fix:cgroup (#4)

Ne0o0o · Jul 19, 2023 · da533c7 · da533c7
1 parent 767afc6
commit da533c7
Show file tree

Hide file tree

Showing 7 changed files with 84 additions and 8 deletions.
diff --git a/pkg/cgroups/cgroup2.go b/pkg/cgroups/cgroup2.go
@@ -1,10 +1,16 @@
 package cgroups
 
 import (
+	"io/fs"
+	"path/filepath"
+	"syscall"
+
 	"github.com/containerd/cgroups/v3/cgroup2"
 	log "github.com/sirupsen/logrus"
 )
 
+const cgroupDefaultPath = "/sys/fs/cgroup"
+
 func Cgroup2PathFromPID(pid int) string {
 	cgroupPath, err := cgroup2.PidGroupPath(pid)
 	if err != nil {
@@ -37,3 +43,53 @@ func LoadCgroup2FromPID(pid int) *cgroup2.Manager {
 	}
 	return mgr
 }
+
+func Cgroup2PathFromInode(inode uint64) string {
+	var cgroupPath string
+	err := filepath.WalkDir(cgroupDefaultPath, func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+		if d.IsDir() {
+			info, err := d.Info()
+			if err != nil {
+				return err
+			}
+			if stat, ok := info.Sys().(*syscall.Stat_t); ok {
+				if stat.Ino == inode {
+					cgroupPath = path
+				}
+			}
+		}
+		return nil
+	})
+	if err != nil {
+		log.Errorf("fetch cgroup error `%s`", err)
+	}
+	return cgroupPath
+}
+
+func LoadCgroup2FromInode(inode int) *cgroup2.Manager {
+	var cgroupPath string
+	err := filepath.WalkDir(cgroupDefaultPath, func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+		if d.IsDir() {
+			info, err := d.Info()
+			if err != nil {
+				return err
+			}
+			if stat, ok := info.Sys().(*syscall.Stat_t); ok {
+				if stat.Ino == uint64(inode) {
+					cgroupPath = path
+				}
+			}
+		}
+		return nil
+	})
+	if err != nil || cgroupPath == "" {
+		return nil
+	}
+	return LoadCgroup2FromPath(cgroupPath)
+}
diff --git a/pkg/ebpf/c/tulkun.bpf.h b/pkg/ebpf/c/tulkun.bpf.h
@@ -76,6 +76,7 @@ static __always_inline int init_program_data(program_data_t *p, void *ctx)
     p->event->context.task.host_pid = pid_tgid >> 32;
     p->event->context.task.host_ppid = get_task_ppid(p->task);
     p->event->context.task.uid = bpf_get_current_uid_gid();
+    p->event->context.task.cgroup_id = bpf_get_current_cgroup_id();
 
     __builtin_memset(p->event->context.task.comm, 0, sizeof(p->event->context.task.comm));
     ret = bpf_get_current_comm(&p->event->context.task.comm, sizeof(p->event->context.task.comm));

diff --git a/pkg/proc/process.go b/pkg/proc/process.go
@@ -30,7 +30,7 @@ func NewProcess(pid int32) *Process {
 	p.Cmdline, _ = proc.Cmdline()
 	p.CgroupPath = cgroups.Cgroup2PathFromPID(int(pid))
 	p.Cgroup = cgroups.LoadCgroup2FromPath(p.CgroupPath)
-	p.Runtime = runtime.SelectContainerRuntime(int(pid), p.CgroupPath)
+	p.Runtime = runtime.SelectContainerRuntime(p.CgroupPath)
 	return &p
 }
 

diff --git a/pkg/runtime/container.go b/pkg/runtime/container.go
@@ -30,7 +30,7 @@ type ContainersInterface interface {
 	InspectContainerWithCgroup(cgroup string) *ContainerMeta
 }
 
-func SelectContainerRuntime(pid int, cgroup string) ContainersInterface {
+func SelectContainerRuntime(cgroup string) ContainersInterface {
 	// docker
 	if strings.Contains(cgroup, "docker") {
 		if _, ok := socketCollection.opt[Docker]; ok {
@@ -43,12 +43,13 @@ func SelectContainerRuntime(pid int, cgroup string) ContainersInterface {
 
 func register(name string, unixSocket string, register func(string) (ContainersInterface, error)) {
 	if _, err := os.Stat(unixSocket); err != nil {
-		log.Errorf("get runtime client `%s` socket error `%s`", name, unixSocket)
+		log.Infof("get runtime client `%s` socket error `%s` skip this...", name, unixSocket)
 		return
 	}
 	sock, err := register(unixSocket)
 	if err != nil {
-		log.Errorf("get runtime client `%s` socket error `%s`", name, unixSocket)
+		log.Infof("get runtime client `%s` socket error `%s` skip this...", name, unixSocket)
+		return
 	}
 	socketCollection.socketFD = unixSocket
 	socketCollection.opt[name] = sock

diff --git a/pkg/trace/event/enrich.go b/pkg/trace/event/enrich.go
@@ -1,7 +1,9 @@
 package event
 
 import (
+	"tulkun/pkg/cgroups"
 	"tulkun/pkg/proc"
+	"tulkun/pkg/runtime"
 )
 
 func enrichProcess(pid int32, msg map[string]interface{}) {
@@ -22,3 +24,20 @@ func enrichProcess(pid int32, msg map[string]interface{}) {
 		}
 	}
 }
+
+func enrichRuntime(cgroupId uint64, msg map[string]interface{}) {
+	cgroup := cgroups.Cgroup2PathFromInode(cgroupId)
+	if cgroup == "" {
+		return
+	}
+	if rt := runtime.SelectContainerRuntime(cgroup); rt != nil {
+		if meta := rt.InspectContainerWithCgroup(cgroup); meta != nil {
+			var container map[string]interface{}
+			container["containerId"] = meta.ContainerId
+			container["containerName"] = meta.Name
+			container["imageId"] = meta.ImageID
+			container["imageName"] = meta.ImageName
+			msg["runtime"] = container
+		}
+	}
+}
diff --git a/pkg/trace/event/execve.go b/pkg/trace/event/execve.go
@@ -30,9 +30,8 @@ func (e ExecveEvent) Handle(b []byte) {
 	e.MsgRaw.Buffer.buffer = b[unsafe.Sizeof(e.MsgRaw.Context):]
 	e.Msg = *e.MsgRaw.Context.fill()
 	e.Msg["argv"] = e.MsgRaw.Buffer.string()
-	// enrich process relation fields
-	enrichProcess(int32(e.MsgRaw.Context.Task.HostPID), e.Msg)
-
+	// enrich runtime relation fields
+	enrichRuntime(e.MsgRaw.Context.Task.CgroupID, e.Msg)
 	// output msg
 	msgByte, _ := json.Marshal(e.Msg)
 	msgByte = append(msgByte, []byte("\n")...)

diff --git a/version.txt b/version.txt
@@ -1 +1 @@
-0.2.0
+0.2.1