diff --git a/Dockerfile.driver.amd64 b/Dockerfile.driver.amd64 index 1019fb0..8cb4559 100644 --- a/Dockerfile.driver.amd64 +++ b/Dockerfile.driver.amd64 @@ -54,10 +54,14 @@ RUN --mount=type=secret,id=rhuser,dst=/secret/rhuser --mount=type=secret,id=rhpa ( export REGISTER_USER=$(cat /secret/rhuser) && export REGISTER_PASSWORD=$(cat /secret/rhpassword) && bash /build/install.sh driver ) && \ rm -rf /build +#install falcoctl +RUN LATEST=$(curl -sI https://github.com/falcosecurity/falcoctl/releases/latest | awk '/location: /{gsub("\r","",$2);split($2,v,"/");print substr(v[8],2)}') && \ + curl --fail -LS "https://github.com/falcosecurity/falcoctl/releases/download/v${LATEST}/falcoctl_${LATEST}_linux_amd64.tar.gz" | tar -xz && \ + install -o root -g root -m 0755 falcoctl /usr/bin/falcoctl && mkdir -p /etc/falco/ && touch /etc/falco/falco.yaml + # copy resources COPY docker-entry-ubi.sh /docker-entrypoint.sh COPY --from=mods ${INSTALL_PATH}/modules/bin/docker-entrypoint.sh ${INSTALL_PATH}/modules/bin/docker-entrypoint.sh -COPY --from=mods ${INSTALL_PATH}/modules/bin/falco-driver-loader /usr/bin/falco-driver-loader COPY --from=mods /usr/src/falco-* /usr/src/ COPY --from=mods /usr/sbin/dkms /usr/sbin/dkms diff --git a/makefile.manifest.inc b/makefile.manifest.inc index 542431f..50b8013 100644 --- a/makefile.manifest.inc +++ b/makefile.manifest.inc @@ -18,7 +18,6 @@ SYSFLOW_VERSION?=0.7.0-rc1 SYSFLOW_BUILD_NUMBER?=1 -<<<<<<< HEAD FALCO_VERSION=0.38.1 FALCO_LIBS_VERSION=0.17.2 FALCO_LIBS_DRIVER_VERSION=7.2.0+driver diff --git a/modules/Makefile b/modules/Makefile index 2c46a15..c277af8 100644 --- a/modules/Makefile +++ b/modules/Makefile @@ -96,8 +96,8 @@ falcolibs/package: -DUSE_BUNDLED_DEPS=ON \ -DUSE_BUNDLED_LIBELF=OFF \ -DCREATE_TEST_TARGETS=OFF \ - -DBUILD_LIBSCAP_EXAMPLES=ON \ - -DBUILD_LIBSINSP_EXAMPLES=ON \ + -DBUILD_LIBSCAP_EXAMPLES=OFF \ + -DBUILD_LIBSINSP_EXAMPLES=OFF \ -DCMD_MAKE="make -j${MAKE_JOBS}" \ ${MUSL_FLAG} ../. && make -j${MAKE_JOBS} && \ mkdir -p include && mkdir -p lib && mkdir -p bin && \ @@ -107,13 +107,14 @@ falcolibs/package: mkdir -p include/userspace/libsinsp/container_engine && cp ../userspace/libsinsp/container_engine/*.h include/userspace/libsinsp/container_engine/ && \ mkdir -p include/userspace/libsinsp/filter && cp ../userspace/libsinsp/filter/*.h include/userspace/libsinsp/filter/ && \ mkdir -p include/userspace/libsinsp/events && cp ../userspace/libsinsp/events/*.h include/userspace/libsinsp/events/ && \ - mkdir -p include/userspace/libsinsp/include && cp ../userspace/libsinsp/include/*.h include/userspace/libsinsp/include/ && \ mkdir -p include/userspace/libsinsp/state && cp ../userspace/libsinsp/state/*.h include/userspace/libsinsp/state/ && \ mkdir -p include/userspace/plugin && cp ../userspace/plugin/*.h include/userspace/plugin/ && \ mkdir -p include/userspace/libscap && cd .. && find userspace/libscap -name '*.h' -exec cp -r --parents '{}' build/include \; && cd build && \ + cp libscap/*.h include/userspace/libscap && \ mkdir -p include/openssl && cp