Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: generic kubernetes containerd path pattern #4155

Merged
merged 1 commit into from
Jul 2, 2024
Merged

fix: generic kubernetes containerd path pattern #4155

merged 1 commit into from
Jul 2, 2024

Conversation

NDStrahilevitz
Copy link
Collaborator

1. Explain what the PR does

1eb711c: fix: generic kubernetes containerd path pattern

    Some containerd+k8s distribution create containers in cgroup paths with
    the format of:
    kubepods/<besteffort|burstable>/podXXXX/<container_id>
    This pattern is unrecognizable and on its face indistinguishable between
    container runtimes. Since it has so far only been observed in containerd
    distributions, detect it as such (for now).

2. Explain how to test it

Test on a GKE env.

3. Other comments

Fix #3003

@NDStrahilevitz NDStrahilevitz requested a review from geyslan June 26, 2024 11:31
@NDStrahilevitz NDStrahilevitz self-assigned this Jun 26, 2024
geyslan
geyslan approved these changes Jun 26, 2024
View reviewed changes
Copy link
Member

@geyslan geyslan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pkg/containers/containers.go Outdated
@@ -294,6 +294,13 @@ func getContainerIdFromCgroup(cgroupPath string) (string, cruntime.RuntimeId, bo
// non-systemd docker with format in GitHub Actions: .../actions_job/01adbf...f26db7f/
runtime = cruntime.Docker
}
if runtime == cruntime.Unknown && i > 0 && strings.HasPrefix(cgroupParts[i-1], "pod") {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are referring to cgroupParts[i-1] for the third time. Maybe buffer it at the beginning of this matched branch?

@NDStrahilevitz NDStrahilevitz force-pushed the 3003_unknwon_container_runtime branch from 1eb711c to 81cc9bf Compare June 26, 2024 14:12
@NDStrahilevitz
fix: generic kubernetes containerd path pattern
f73adee 
Some containerd+k8s distribution create containers in cgroup paths with
the format of:
kubepods/<besteffort|burstable>/podXXXX/<container_id>
This pattern is unrecognizable and on its face indistinguishable between
container runtimes. Since it has so far only been observed in containerd
distributions, detect it as such (for now).
@NDStrahilevitz NDStrahilevitz force-pushed the 3003_unknwon_container_runtime branch from 81cc9bf to f73adee Compare June 26, 2024 14:42
@NDStrahilevitz NDStrahilevitz merged commit 0d20d76 into aquasecurity:main Jul 2, 2024
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geyslan geyslan geyslan approved these changes

Assignees

@NDStrahilevitz NDStrahilevitz

Labels
kind/bug milestone/v0.22.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unknown container runtime on some kubernetes clusters
2 participants
@NDStrahilevitz @geyslan