Various cgroup and mounting fixes and optimizations #3829
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NDStrahilevitz
added
kind/chore
milestone/v0.20.0
and removed
area/ebpf
area/events
labels
NDStrahilevitz
force-pushed
the
switch_cgroup_ns
branch
from
593f6c0
to
ae406df
Compare
NDStrahilevitz
force-pushed
the
switch_cgroup_ns
branch
from
ae406df
to
e1546c1
Compare
geyslan
reviewed
Jan 31, 2024
|
@yanivagman Do you want to review this before I fix and merge? |
yanivagman
approved these changes
Feb 4, 2024
NDStrahilevitz
force-pushed
the
switch_cgroup_ns
branch
2 times, most recently
from
43a7498
to
a877430
Compare
geyslan
reviewed
Feb 7, 2024
/proc/mounts file does not tell where the mount originates from. This could cause us to use an unmanaged mount which is actually pointing to a purposfully mounted internal container cgroup fs. Since we always want to rely on host info, use the /proc/self/mountinfo file, which lets us know which filesystem on the root was actually mounted. For the reasons above, the MountOnce struct was refactored to the MountHostOnce struct, which does the same job but explicitly searches for mounts originating in the host filesystem.
existing_container event had one wrong argument metadata. In addition, iteration on the event set to send was done in a range. As such the event reference would switch mid send, causing duplicate existing_container events.
Enrich should only be done on relevant cgroup events. Those not in the relevant HID can be sent out.
NDStrahilevitz
force-pushed
the
switch_cgroup_ns
branch
from
a877430
to
cd1d6a2
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
1. What the PR does
ae406df optimize(enrich): skip non hid mkdir events
9d97d23 chore: improve logging in container related code
96f0c90 fix: existing_container bad output
0433158 feat(mount): use mountinfo instead of /proc/mounts
9d2206c feat(cgroup): always switch to root cgroupns
2. Explain how to test it
3. Other comments
I've found that we have some race conditions right now where enrichment will finish but a container event will be sent before. This is another bug which should be tackled separately (either by fixing the condition itself, or changing how a container_create event is triggered).
Resolve #3826
Fix #3689
Fix #3824