fix: send init events to pipeline

This commit fixes the issue where init events were sent to printer directly instead of being sent to the pipeline.
aquasecurity · Jun 26, 2023 · 218c6e0 · 218c6e0
1 parent 9d5eefe
commit 218c6e0
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/pkg/ebpf/events_pipeline.go b/pkg/ebpf/events_pipeline.go
@@ -425,6 +425,9 @@ func (t *Tracee) processEvents(ctx context.Context, in <-chan *trace.Event) (
 	out := make(chan *trace.Event, 10000)
 	errc := make(chan error, 1)
 
+	// Some "informational" events are started here (TODO: API server?)
+	t.invokeInitEvents(out)
+
 	go func() {
 		defer close(out)
 		defer close(errc)

diff --git a/pkg/ebpf/tracee.go b/pkg/ebpf/tracee.go
@@ -1399,10 +1399,6 @@ const pollTimeout int = 300
 
 // Run starts the trace. it will run until ctx is cancelled
 func (t *Tracee) Run(ctx gocontext.Context) error {
-	// Some "informational" events are started here (TODO: API server?)
-
-	t.invokeInitEvents()
-
 	// Some events need initialization before the perf buffers are polled
 
 	t.triggerSyscallsIntegrityCheck(trace.Event{})
@@ -1576,30 +1572,31 @@ func computeFileHash(file *os.File) (string, error) {
 	return hex.EncodeToString(h.Sum(nil)), nil
 }
 
-// invokeInitEvents emits Tracee events, called Initialiation Events, that are generated from the
+// invokeInitEvents emits Tracee events, called Initialization Events, that are generated from the
 // userland process itself, and not from the kernel. These events usually serve as informational
 // events for the signatures engine/logic.
-func (t *Tracee) invokeInitEvents() {
+func (t *Tracee) invokeInitEvents(out chan *trace.Event) {
 	var emit uint64
 
 	setMatchedPolicies := func(event *trace.Event, matchedPolicies uint64) {
 		event.MatchedPoliciesKernel = matchedPolicies
+		event.MatchedPoliciesUser = matchedPolicies
 		event.MatchedPolicies = t.config.Policies.MatchedNames(matchedPolicies)
 	}
 
 	emit = t.events[events.InitNamespaces].emit
 	if emit > 0 {
 		systemInfoEvent := events.InitNamespacesEvent()
 		setMatchedPolicies(&systemInfoEvent, emit)
-		t.config.ChanEvents <- systemInfoEvent
+		out <- &systemInfoEvent
 		_ = t.stats.EventCount.Increment()
 	}
 
 	emit = t.events[events.ExistingContainer].emit
 	if emit > 0 {
 		for _, e := range events.ExistingContainersEvents(t.containers, t.config.ContainersEnrich) {
 			setMatchedPolicies(&e, emit)
-			t.config.ChanEvents <- e
+			out <- &e
 			_ = t.stats.EventCount.Increment()
 		}
 	}