openssl-prefix/src/openssl/include/openssl/*.h include/openssl && \ cp -r tbb-prefix/src/tbb/include/tbb include/ && \ cp -r tbb-prefix/src/tbb/include/oneapi include/ && \ + cp uthash-prefix/src/uthash/src/*.h include/ && \ cp -r protobuf-prefix/src/protobuf/target/include/google include/ && \ cp libbpf-prefix/src/libbpf-build/build/*.a lib/ && \ cp protobuf-prefix/src/protobuf/target/lib/libprotobuf.a lib && \ @@ -126,10 +127,6 @@ falcolibs/package: cp libsinsp/*.a lib/ && \ find libscap -name '*.a' -exec cp '{}' lib \; && \ cp ../../falco/docker/falco/docker-entrypoint.sh bin/ && \ - cp ../../falco/scripts/falco-driver-loader bin/ && \ - sed -i -E "s/@DRIVER_VERSION@/\"$(FALCO_LIBS_DRIVER_VERSION)\"/" bin/falco-driver-loader && \ - sed -i -E "s/@FALCO_VERSION@/\"$(FALCO_VERSION)\"/" bin/falco-driver-loader && \ - sed -i -E "s#@DRIVERS_REPO@#\"$(DRIVERS_REPO)\"#" bin/falco-driver-loader && \ cp re2-prefix/build/libre2.a lib/ && \ cp grpc-prefix/src/grpc/*.a lib/ && \ find grpc-prefix/src/grpc/third_party/abseil-cpp -name '*.a' -exec cp '{}' lib \; && \ diff --git a/modules/falco b/modules/falco index 1b62b5c..2820cd1 160000 --- a/modules/falco +++ b/modules/falco @@ -1 +1 @@ -Subproject commit 1b62b5ccd1c64cd972ef0252262075cbf42a130c +Subproject commit 2820cd1d074c7c2b075a92ec33946fb9e8573bdc diff --git a/modules/falco-driver b/modules/falco-driver index 0d65836..c7276a3 160000 --- a/modules/falco-driver +++ b/modules/falco-driver @@ -1 +1 @@ -Subproject commit 0d65836866ed3a91fefd977d8a5da2034ad67ea2 +Subproject commit c7276a354a92e3597868b115ede7fc2efacc4f3d diff --git a/modules/falco-libs b/modules/falco-libs index 0d65836..fbf3b36 160000 --- a/modules/falco-libs +++ b/modules/falco-libs @@ -1 +1 @@ -Subproject commit 0d65836866ed3a91fefd977d8a5da2034ad67ea2 +Subproject commit fbf3b363999971489e67dc51741022e7f9cb4dba diff --git a/scripts/installUBIDependency.sh b/scripts/installUBIDependency.sh index cedb926..01641c0 100755 --- a/scripts/installUBIDependency.sh +++ b/scripts/installUBIDependency.sh @@ -74,7 +74,6 @@ if [ "${MODE}" == "base" ] ; then autoconf \ gettext-devel \ wget \ - automake \ libtool \ patch \ binutils \ @@ -116,7 +115,6 @@ elif [ "${MODE}" == "driver" ] ; then pkgconfig \ autoconf \ wget \ - automake \ libtool \ patch \ binutils \ diff --git a/src/collector/Makefile b/src/collector/Makefile index 65effc1..b016084 100644 --- a/src/collector/Makefile +++ b/src/collector/Makefile @@ -69,6 +69,7 @@ CFLAGS = -std=c++17 -Wall -I.. -I../libs/ -I/usr/local/include/ -I/usr/include/ -I$(FALCOINCPREFIX)/driver/ \ -I$(FALCOINCPREFIX)/userspace/libsinsp/ \ -I$(FALCOINCPREFIX)/userspace/libscap/ \ + -I$(FALCOINCPREFIX)/userspace/ \ -I$(AVRINCPREFIX)/ $(info MUSL is $(MUSL)) diff --git a/src/libs/Makefile b/src/libs/Makefile index 3a7be53..d251c6c 100644 --- a/src/libs/Makefile +++ b/src/libs/Makefile @@ -67,6 +67,7 @@ CFLAGS = -std=c++17 -Wall -I.. -I/usr/local/include/ -I/usr/include/ \ -I$(FALCOINCPREFIX)/userspace/libsinsp/ \ -I$(FALCOINCPREFIX)/userspace/libscap/ \ -I$(FALCOINCPREFIX)/userspace/common/ \ + -I$(FALCOINCPREFIX)/userspace/ \ -I$(AVRINCPREFIX)/ OBJS = .sysflowlibs.o .sysflowlibs.o .MurmurHash3.o .utils.o .containercontext.o .processcontext.o .processeventprocessor.o .controlflowprocessor.o .dataflowprocessor.o .networkflowprocessor.o .fileflowprocessor.o .fileeventprocessor.o .sysflowcontext.o .sysflowprocessor.o .sysflowwriter.o .sffilewriter.o .sfsockwriter.o .sfmultiwriter.o .sfcallbackwriter.o .filecontext.o .k8scontext.o .k8seventprocessor.o .modutils.o .sysflowexception.o diff --git a/src/libs/dataflowprocessor.cpp b/src/libs/dataflowprocessor.cpp index 53ad746..47483be 100644 --- a/src/libs/dataflowprocessor.cpp +++ b/src/libs/dataflowprocessor.cpp @@ -52,7 +52,7 @@ DataFlowProcessor::~DataFlowProcessor() { } int DataFlowProcessor::handleDataEvent(sinsp_evt *ev, OpFlags flag) { - sinsp_fdinfo_t *fdinfo = ev->get_fd_info(); + sinsp_fdinfo *fdinfo = ev->get_fd_info(); if (fdinfo == nullptr) { SF_DEBUG( diff --git a/src/libs/filecontext.cpp b/src/libs/filecontext.cpp index 37e1774..9053cd1 100644 --- a/src/libs/filecontext.cpp +++ b/src/libs/filecontext.cpp @@ -54,7 +54,7 @@ FileObj *FileContext::createFile(sinsp_evt *ev, std::string path, char typechar, } return f; } -FileObj *FileContext::getFile(sinsp_evt *ev, sinsp_fdinfo_t *fdinfo, +FileObj *FileContext::getFile(sinsp_evt *ev, sinsp_fdinfo *fdinfo, SFObjectState state, bool &created) { return getFile(ev, fdinfo->m_name, fdinfo->get_typechar(), state, created); } diff --git a/src/libs/filecontext.h b/src/libs/filecontext.h index 0d3f4e2..b76423b 100644 --- a/src/libs/filecontext.h +++ b/src/libs/filecontext.h @@ -38,7 +38,7 @@ class FileContext { FileContext(container::ContainerContext *containerCxt, writer::SysFlowWriter *writer); virtual ~FileContext(); - FileObj *getFile(sinsp_evt *ev, sinsp_fdinfo_t *fdinfo, SFObjectState state, + FileObj *getFile(sinsp_evt *ev, sinsp_fdinfo *fdinfo, SFObjectState state, bool &created); FileObj *getFile(sinsp_evt *ev, const std::string &path, char typechar, SFObjectState state, bool &created); diff --git a/src/libs/fileeventprocessor.cpp b/src/libs/fileeventprocessor.cpp index ea20dcc..498ae4c 100644 --- a/src/libs/fileeventprocessor.cpp +++ b/src/libs/fileeventprocessor.cpp @@ -115,7 +115,7 @@ int FileEventProcessor::writeFileEvent(sinsp_evt *ev, OpFlags flag) { sinsp_threadinfo *ti = ev->get_thread_info(); bool created = false; ProcessObj *proc = m_processCxt->getProcess(ev, SFObjectState::REUP, created); - sinsp_fdinfo_t *fdinfo = ev->get_fd_info(); + sinsp_fdinfo *fdinfo = ev->get_fd_info(); FileObj *file = nullptr; if (fdinfo != nullptr) { @@ -125,10 +125,10 @@ int FileEventProcessor::writeFileEvent(sinsp_evt *ev, OpFlags flag) { ? utils::getPath(ev, "name") : utils::getPath(ev, "path"); if (IS_AT_SC(ev->get_type())) { - sinsp_evt_param *pinfo; + const sinsp_evt_param *pinfo; pinfo = ev->get_param(1); assert(pinfo->m_len == sizeof(int64_t)); - int64_t dirfd = *reinterpret_cast(pinfo->m_val); + const int64_t dirfd = *reinterpret_cast(pinfo->m_val); fileName = utils::getAbsolutePath(ti, dirfd, fileName); } else { fileName = utils::getAbsolutePath(ti, fileName); diff --git a/src/libs/fileflowprocessor.cpp b/src/libs/fileflowprocessor.cpp index 0b733fa..e2ad64a 100644 --- a/src/libs/fileflowprocessor.cpp +++ b/src/libs/fileflowprocessor.cpp @@ -42,7 +42,7 @@ FileFlowProcessor::~FileFlowProcessor() = default; inline void FileFlowProcessor::populateFileFlow( FileFlowObj *ff, OpFlags flag, sinsp_evt *ev, ProcessObj *proc, - FileObj *file, std::string flowkey, sinsp_fdinfo_t *fdinfo, int64_t fd) { + FileObj *file, std::string flowkey, sinsp_fdinfo *fdinfo, int64_t fd) { sinsp_threadinfo *ti = ev->get_thread_info(); ff->fileflow.opFlags = flag; ff->fileflow.ts = ev->get_ts(); @@ -98,7 +98,7 @@ void FileFlowProcessor::removeAndWriteRelatedFlows(ProcessObj *proc, inline void FileFlowProcessor::updateFileFlow(FileFlowObj *ff, OpFlags flag, sinsp_evt *ev, - sinsp_fdinfo_t *fdinfo) { + sinsp_fdinfo *fdinfo) { ff->fileflow.opFlags |= flag; ff->lastUpdate = utils::getCurrentTime(m_cxt); if (flag == OP_OPEN) { @@ -121,7 +121,7 @@ inline void FileFlowProcessor::updateFileFlow(FileFlowObj *ff, OpFlags flag, inline void FileFlowProcessor::processNewFlow(sinsp_evt *ev, ProcessObj *proc, FileObj *file, OpFlags flag, const std::string &flowkey, - sinsp_fdinfo_t *fdinfo, + sinsp_fdinfo *fdinfo, int64_t fd) { auto *ff = new FileFlowObj(); ff->exportTime = utils::getCurrentTime(m_cxt); @@ -144,7 +144,7 @@ inline void FileFlowProcessor::processNewFlow(sinsp_evt *ev, ProcessObj *proc, inline int FileFlowProcessor::createConsumerRecord(sinsp_evt *ev, ProcessObj *proc, FileObj *file, OpFlags flag, - sinsp_fdinfo_t *fdinfo, + sinsp_fdinfo *fdinfo, int64_t fd) { if (flag == OP_CLOSE || flag == OP_SHUTDOWN) { return 1; @@ -176,7 +176,7 @@ inline void FileFlowProcessor::removeAndWriteFileFlow(ProcessObj *proc, inline void FileFlowProcessor::processExistingFlow( sinsp_evt *ev, ProcessObj *proc, FileObj *file, OpFlags flag, - std::string flowkey, FileFlowObj *ff, sinsp_fdinfo_t *fdinfo) { + std::string flowkey, FileFlowObj *ff, sinsp_fdinfo *fdinfo) { updateFileFlow(ff, flag, ev, fdinfo); if (flag == OP_CLOSE) { removeAndWriteRelatedFlows(proc, ff, ev->get_ts()); @@ -186,7 +186,7 @@ inline void FileFlowProcessor::processExistingFlow( } int FileFlowProcessor::handleFileFlowEvent(sinsp_evt *ev, OpFlags flag) { - sinsp_fdinfo_t *fdinfo = ev->get_fd_info(); + sinsp_fdinfo *fdinfo = ev->get_fd_info(); int64_t fd = ev->get_fd_num(); if (fdinfo == nullptr) { diff --git a/src/libs/fileflowprocessor.h b/src/libs/fileflowprocessor.h index 61f872d..68e5065 100644 --- a/src/libs/fileflowprocessor.h +++ b/src/libs/fileflowprocessor.h @@ -42,15 +42,15 @@ class FileFlowProcessor { file::FileContext *m_fileCxt; void populateFileFlow(FileFlowObj *ff, OpFlags flag, sinsp_evt *ev, ProcessObj *proc, FileObj *file, std::string flowkey, - sinsp_fdinfo_t *fdinfo, int64_t fd); + sinsp_fdinfo *fdinfo, int64_t fd); void updateFileFlow(FileFlowObj *ff, OpFlags flag, sinsp_evt *ev, - sinsp_fdinfo_t *fdinfo); + sinsp_fdinfo *fdinfo); void processExistingFlow(sinsp_evt *ev, ProcessObj *proc, FileObj *file, OpFlags flag, std::string flowkey, FileFlowObj *ff, - sinsp_fdinfo_t *fdinfo); + sinsp_fdinfo *fdinfo); void processNewFlow(sinsp_evt *ev, ProcessObj *proc, FileObj *file, OpFlags flag, const std::string &flowkey, - sinsp_fdinfo_t *fdinfo, int64_t fd); + sinsp_fdinfo *fdinfo, int64_t fd); void removeAndWriteFileFlow(ProcessObj *proc, FileObj *file, FileFlowObj **nf, std::string flowkey); void removeFileFlow(ProcessObj *proc, FileObj *file, FileFlowObj **ff, @@ -59,7 +59,7 @@ class FileFlowProcessor { void removeAndWriteRelatedFlows(ProcessObj *proc, FileFlowObj *ffo, uint64_t endTs); int createConsumerRecord(sinsp_evt *ev, ProcessObj *proc, FileObj *file, - OpFlags flag, sinsp_fdinfo_t *fdinfo, int64_t fd); + OpFlags flag, sinsp_fdinfo *fdinfo, int64_t fd); DEFINE_LOGGER(); public: diff --git a/src/libs/k8scontext.cpp b/src/libs/k8scontext.cpp index 4f5a55d..96bef76 100644 --- a/src/libs/k8scontext.cpp +++ b/src/libs/k8scontext.cpp @@ -66,7 +66,7 @@ int K8sContext::derefPod(const std::string &id) { } return result; } - +/* std::shared_ptr K8sContext::createPod(const k8s_pod_t *p, const k8s_state_t &k8sState) { SF_DEBUG(m_logger, "Creating Pod object: " << p->get_name()) @@ -110,11 +110,11 @@ std::shared_ptr K8sContext::createPod(const k8s_pod_t *p, pod->pod.services.push_back(srv); } return pod; -} +}*/ std::shared_ptr K8sContext::getPod(sinsp_threadinfo *ti) { std::shared_ptr pod(nullptr); - if (ti->m_container_id.empty()) { + /*if (ti->m_container_id.empty()) { SF_DEBUG(m_logger, "Container ID is empty") return pod; } @@ -146,7 +146,7 @@ std::shared_ptr K8sContext::getPod(sinsp_threadinfo *ti) { m_pods[p->get_uid()] = pod; m_writer->writePod(&(pod->pod)); - pod->written = true; + pod->written = true;*/ return pod; } @@ -163,7 +163,7 @@ void K8sContext::clearPods() { void K8sContext::clearAllPods() { m_pods.clear(); } void K8sContext::updateAndWritePodState(std::string &uid) { - SF_DEBUG(m_logger, "Update and write pod state for modified pod: " << uid) + /* SF_DEBUG(m_logger, "Update and write pod state for modified pod: " << uid) const k8s_state_t &k8sState = m_cxt->getInspector()->m_k8s_client->get_state(); const k8s_pod_t *pod = @@ -190,7 +190,7 @@ void K8sContext::updateAndWritePodState(std::string &uid) { } else { SF_DEBUG(m_logger, "Unable to find pod with uid " << uid << " in global k8s state. ") - } + }*/ } void K8sContext::updateCompState(sysflow::K8sAction action, diff --git a/src/libs/k8scontext.h b/src/libs/k8scontext.h index ff1714e..e4e70d7 100644 --- a/src/libs/k8scontext.h +++ b/src/libs/k8scontext.h @@ -28,7 +28,6 @@ #include "sysflow.h" #include "sysflowcontext.h" #include "sysflowwriter.h" -#include #include #define K8S_TABLE_SIZE 100 @@ -39,9 +38,9 @@ class K8sContext { PodTable m_pods; context::SysFlowContext *m_cxt; writer::SysFlowWriter *m_writer; - std::shared_ptr createPod(const k8s_pod_t *p, + /* std::shared_ptr createPod(const k8s_pod_t *p, const k8s_state_t &k8sState); - + */ public: K8sContext(context::SysFlowContext *cxt, writer::SysFlowWriter *writer); virtual ~K8sContext(); diff --git a/src/libs/k8seventprocessor.cpp b/src/libs/k8seventprocessor.cpp index d68b749..e8e4a20 100644 --- a/src/libs/k8seventprocessor.cpp +++ b/src/libs/k8seventprocessor.cpp @@ -103,7 +103,7 @@ sysflow::K8sAction K8sEventProcessor::getAction(Json::Value &root) { int K8sEventProcessor::handleK8sEvent(sinsp_evt *ev) { int res = 1; - sinsp_evt_param *parinfo = ev->get_param(0); + const sinsp_evt_param *parinfo = ev->get_param(0); std::string payload(parinfo->m_val, parinfo->m_len); m_k8sEvt.message = payload; m_k8sEvt.ts = ev->get_ts(); diff --git a/src/libs/networkflowprocessor.cpp b/src/libs/networkflowprocessor.cpp index c950574..8e5f51c 100644 --- a/src/libs/networkflowprocessor.cpp +++ b/src/libs/networkflowprocessor.cpp @@ -56,7 +56,7 @@ inline int32_t NetworkFlowProcessor::getProtocol(scap_l4_proto proto) { return prt; } -inline void NetworkFlowProcessor::canonicalizeKey(sinsp_fdinfo_t *fdinfo, +inline void NetworkFlowProcessor::canonicalizeKey(sinsp_fdinfo *fdinfo, NFKey *key, uint64_t tid, uint64_t fd) { uint32_t sip = fdinfo->m_sockinfo.m_ipv4info.m_fields.m_sip; @@ -87,7 +87,7 @@ inline void NetworkFlowProcessor::canonicalizeKey(NetFlowObj *nf, NFKey *key) { inline void NetworkFlowProcessor::populateNetFlow(NetFlowObj *nf, OpFlags flag, sinsp_evt *ev, ProcessObj *proc) { - sinsp_fdinfo_t *fdinfo = ev->get_fd_info(); + sinsp_fdinfo *fdinfo = ev->get_fd_info(); sinsp_threadinfo *ti = ev->get_thread_info(); nf->netflow.opFlags = flag; nf->netflow.ts = ev->get_ts(); @@ -166,7 +166,7 @@ inline void NetworkFlowProcessor::processExistingFlow(sinsp_evt *ev, } int NetworkFlowProcessor::handleNetFlowEvent(sinsp_evt *ev, OpFlags flag) { - sinsp_fdinfo_t *fdinfo = ev->get_fd_info(); + sinsp_fdinfo *fdinfo = ev->get_fd_info(); if (fdinfo == nullptr) { SF_DEBUG(m_logger, "Event: " << ev->get_name() diff --git a/src/libs/networkflowprocessor.h b/src/libs/networkflowprocessor.h index 514aa8b..e614a24 100644 --- a/src/libs/networkflowprocessor.h +++ b/src/libs/networkflowprocessor.h @@ -37,7 +37,7 @@ class NetworkFlowProcessor { writer::SysFlowWriter *m_writer; DataFlowSet *m_dfSet; DEFINE_LOGGER(); - void canonicalizeKey(sinsp_fdinfo_t *fdinfo, NFKey *key, uint64_t tid, + void canonicalizeKey(sinsp_fdinfo *fdinfo, NFKey *key, uint64_t tid, uint64_t fd); void canonicalizeKey(NetFlowObj *nf, NFKey *key); void populateNetFlow(NetFlowObj *nf, OpFlags flag, sinsp_evt *ev, diff --git a/src/libs/processcontext.cpp b/src/libs/processcontext.cpp index f42e291..b9de7e1 100644 --- a/src/libs/processcontext.cpp +++ b/src/libs/processcontext.cpp @@ -124,10 +124,10 @@ ProcessObj *ProcessContext::createProcess(sinsp_threadinfo *ti, sinsp_evt *ev, } i++; } - p->proc.uid = mainthread->m_user.uid; - p->proc.gid = mainthread->m_group.gid; - p->proc.userName = mainthread->m_user.name; - p->proc.groupName = mainthread->m_group.name; + p->proc.uid = static_cast(mainthread->m_user.uid()); + p->proc.gid = static_cast(mainthread->m_group.gid()); + p->proc.userName = mainthread->m_user.name(); + p->proc.groupName = mainthread->m_group.name(); ContainerObj *cont = m_containerCxt->getContainer(ti); if (cont != nullptr) { p->proc.containerId.set_string(cont->cont.id); @@ -408,10 +408,10 @@ void ProcessContext::updateProcess(Process *proc, sinsp_evt *ev, i++; } - proc->uid = mainthread->m_user.uid; - proc->gid = mainthread->m_group.gid; - proc->userName = mainthread->m_user.name; - proc->groupName = mainthread->m_group.name; + proc->uid = static_cast(mainthread->m_user.uid()); + proc->gid = static_cast(mainthread->m_group.gid()); + proc->userName = mainthread->m_user.name(); + proc->groupName = mainthread->m_group.name(); } void ProcessContext::clearProcesses() { diff --git a/src/libs/sysflowcontext.cpp b/src/libs/sysflowcontext.cpp index a9a5da8..5f3585d 100644 --- a/src/libs/sysflowcontext.cpp +++ b/src/libs/sysflowcontext.cpp @@ -153,7 +153,7 @@ SysFlowContext::SysFlowContext(SysFlowConfig *config) if (k8sURL != nullptr) { SF_INFO(m_logger, "Initing k8s client. URL: " << k8sURL << " and certificate: " << k8sCert) - m_inspector->init_k8s_client(k8sURL, k8sCert, &config->exporterID, true); + //m_inspector->init_k8s_client(k8sURL, k8sCert, &config->exporterID, true); m_inspector->set_internal_events_mode(true); m_k8sEnabled = true; } diff --git a/src/libs/sysflowprocessor.cpp b/src/libs/sysflowprocessor.cpp index af3416b..0d253c3 100644 --- a/src/libs/sysflowprocessor.cpp +++ b/src/libs/sysflowprocessor.cpp @@ -192,13 +192,13 @@ int SysFlowProcessor::run() { continue; } - if (m_cxt->getInspector()->m_k8s_client != nullptr && + /* if (m_cxt->getInspector()->m_k8s_client != nullptr && m_cxt->getInspector()->m_k8s_client->get_capture_events().size() > 0) { SF_INFO(m_logger, "Events Count: " << m_cxt->getInspector() ->m_k8s_client->get_capture_events() .size()); - } + }*/ switch (ev->get_type()) { SF_EXECVE_ENTER() diff --git a/src/libs/utils.cpp b/src/libs/utils.cpp index 89d3809..d82f0fa 100644 --- a/src/libs/utils.cpp +++ b/src/libs/utils.cpp @@ -127,7 +127,7 @@ int64_t utils::getSyscallResult(sinsp_evt *ev) { case PT_FD: case PT_INT64: case PT_INT32: - res = *reinterpret_cast(p->m_val); + res = *reinterpret_cast(p->m_val); break; default: SF_DEBUG(m_logger, "Syscall result not of type pid! Type: " @@ -168,7 +168,7 @@ int64_t utils::getIntParam(sinsp_evt *ev, std::string pname) { case PT_FLAGS16: case PT_FLAGS32: { const sinsp_evt_param *p = ev->get_param(i); - return *reinterpret_cast(p->m_val); + return *reinterpret_cast(p->m_val); } default: return 0; @@ -272,7 +272,7 @@ int64_t utils::getFD(sinsp_evt *ev, const std::string ¶Name) { const sinsp_evt_param *p = ev->get_param(i); if (param->type == PT_FD) { assert(p->m_len == sizeof(int64_t)); - fd = (*reinterpret_cast(p->m_val)); + fd = (*reinterpret_cast(p->m_val)); } break; } @@ -304,7 +304,7 @@ std::string utils::getAbsolutePath(sinsp_threadinfo *ti, int64_t dirfd, } tmp = ti->get_cwd(); } else { - sinsp_fdinfo_t *fdinfo = ti->get_fd(dirfd); + sinsp_fdinfo *fdinfo = ti->get_fd(dirfd); if (fdinfo == nullptr) { return p.string(); }