diff --git a/test/libsinsp_e2e/CMakeLists.txt b/test/libsinsp_e2e/CMakeLists.txt index c718131b1d..0f267f0b69 100755 --- a/test/libsinsp_e2e/CMakeLists.txt +++ b/test/libsinsp_e2e/CMakeLists.txt @@ -34,6 +34,7 @@ add_executable( capture_to_file_test.cpp container/container.cpp container/container_cgroup.cpp + container/container_cri.cpp container/docker_utils.cpp event_capture.cpp forking.cpp @@ -98,3 +99,6 @@ execute_process( COMMAND tar xzf ${CMAKE_CURRENT_BINARY_DIR}/resources/fake-proc.tar.gz WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/resources/ ) + +add_subdirectory(fake_cri) +add_dependencies(libsinsp_e2e_tests fake_cri) diff --git a/test/libsinsp_e2e/container/container_cri.cpp b/test/libsinsp_e2e/container/container_cri.cpp new file mode 100644 index 0000000000..2c4671b26a --- /dev/null +++ b/test/libsinsp_e2e/container/container_cri.cpp @@ -0,0 +1,551 @@ +#include "../sys_call_test.h" +#include "../subprocess.h" + +#include + +static const std::string cri_container_id = "aec4c703604b"; +static const std::string fake_cri_socket = "/tmp/fake-cri.sock"; +static const std::string fake_docker_socket = "/tmp/fake-docker.sock"; +static const std::string default_docker_socket = "/var/run/docker.sock"; + +struct exp_container_event_info { + sinsp_container_type type; + sinsp_container_lookup::state state; +}; + +class container_cri : public sys_call_test { +protected: + void fake_cri_test(const std::string& pb_prefix, + const std::string& runtime, + const std::function& done)>& callback, + bool extra_queries = true); + + void fake_cri_test_timing(const std::string& pb_prefix, + const std::string& delay_arg, + const std::string& runtime, + float docker_delay, + bool async, + const exp_container_event_info& exp_info, + uint64_t container_engine_mask = 0, + int64_t test_duration = 10); +}; + +TEST_F(container_cri, fake_cri_no_server) { + std::atomic done(false); + + event_filter_t filter = [&](sinsp_evt* evt) { + // we never get the PPME_CONTAINER_JSON_E event if the lookup fails + sinsp_threadinfo* tinfo = evt->get_tinfo(); + if(tinfo) { + return tinfo->m_exe == "/bin/echo" && !tinfo->m_container_id.empty(); + } + + return false; + }; + + run_callback_t test = [&](sinsp* inspector) { + subprocess handle(LIBSINSP_TEST_PATH "/test_helper", {"cri_container_echo"}); + handle.in() << "\n"; + handle.wait(); + }; + + captured_event_callback_t callback = [&](const callback_param& param) { + sinsp_threadinfo* tinfo = param.m_evt->get_tinfo(); + EXPECT_TRUE(tinfo != NULL); + + EXPECT_EQ(cri_container_id, tinfo->m_container_id); + + const auto container_info = + param.m_inspector->m_container_manager.get_container(tinfo->m_container_id); + + // This can either be null or a container with incomplete metadata + EXPECT_TRUE( + (container_info == nullptr || + container_info->get_lookup_status() != sinsp_container_lookup::state::SUCCESSFUL)); + + done = true; + }; + + before_capture_t setup = [&](sinsp* inspector) { + inspector->set_cri_socket_path(fake_cri_socket); + }; + + EXPECT_NO_FATAL_FAILURE({ event_capture::run(test, callback, filter, setup); }); + EXPECT_TRUE(done); +} + +void container_cri::fake_cri_test( + const std::string& pb_prefix, + const std::string& runtime, + const std::function& done)>& callback, + bool extra_queries) { + std::atomic