gVisor engine crashes with non-hex container IDs #1602

LucaGuerra · 2023-12-22T09:18:09Z

Describe the bug

This issue comes from the analysis in: falcosecurity/falco#2897 . Currently, the gVisor engine crashes if a non-hex container ID is used.

How to reproduce it

Example:

# create a container bundle
mkdir redis
mkdir redis/rootfs
docker pull redis
docker create --name tempredis redis
docker export tempredis | tar -C redis/rootfs -xf -
docker rm tempredis
cd ./redis/
runc spec
cd ..
# run a runsc sandbox with a non-hex id
sudo runsc -platform=systrap -file-access=shared -host-uds=open -overlay2=none -directfs -dcache=0 --cpu-num-from-quota --pod-init-config=/etc/docker/runsc_falco_config.json -debug-log=/tmp/runsc/ -debug -strace run -bundle redis/ my_container_id

Meanwhile, run Falco (or any libs client) with gVisor integration enabled.

Expected behaviour

Falco should not crash.

Screenshots

Environment

libs 0.14.0

Additional context

LucaGuerra · 2024-01-08T14:29:01Z

/assign

LucaGuerra added the kind/bug Something isn't working label Dec 22, 2023

Andreagit97 added this to the 0.14.1 milestone Jan 8, 2024

poiana assigned LucaGuerra Jan 8, 2024

LucaGuerra mentioned this issue Jan 10, 2024

fix(gvisor): handle arbitrary sandbox IDs #1612

Merged

poiana closed this as completed in #1612 Jan 15, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

gVisor engine crashes with non-hex container IDs #1602

gVisor engine crashes with non-hex container IDs #1602

LucaGuerra commented Dec 22, 2023 •

edited

LucaGuerra commented Jan 8, 2024

gVisor engine crashes with non-hex container IDs #1602

gVisor engine crashes with non-hex container IDs #1602

Comments

LucaGuerra commented Dec 22, 2023 • edited

LucaGuerra commented Jan 8, 2024

LucaGuerra commented Dec 22, 2023 •

edited