New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Manage EventStates
via Policies
#3848
Manage EventStates
via Policies
#3848
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
a2bafba
to
423e7d3
Compare
423e7d3
to
053fd4a
Compare
e67593a
to
62f562d
Compare
This comment was marked as outdated.
This comment was marked as outdated.
81c8d51
to
6885f48
Compare
cc51615
to
bb5b727
Compare
b244f08
to
10a4989
Compare
EventFlags
via PoliciesEventStates
via Policies
10a4989
to
48c85dc
Compare
EventStates
via PoliciesEventStates
via Policies
ae99512
to
734e3aa
Compare
EventStates
via PoliciesEventStates
via Policies
@@ -430,9 +300,28 @@ func (t *Tracee) Init(ctx gocontext.Context) error { | |||
t.contPathResolver = containers.InitContainerPathResolver(&t.pidsInMntns) | |||
t.contSymbolsLoader = sharedobjs.InitContainersSymbolsLoader(t.contPathResolver, 1024) | |||
|
|||
// Initialize event flags |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// Initialize event flags | |
// Initialize event properties |
defID := def.GetID() | ||
eProperties := &events.Properties{} | ||
|
||
// Set event flags based on its dependencies |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// Set event flags based on its dependencies | |
// Set event properties based on its dependencies |
59c3cef
to
734e3aa
Compare
PoliciesConfig is a new struct that holds the configuration used on the Policies computation. This also optimises cmd.GetContainerMode() and starts to decouple Policies from the config.Config.
Properties holds the static properties of an event wich are not hardcoded in the event definition and have to be computed at runtime. This also introduces a new file `dependencies.go` in the `events` package with the helper: `func GetAllEventsDependencies(givenEvtId ID) map[ID]struct{}`
- Rename: MaxPolicies to PolicyMax AllPoliciesOn to PolicyAll AlwaysSubmit to submitAllPolicies - Create PolicyNone const
- Moves all EventState management into policy package, introducing policy.EventState and policy.EventStates interfaces. - Changes DefinitionGroup.GetTailCalls() signature to deal only with subimittable events. This avoids circular import. - Removes Config.Policies, forcing to get policies from Snapshot and inject it when required.
Move it into policy package.
As this is a transitionary effort, we need to keep track of what needs to be done.
734e3aa
to
d068d9b
Compare
E2E tests 1428 is green. |
import "sync/atomic" | ||
|
||
type Properties struct { | ||
requiredBySignature atomic.Bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need an atomic here?
Atomic is good for comparing and switching, but for a specific value it doesn't give any advantage. Once I thought it helps with caches coherency, but in modern memory systems it is done without atomic operations as well:
on cache-coherent architectures (read - on all modern commodity architectures - IA-32, Intel 64, IA-64, SPARC, POWER) visibility is ensured automatically. Namely, each write is automatically propagated to all other processors/cores in a best-effort manner. There are no ways to prevent nor to speed it up. Period.
Anyways I think that either you want to do some compare and switch logic here, and then using an atomic is a good idea, you should just keep and atomic reference to the struct and work with RCU.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's just a computed value in runtime, for now, just initialized. But I used it as atomic since "if" changes occur "somehow" in other code path, it's thread-safe to load and store.
Closing due to upcoming architecture changes. |
Close: #3849
1. Explain what the PR does
d068d9b chore: add TODOs
56dcdc8 chore: remove unused functions
362969c chore: refactor policies computation
203ad45 chore: minor renaming
860924d chore: move attachProbes to policy package
600351a chore: relocate validateKallsymsDependencies
ffb6520 chore: move UpdateCapabilitiesRings to policy pkg
1897129 chore: add EventState and EventsStates interfaces
7f1405d chore: introduces ksymbols.go with singleton
f816b92 chore: rename consts
4ffcd9d chore: introduce events.Properties type
f79fe97 chore: introduce config.PoliciesConfig
d068d9b chore: add TODOs
600351a chore: relocate validateKallsymsDependencies
1897129 chore: add EventState and EventsStates interfaces
f816b92 chore: rename consts
4ffcd9d chore: introduce events.Properties type
f79fe97 chore: introduce config.PoliciesConfig
2. Explain how to test it
3. Other comments
This is a transitionary PR focused in bring the
EventState
andEventStates
read-only interfaces - used by Policies internals. It also introducesevents.Properties
type as a holder for non hardcoded information about events.