Documentation ¶
Index ¶
- Variables
- func GetContainerIdFromTaskDir(taskPath string) (string, error)
- func RuntimeInfoService(sockets runtime.Sockets) runtimeInfoService
- type CgroupInfo
- type ContainerPathResolver
- type Containers
- func (c *Containers) CgroupExists(cgroupId uint64) bool
- func (c *Containers) CgroupMkdir(cgroupId uint64, subPath string, hierarchyID uint32) (CgroupInfo, error)
- func (c *Containers) CgroupRemove(cgroupId uint64, hierarchyID uint32)
- func (c *Containers) Close() error
- func (c *Containers) EnrichCgroupInfo(cgroupId uint64) (cruntime.ContainerMetadata, error)
- func (c *Containers) FindContainerCgroupID32LSB(containerID string) ([]uint32, error)
- func (c *Containers) GetCgroupInfo(cgroupId uint64) CgroupInfo
- func (c *Containers) GetCgroupVersion() cgroup.CgroupVersion
- func (c *Containers) GetContainers() map[uint32]CgroupInfo
- func (c *Containers) GetDefaultCgroupHierarchyID() int
- func (c *Containers) Populate() error
- func (c *Containers) PopulateBpfMap(bpfModule *libbpfgo.Module) error
- func (c *Containers) RemoveFromBPFMap(bpfModule *libbpfgo.Module, cgroupId uint64, hierarchyID uint32) error
- type SignaturesDataSource
- func (ctx SignaturesDataSource) Get(key interface{}) (map[string]interface{}, error)
- func (ctx SignaturesDataSource) ID() string
- func (ctx SignaturesDataSource) Keys() []string
- func (ctx SignaturesDataSource) Namespace() string
- func (ctx SignaturesDataSource) Schema() string
- func (ctx SignaturesDataSource) Version() uint
Constants ¶
This section is empty.
Variables ¶
var ( ErrContainerFSUnreachable = errors.New("container file system is unreachable in mount namespace because there are not living children") ErrNonAbsolutePath = errors.New("file path is not absolute in its container mount point") )
Functions ¶
func GetContainerIdFromTaskDir ¶
GetContainerIdFromTaskDir gets a containerID from a given task or process directory path.
func RuntimeInfoService ¶
RuntimeInfoService initializes a service which can register enrichers for container runtimes
Types ¶
type CgroupInfo ¶
type CgroupInfo struct { Path string Container cruntime.ContainerMetadata Runtime cruntime.RuntimeId ContainerRoot bool // is the cgroup directory the root of its container Ctime time.Time Dead bool // is the cgroup deleted // contains filtered or unexported fields }
CgroupInfo represents a cgroup dir (might describe a container cgroup dir).
type ContainerPathResolver ¶
type ContainerPathResolver struct {
// contains filtered or unexported fields
}
ContainerPathResolver generates an accessible absolute path from the root mount namespace to a relative path in a container. **NOTE**: to resolve host mount namespace, tracee reads from /proc/1/ns, requiring CAP_SYS_PTRACE capability.
func InitContainerPathResolver ¶
func InitContainerPathResolver(mountNSPIDsCache *bucketscache.BucketsCache) *ContainerPathResolver
InitContainerPathResolver creates a resolver for paths from within containers.
func (*ContainerPathResolver) GetHostAbsPath ¶
func (cPathRes *ContainerPathResolver) GetHostAbsPath(mountNSAbsolutePath string, mountNS int) ( string, error, )
GetHostAbsPath translates an absolute path, which might be inside a container, to the correspondent abs path in the host mount namespace.
type Containers ¶
type Containers struct {
// contains filtered or unexported fields
}
Containers contains information about running containers in the host.
func New ¶
func New( noContainersEnrich bool, cgroups *cgroup.Cgroups, sockets cruntime.Sockets, mapName string, ) ( *Containers, error, )
New initializes a Containers object and returns a pointer to it. User should further call "Populate" and iterate with Containers data.
func (*Containers) CgroupExists ¶
func (c *Containers) CgroupExists(cgroupId uint64) bool
CgroupExists checks if there is a cgroupInfo data of a given cgroupId.
func (*Containers) CgroupMkdir ¶
func (c *Containers) CgroupMkdir(cgroupId uint64, subPath string, hierarchyID uint32) (CgroupInfo, error)
CgroupMkdir adds cgroupInfo of a created cgroup dir to Containers struct.
func (*Containers) CgroupRemove ¶
func (c *Containers) CgroupRemove(cgroupId uint64, hierarchyID uint32)
CgroupRemove removes cgroupInfo of deleted cgroup dir from Containers struct. There is an expiration logic of 30 seconds to avoid race conditions (if cgroup dir event arrives too fast and its cgroupInfo data is still needed).
func (*Containers) Close ¶
func (c *Containers) Close() error
Close executes cleanup logic for Containers object.
func (*Containers) EnrichCgroupInfo ¶
func (c *Containers) EnrichCgroupInfo(cgroupId uint64) (cruntime.ContainerMetadata, error)
EnrichCgroupInfo checks for a given cgroupId if it is relevant to some running container. It then calls the runtime info service to gather additional data from the container's runtime. It returns the retrieved metadata and a relevant error. It should not be called twice for the same cgroupId unless attempting a retry.
func (*Containers) FindContainerCgroupID32LSB ¶
func (c *Containers) FindContainerCgroupID32LSB(containerID string) ([]uint32, error)
FindContainerCgroupID32LSB returns the 32 LSB of the Cgroup ID for a given container ID.
func (*Containers) GetCgroupInfo ¶
func (c *Containers) GetCgroupInfo(cgroupId uint64) CgroupInfo
GetCgroupInfo returns the contents of the Containers struct cgroupInfo data of a given cgroupId.
func (*Containers) GetCgroupVersion ¶
func (c *Containers) GetCgroupVersion() cgroup.CgroupVersion
func (*Containers) GetContainers ¶
func (c *Containers) GetContainers() map[uint32]CgroupInfo
GetContainers provides a list of all existing containers.
func (*Containers) GetDefaultCgroupHierarchyID ¶
func (c *Containers) GetDefaultCgroupHierarchyID() int
func (*Containers) Populate ¶
func (c *Containers) Populate() error
Populate populates Containers struct by reading mounted proc and cgroups fs.
func (*Containers) PopulateBpfMap ¶
func (c *Containers) PopulateBpfMap(bpfModule *libbpfgo.Module) error
PopulateBpfMap populates the map with all the existing containers so eBPF programs can orchestrate new ones with the correct state.
func (*Containers) RemoveFromBPFMap ¶
func (c *Containers) RemoveFromBPFMap(bpfModule *libbpfgo.Module, cgroupId uint64, hierarchyID uint32) error
RemoveFromBPFMap removes a container from the map so eBPF programs can stop tracking it.
type SignaturesDataSource ¶
type SignaturesDataSource struct {
// contains filtered or unexported fields
}
func NewDataSource ¶
func NewDataSource(c *Containers) *SignaturesDataSource
func (SignaturesDataSource) Get ¶
func (ctx SignaturesDataSource) Get(key interface{}) (map[string]interface{}, error)
func (SignaturesDataSource) ID ¶
func (ctx SignaturesDataSource) ID() string
func (SignaturesDataSource) Keys ¶
func (ctx SignaturesDataSource) Keys() []string
func (SignaturesDataSource) Namespace ¶
func (ctx SignaturesDataSource) Namespace() string
func (SignaturesDataSource) Schema ¶
func (ctx SignaturesDataSource) Schema() string
func (SignaturesDataSource) Version ¶
func (ctx SignaturesDataSource) Version() uint