Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

scrubbing: scrub execute process message inside the guest #2144

Merged
merged 1 commit into from
May 21, 2024
Merged

scrubbing: scrub execute process message inside the guest #2144

merged 1 commit into from
May 21, 2024

Conversation

anmaxvl
Copy link
Contributor

@anmaxvl anmaxvl commented May 16, 2024

In addition to scrubbing create container requests, add
scrubbing of execute process requests inside the guest.

@anmaxvl anmaxvl requested a review from a team as a code owner May 16, 2024 19:57
@anmaxvl anmaxvl force-pushed the gcs-exec-process-scrubbing branch from f400bae to 5b4593b Compare May 16, 2024 20:02
@msscotb msscotb self-assigned this May 17, 2024
@anmaxvl
scrubbing: scrub execute process message inside the guest
7e15f53 
Signed-off-by: Maksim An <maksiman@microsoft.com>
@anmaxvl anmaxvl force-pushed the gcs-exec-process-scrubbing branch from 5b4593b to 7e15f53 Compare May 20, 2024 16:40
@kevpar
Copy link
Member

kevpar commented May 21, 2024
edited
Loading

@anmaxvl please try the following:

  • Start a WPR trace
  • Run a pod
  • Run a container with an env var MYVAR=FINDTHISSTRING
  • Run an exec in the container
  • Stop the container
  • Stop the pod
  • Stop the trace
  • Open the trace in WPA and use the "Find All" feature to look for FINDTHISSTRING

The string should not be present in the trace

kevpar
kevpar approved these changes May 21, 2024
View reviewed changes
Copy link
Member

@kevpar kevpar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM pending above comment

@anmaxvl
Copy link
Contributor Author

anmaxvl commented May 21, 2024

@anmaxvl please try the following:

  • Start a WPR trace
  • Run a pod
  • Run a container with an env var MYVAR=FINDTHISSTRING
  • Run an exec in the container
  • Stop the container
  • Stop the pod
  • Stop the trace
  • Open the trace in WPA and use the "Find All" feature to look for FINDTHISSTRING

The string should not be present in the trace

done:

| request read message | {"ActivityId":"00000000-0000-0000-0000-000000000000","ContainerId":"f1aac0e9fc4f1563fee36cad1f1e6a7baa7b279735c826f4eb3afcea93f71277","Settings":{"ProcessParameters":"{\"Environment\":{\"<scrubbed>\":\"<scrubbed>\"},\"CreateStdOutPipe\":true,\"CreateStdErrPipe\":true}","VsockStdioRelaySettings":{"StdErr":1073741828,"StdOut":1073741827}},"ocsc":{"SpanID":"c63ed000efd0f6d5","TraceID":"6e2f573c44543b73e217830a2461a9ee","TraceOptions":1}} | f42933a9c1a73cc6 | 6e2f573c44543b73e217830a2461a9ee | e9ddc17f94484b9ef2f541fd3b0aeb2e5fcb45fab8980749e3e433a60e05db15@vm | 2024-05-21T19:38:26.632318500Z |

@anmaxvl anmaxvl merged commit 43d1ab5 into microsoft:main May 21, 2024
19 checks passed
@anmaxvl anmaxvl deleted the gcs-exec-process-scrubbing branch May 21, 2024 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kevpar kevpar kevpar approved these changes

@msscotb msscotb msscotb approved these changes

@helsaawy helsaawy helsaawy approved these changes

Assignees

@msscotb msscotb

@helsaawy helsaawy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@anmaxvl @kevpar @msscotb @helsaawy