File: runc.cpp

package info (click to toggle)
falcosecurity-libs 0.1.1dev%2Bgit20220316.e5c53d64-5.1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 4,732 kB
  • sloc: cpp: 55,770; ansic: 37,330; makefile: 74; sh: 13
file content (98 lines) | stat: -rw-r--r-- 2,541 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
 
/*
Copyright (C) 2021 The Falco Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

*/

#include "runc.h"

#include <cstring>

#include "sinsp.h"
#include "sinsp_int.h"

namespace {

const size_t CONTAINER_ID_LENGTH = 64;
const size_t REPORTED_CONTAINER_ID_LENGTH = 12;
const char* CONTAINER_ID_VALID_CHARACTERS = "0123456789abcdefABCDEF";

static_assert(REPORTED_CONTAINER_ID_LENGTH <= CONTAINER_ID_LENGTH, "Reported container ID length cannot be longer than actual length");

}

namespace libsinsp {
namespace runc {

// check if cgroup ends with <prefix><container_id><suffix>
// If true, set <container_id> to a truncated version of the id and return true.
// Otherwise return false and leave container_id unchanged
bool match_one_container_id(const std::string &cgroup, const std::string &prefix, const std::string &suffix, std::string &container_id)
{
	size_t start_pos = cgroup.rfind(prefix);
	if (start_pos == std::string::npos)
	{
		return false;
	}
	start_pos += prefix.size();

	size_t end_pos = cgroup.rfind(suffix);
	if (end_pos == std::string::npos)
	{
		return false;
	}

	if (end_pos - start_pos != CONTAINER_ID_LENGTH)
	{
		return false;
	}

	size_t invalid_ch_pos = cgroup.find_first_not_of(CONTAINER_ID_VALID_CHARACTERS, start_pos);
	if (invalid_ch_pos < CONTAINER_ID_LENGTH)
	{
		return false;
	}

	container_id = cgroup.substr(start_pos, REPORTED_CONTAINER_ID_LENGTH);
	return true;
}

bool match_container_id(const std::string &cgroup, const libsinsp::runc::cgroup_layout *layout,
			std::string &container_id)
{
	for(size_t i = 0; layout[i].prefix && layout[i].suffix; ++i)
	{
		if(match_one_container_id(cgroup, layout[i].prefix, layout[i].suffix, container_id))
		{
			return true;
		}
	}

	return false;
}
bool matches_runc_cgroups(const sinsp_threadinfo *tinfo, const cgroup_layout *layout, std::string &container_id, std::string &matching_cgroup)
{
	for(const auto &it : tinfo->m_cgroups)
	{
		if(match_container_id(it.second, layout, container_id))
		{
			matching_cgroup = it.second;
			return true;
		}
	}

	return false;
}
}
}