_threadinfo *tinfo) -> void { - const bool notify = m_inspector->is_live() || m_inspector->is_syscall_plugin(); - add_user(tinfo->m_container_id, - tinfo->m_pid, - tinfo->m_uid, - tinfo->m_gid, - {}, - {}, - {}, - notify); - add_group(tinfo->m_container_id, tinfo->m_pid, tinfo->m_gid, {}, notify); - }); } } From 0791a6d5602368267823b30399ee8df5c4c5beb9 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Wed, 27 Nov 2024 12:30:23 +0100 Subject: [PATCH 3/3] chore(userspace/libsinsp): address review comments. Signed-off-by: Federico Di Pierro Co-authored-by: Andrea Terzolo --- userspace/libsinsp/parsers.cpp | 18 +++++++----------- userspace/libsinsp/threadinfo.cpp | 30 ++++++++++++------------------ userspace/libsinsp/threadinfo.h | 4 +++- 3 files changed, 22 insertions(+), 30 deletions(-) diff --git a/userspace/libsinsp/parsers.cpp b/userspace/libsinsp/parsers.cpp index 5975a75331..16cf2791c4 100644 --- a/userspace/libsinsp/parsers.cpp +++ b/userspace/libsinsp/parsers.cpp @@ -1311,7 +1311,7 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) { child_tinfo->m_tty = caller_tinfo->m_tty; - child_tinfo->set_loginuser(caller_tinfo->m_loginuid); + child_tinfo->set_loginuid(caller_tinfo->m_loginuid); child_tinfo->m_cap_permitted = caller_tinfo->m_cap_permitted; @@ -1349,11 +1349,10 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) { return; } - /* Refresh user / loginuser / group */ + /* Refresh user / group */ if(new_child->m_container_id.empty() == false) { new_child->set_group(new_child->m_gid); new_child->set_user(new_child->m_uid); - new_child->set_loginuser(new_child->m_loginuid); } /* If there's a listener, invoke it */ @@ -1626,7 +1625,7 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) { child_tinfo->m_tty = lookup_tinfo->m_tty; - child_tinfo->set_loginuser(lookup_tinfo->m_loginuid); + child_tinfo->set_loginuid(lookup_tinfo->m_loginuid); child_tinfo->m_cap_permitted = lookup_tinfo->m_cap_permitted; @@ -1840,11 +1839,10 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) { */ evt->set_tinfo(new_child.get()); - /* Refresh user / loginuser / group */ + /* Refresh user / group */ if(new_child->m_container_id.empty() == false) { new_child->set_group(new_child->m_gid); new_child->set_user(new_child->m_uid); - new_child->set_loginuser(new_child->m_loginuid); } // @@ -2227,7 +2225,7 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) { // Get the loginuid if(evt->get_num_params() > 18) { - evt->get_tinfo()->set_loginuser(evt->get_param(18)->as()); + evt->get_tinfo()->set_loginuid(evt->get_param(18)->as()); } // Get execve flags @@ -2317,13 +2315,12 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) { evt->get_tinfo()->compute_program_hash(); // - // Refresh user / loginuser / group + // Refresh user / group // if we happen to change container id // if(container_id != evt->get_tinfo()->m_container_id) { evt->get_tinfo()->set_group(evt->get_tinfo()->m_gid); evt->get_tinfo()->set_user(evt->get_tinfo()->m_uid); - evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuid); } // @@ -5071,13 +5068,12 @@ void sinsp_parser::parse_chroot_exit(sinsp_evt *evt) { evt->get_tinfo(), m_inspector->is_live() || m_inspector->is_syscall_plugin()); // - // Refresh user / loginuser / group + // Refresh user / group // if we happen