Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Add new cgroup layout for podman #1613

Merged
merged 1 commit into from
Jan 11, 2024

Conversation

mattnite
Copy link
Contributor

What type of PR is this?

/kind bug

Any specific area of the project related to this PR?

/area libsinsp

Does this PR require a change in the driver versions?

No

What this PR does / why we need it:

I'm finding podman cgroup names that are suffixed with /container, and because we don't handle this layout pattern, processes in podman containers are being seen as running on the host. This is seen when investigating SCAP files. This patch adds this layout to the list. For example here's some output from systemd-cgls:

├─machine.slice
│ ├─libpod-conmon-a2bc7b153f034b17f358cde43a7f8c7475147e8a0d1b2573c26473244ec44ce4.scope
│ │ └─45338 /usr/bin/conmon --api-version 1 -c a2bc7b153f034b17f358cde43a7f8c7475147e8a0d1b2573c26473244ec44ce4 -u a2bc7b153f034b17f358cde43a7f8c7475147e8a0d1b2573c26473244ec44ce4 -r /usr/bi>
│ └─libpod-a2bc7b153f034b17f358cde43a7f8c7475147e8a0d1b2573c26473244ec44ce4.scope
│   └─container
│     ├─45341 nginx: master process nginx -g daemon off;
│     ├─45366 nginx: worker process
│     ├─45367 nginx: worker process
│     ├─45368 nginx: worker process
│     └─45369 nginx: worker process

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

Signed-off-by: Matthew Knight <matthew.knight@sysdig.com>
Copy link
Contributor

@FedeDP FedeDP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@poiana
Copy link
Contributor

poiana commented Jan 11, 2024

LGTM label has been added.

Git tree hash: 889ef95209ac305a5f6b766b3054fc3f76bcf307

@FedeDP
Copy link
Contributor

FedeDP commented Jan 11, 2024

/milestone 0.14.1

@poiana poiana added this to the 0.14.1 milestone Jan 11, 2024
@gnosek
Copy link
Contributor

gnosek commented Jan 11, 2024

/approve

@FedeDP
Copy link
Contributor

FedeDP commented Jan 11, 2024

@gnosek missing github approve 😆

@gnosek
Copy link
Contributor

gnosek commented Jan 11, 2024

oh @poiana how I hate thee

@poiana
Copy link
Contributor

poiana commented Jan 11, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: FedeDP, gnosek, mattnite

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana merged commit 8a5b3e7 into falcosecurity:master Jan 11, 2024
31 checks passed
@Andreagit97 Andreagit97 changed the title Add new cgroup layout for podman fix: Add new cgroup layout for podman Jan 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants