Documentation ¶
Index ¶
- func GetContainerIdFromTaskDir(taskPath string) (string, error)
- func RuntimeInfoService(sockets runtime.Sockets) runtimeInfoService
- type CgroupInfo
- type Containers
- func (c *Containers) CgroupExists(cgroupId uint64) bool
- func (c *Containers) CgroupMkdir(cgroupId uint64, subPath string, hierarchyID uint32) (CgroupInfo, error)
- func (c *Containers) CgroupRemove(cgroupId uint64, hierarchyID uint32)
- func (c *Containers) CgroupUpdate(cgroupId uint64, path string, ctime time.Time) (CgroupInfo, error)
- func (c *Containers) Close() error
- func (c *Containers) EnrichCgroupInfo(cgroupId uint64) (cruntime.ContainerMetadata, error)
- func (c *Containers) FindContainerCgroupID32LSB(containerID string) []uint32
- func (c *Containers) GetCgroupInfo(cgroupId uint64) CgroupInfo
- func (c *Containers) GetCgroupVersion() cgroup.CgroupVersion
- func (c *Containers) GetContainers() map[uint32]CgroupInfo
- func (c *Containers) GetDefaultCgroupHierarchyID() int
- func (c *Containers) Populate() error
- func (c *Containers) PopulateBpfMap(bpfModule *libbpfgo.Module) error
- func (c *Containers) RemoveFromBpfMap(bpfModule *libbpfgo.Module, cgroupId uint64, hierarchyID uint32) error
- type PathResolver
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetContainerIdFromTaskDir ¶
GetContainerIdFromTaskDir gets a containerID from a given task or process directory path
func RuntimeInfoService ¶ added in v0.8.0
RuntimeInfoService initializes a service which can register enrichers for container runtimes
Types ¶
type CgroupInfo ¶
type CgroupInfo struct { Path string Container cruntime.ContainerMetadata Runtime cruntime.RuntimeId Ctime time.Time // contains filtered or unexported fields }
CgroupInfo represents a cgroup dir (might describe a container cgroup dir).
type Containers ¶
type Containers struct {
// contains filtered or unexported fields
}
Containers contains information about running containers in the host.
func New ¶ added in v0.8.1
func New( cgroups *cgroup.Cgroups, sockets cruntime.Sockets, mapName string, debug bool, ) ( *Containers, error, )
New initializes a Containers object and returns a pointer to it. User should further call "Populate" and iterate with Containers data.
func (*Containers) CgroupExists ¶
func (c *Containers) CgroupExists(cgroupId uint64) bool
CgroupExists checks if there is a cgroupInfo data of a given cgroupId.
func (*Containers) CgroupMkdir ¶
func (c *Containers) CgroupMkdir(cgroupId uint64, subPath string, hierarchyID uint32) (CgroupInfo, error)
CgroupMkdir adds cgroupInfo of a created cgroup dir to Containers struct.
func (*Containers) CgroupRemove ¶
func (c *Containers) CgroupRemove(cgroupId uint64, hierarchyID uint32)
CgroupRemove removes cgroupInfo of deleted cgroup dir from Containers struct. NOTE: Expiration logic of 5 seconds to avoid race conditions (if cgroup dir event arrives too fast and its cgroupInfo data is still needed).
func (*Containers) CgroupUpdate ¶
func (c *Containers) CgroupUpdate(cgroupId uint64, path string, ctime time.Time) (CgroupInfo, error)
CgroupUpdate checks if given path belongs to a known container runtime, saving container information in Containers CgroupInfo map. NOTE: ALL given cgroup dir paths are stored in CgroupInfo map.
func (*Containers) Close ¶ added in v0.8.1
func (c *Containers) Close() error
Close executes cleanup logic for Containers object
func (*Containers) EnrichCgroupInfo ¶ added in v0.8.0
func (c *Containers) EnrichCgroupInfo(cgroupId uint64) (cruntime.ContainerMetadata, error)
EnrichCgroupInfo checks for a given cgroupId if it is relevant to some running container it then calls the runtime info service to gather additional data from the container's runtime it returns the retrieved metadata and a relevant error this function shouldn't be called twice for the same cgroupId unless attempting a retry
func (*Containers) FindContainerCgroupID32LSB ¶
func (c *Containers) FindContainerCgroupID32LSB(containerID string) []uint32
FindContainerCgroupID32LSB returns the 32 LSB of the Cgroup ID for a given container ID
func (*Containers) GetCgroupInfo ¶
func (c *Containers) GetCgroupInfo(cgroupId uint64) CgroupInfo
GetCgroupInfo returns the Containers struct cgroupInfo data of a given cgroupId.
func (*Containers) GetCgroupVersion ¶ added in v0.10.0
func (c *Containers) GetCgroupVersion() cgroup.CgroupVersion
func (*Containers) GetContainers ¶
func (c *Containers) GetContainers() map[uint32]CgroupInfo
GetContainers provides a list of all existing containers.
func (*Containers) GetDefaultCgroupHierarchyID ¶ added in v0.10.0
func (c *Containers) GetDefaultCgroupHierarchyID() int
func (*Containers) Populate ¶
func (c *Containers) Populate() error
Populate populates Containers struct by reading mounted proc and cgroups fs.
func (*Containers) PopulateBpfMap ¶
func (c *Containers) PopulateBpfMap(bpfModule *libbpfgo.Module) error
func (*Containers) RemoveFromBpfMap ¶
type PathResolver ¶ added in v0.8.1
type PathResolver struct {
// contains filtered or unexported fields
}
PathResolver generates an accessible absolute path from the root mount namespace to a relative path in a container. **NOTE**: to resolve host mount namespace, tracee reads from /proc/1/ns, requiring CAP_SYS_PTRACE capability.
func InitPathResolver ¶ added in v0.8.1
func InitPathResolver(mountNSPIDsCache *bucketscache.BucketsCache) PathResolver
InitPathResolver create a resolver for paths from within containers.
func (PathResolver) ResolveAbsolutePath ¶ added in v0.8.1
func (cPathRes PathResolver) ResolveAbsolutePath(mountNSAbsolutePath string, mountNS int) (string, error)
ResolveAbsolutePath resolves an absolute path, which might be inside a container, to an absolute path within the host mount namespace.