to change container id // if(container_id != evt->get_tinfo()->m_container_id) { evt->get_tinfo()->set_group(evt->get_tinfo()->m_gid); evt->get_tinfo()->set_user(evt->get_tinfo()->m_uid); - evt->get_tinfo()->set_loginuser(evt->get_tinfo()->m_loginuid); } } } diff --git a/userspace/libsinsp/threadinfo.cpp b/userspace/libsinsp/threadinfo.cpp index c60c0a6010..9766b1d837 100644 --- a/userspace/libsinsp/threadinfo.cpp +++ b/userspace/libsinsp/threadinfo.cpp @@ -511,7 +511,7 @@ void sinsp_threadinfo::init(scap_threadinfo* pi) { set_group(pi->gid); set_user(pi->uid); - set_loginuser((uint32_t)pi->loginuid); + set_loginuid((uint32_t)pi->loginuid); } const sinsp_threadinfo::cgroups_t& sinsp_threadinfo::cgroups() const { @@ -549,24 +549,28 @@ void sinsp_threadinfo::set_group(uint32_t gid) { } } -void sinsp_threadinfo::set_loginuser(uint32_t loginuid) { +void sinsp_threadinfo::set_loginuid(uint32_t loginuid) { m_loginuid = loginuid; } -scap_userinfo* sinsp_threadinfo::get_user() const { - auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, m_uid); +scap_userinfo* sinsp_threadinfo::get_user(uint32_t id) const { + auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, id); if(user != nullptr) { return user; } static scap_userinfo usr{}; - usr.uid = m_uid; + usr.uid = id; usr.gid = m_gid; - strlcpy(usr.name, m_uid == 0 ? "root" : "", sizeof(usr.name)); - strlcpy(usr.homedir, m_uid == 0 ? "/root" : "", sizeof(usr.homedir)); + strlcpy(usr.name, id == 0 ? "root" : "", sizeof(usr.name)); + strlcpy(usr.homedir, id == 0 ? "/root" : "", sizeof(usr.homedir)); strlcpy(usr.shell, "", sizeof(usr.shell)); return &usr; } +scap_userinfo* sinsp_threadinfo::get_user() const { + return get_user(m_uid); +} + scap_groupinfo* sinsp_threadinfo::get_group() const { auto group = m_inspector->m_usergroup_manager.get_group(m_container_id, m_gid); if(group != nullptr) { @@ -579,17 +583,7 @@ scap_groupinfo* sinsp_threadinfo::get_group() const { } scap_userinfo* sinsp_threadinfo::get_loginuser() const { - auto user = m_inspector->m_usergroup_manager.get_user(m_container_id, m_loginuid); - if(user != nullptr) { - return user; - } - static scap_userinfo usr{}; - usr.uid = m_loginuid; - usr.gid = m_gid; - strlcpy(usr.name, m_loginuid == 0 ? "root" : "", sizeof(usr.name)); - strlcpy(usr.homedir, m_loginuid == 0 ? "/root" : "", sizeof(usr.homedir)); - strlcpy(usr.shell, "", sizeof(usr.shell)); - return &usr; + return get_user(m_loginuid); } void sinsp_threadinfo::set_args(const char* args, size_t len) { diff --git a/userspace/libsinsp/threadinfo.h b/userspace/libsinsp/threadinfo.h index 4e15fc3b3a..8998ff38e8 100644 --- a/userspace/libsinsp/threadinfo.h +++ b/userspace/libsinsp/threadinfo.h @@ -378,7 +378,7 @@ class SINSP_PUBLIC sinsp_threadinfo : public libsinsp::state::table_entry { void set_user(uint32_t uid); void set_group(uint32_t gid); - void set_loginuser(uint32_t loginuid); + void set_loginuid(uint32_t loginuid); using cgroups_t = std::vector>; const cgroups_t& cgroups() const; @@ -608,6 +608,8 @@ class SINSP_PUBLIC sinsp_threadinfo : public libsinsp::state::table_entry { uint32_t& alen, std::string& rem) const; + scap_userinfo* get_user(uint32_t id) const; + // // Parameters that can't be accessed directly because they could be in the // parent thread info