done(false); + unlink(fake_cri_socket.c_str()); + subprocess fake_cri_handle(LIBSINSP_TEST_PATH "/fake_cri/fake_cri", + {"unix://" + fake_cri_socket, pb_prefix, runtime}); + pid_t fake_cri_pid = fake_cri_handle.get_pid(); + + auto start_time = time(NULL); + + event_filter_t filter = [&](sinsp_evt* evt) { + return evt->get_type() == PPME_CONTAINER_JSON_E || + evt->get_type() == PPME_CONTAINER_JSON_2_E; + }; + + run_callback_t test = [&](sinsp* inspector) { + subprocess handle(LIBSINSP_TEST_PATH "/test_helper", {"cri_container_echo"}); + handle.in() << "\n"; + handle.wait(); + while(!done && time(NULL) < start_time + 10) { + usleep(100000); + } + }; + + captured_event_callback_t cri_callback = [&](const callback_param& param) { + callback(param, done); + }; + + before_capture_t setup = [&](sinsp* inspector) { + inspector->set_cri_socket_path(fake_cri_socket); + inspector->set_docker_socket_path(""); + inspector->set_cri_extra_queries(extra_queries); + }; + + after_capture_t cleanup = [&](sinsp* inspector) { + inspector->set_docker_socket_path(default_docker_socket); + }; + + EXPECT_NO_FATAL_FAILURE({ event_capture::run(test, cri_callback, filter, setup, cleanup); }); + + // The fake server had to stay running the whole time in order + // for the test to be succesful + // Needed to reap the zombine if it exited + waitpid(fake_cri_pid, NULL, WNOHANG); + EXPECT_TRUE(fake_cri_handle.is_alive()); + + EXPECT_TRUE(done); + + fake_cri_handle.kill(); +} + +TEST_F(container_cri, fake_cri) { + fake_cri_test( + LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "containerd", + [&](const callback_param& param, std::atomic& done) { + sinsp_threadinfo* tinfo = param.m_evt->get_tinfo(); + EXPECT_TRUE(tinfo != NULL); + + EXPECT_EQ(cri_container_id, tinfo->m_container_id); + + const auto container_info = + param.m_inspector->m_container_manager.get_container(tinfo->m_container_id); + EXPECT_NE(container_info, nullptr); + + EXPECT_EQ(sinsp_container_type::CT_CONTAINERD, container_info->m_type); + EXPECT_EQ("falco", container_info->m_name); + EXPECT_EQ("docker.io/falcosecurity/falco:latest", container_info->m_image); + EXPECT_EQ("sha256:8d0619a4da278dfe2772f75aa3cc74df0a250385de56085766035db5c9a062ed", + container_info->m_imagedigest); + EXPECT_EQ("4bc0e14060f4263acf658387e76715bd836a13b9ba44f48465bd0633a412dbd0", + container_info->m_imageid); + EXPECT_EQ(1073741824, container_info->m_memory_limit); + EXPECT_EQ(102, container_info->m_cpu_shares); + EXPECT_EQ(0, container_info->m_cpu_quota); + EXPECT_EQ(100000, container_info->m_cpu_period); + + done = true; + }); +} + +TEST_F(container_cri, fake_cri_crio_extra_queries) { + fake_cri_test( + LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_crio", + "cri-o", + [&](const callback_param& param, std::atomic& done) { + sinsp_threadinfo* tinfo = param.m_evt->get_tinfo(); + EXPECT_TRUE(tinfo != NULL); + + EXPECT_EQ(cri_container_id, tinfo->m_container_id); + + const auto container_info = + param.m_inspector->m_container_manager.get_container(tinfo->m_container_id); + EXPECT_NE(container_info, nullptr); + + EXPECT_EQ(sinsp_container_type::CT_CRIO, container_info->m_type); + EXPECT_EQ("falco", container_info->m_name); + EXPECT_EQ("docker.io/falcosecurity/falco:crio", container_info->m_image); + EXPECT_EQ("sha256:5241704b37e01f7bbca0ef6a90f5034731eba85320afd2eb9e4bce7ab09165a2", + container_info->m_imagedigest); + EXPECT_EQ("4e01602047d456fa783025a26b4b4c59b6527d304f9983fbd63b8d9a3bec53dc", + container_info->m_imageid); + + done = true; + }); +} + +TEST_F(container_cri, fake_cri_crio) { + fake_cri_test( + LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_crio", + "cri-o", + [&](const callback_param& param, std::atomic& done) { + sinsp_threadinfo* tinfo = param.m_evt->get_tinfo(); + EXPECT_TRUE(tinfo != NULL); + + EXPECT_EQ(cri_container_id, tinfo->m_container_id); + + const auto container_info = + param.m_inspector->m_container_manager.get_container(tinfo->m_container_id); + EXPECT_NE(container_info, nullptr); + + EXPECT_EQ(sinsp_container_type::CT_CRIO, container_info->m_type); + EXPECT_EQ(sinsp_container_lookup::state::SUCCESSFUL, + container_info->get_lookup_status()); + EXPECT_EQ("falco", container_info->m_name); + EXPECT_EQ("docker.io/falcosecurity/falco:crio", container_info->m_image); + EXPECT_EQ("sha256:5241704b37e01f7bbca0ef6a90f5034731eba85320afd2eb9e4bce7ab09165a2", + container_info->m_imagedigest); + EXPECT_EQ("", container_info->m_imageid); // no extra queries -> no image id + + done = true; + }, + false); +} + +TEST_F(container_cri, fake_cri_unknown_runtime) { + fake_cri_test( + LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "unknown-runtime", + [&](const callback_param& param, std::atomic& done) { + sinsp_threadinfo* tinfo = param.m_evt->get_tinfo(); + EXPECT_TRUE(tinfo != NULL); + + EXPECT_EQ(cri_container_id, tinfo->m_container_id); + + const auto container_info = + param.m_inspector->m_container_manager.get_container(tinfo->m_container_id); + EXPECT_NE(container_info, nullptr); + + EXPECT_EQ(sinsp_container_type::CT_CRI, container_info->m_type); + EXPECT_EQ("falco", container_info->m_name); + EXPECT_EQ("docker.io/falcosecurity/falco:latest", container_info->m_image); + EXPECT_EQ("sha256:8d0619a4da278dfe2772f75aa3cc74df0a250385de56085766035db5c9a062ed", + container_info->m_imagedigest); + EXPECT_EQ("4bc0e14060f4263acf658387e76715bd836a13b9ba44f48465bd0633a412dbd0", + container_info->m_imageid); + + done = true; + }); +} + +namespace { +void verify_cri_container_info(const sinsp_container_info& container_info) { + EXPECT_EQ("falco", container_info.m_name); + EXPECT_EQ("docker.io/falcosecurity/falco:latest", container_info.m_image); + EXPECT_EQ("sha256:8d0619a4da278dfe2772f75aa3cc74df0a250385de56085766035db5c9a062ed", + container_info.m_imagedigest); + EXPECT_EQ("4bc0e14060f4263acf658387e76715bd836a13b9ba44f48465bd0633a412dbd0", + container_info.m_imageid); + EXPECT_EQ(1073741824, container_info.m_memory_limit); + EXPECT_EQ(102, container_info.m_cpu_shares); + EXPECT_EQ(0, container_info.m_cpu_quota); + EXPECT_EQ(100000, container_info.m_cpu_period); +} + +void verify_docker_container_info(const sinsp_container_info& container_info) { + EXPECT_EQ("nginx", container_info.m_name); + EXPECT_EQ("568c4670fa800978e08e4a51132b995a54f8d5ae83ca133ef5546d092b864acf", + container_info.m_imageid); +} + +void verify_container_info(const std::string& container_id, + const exp_container_event_info& exp_info, + const sinsp_container_info& container_info) { + EXPECT_EQ(cri_container_id, container_id); + + EXPECT_EQ(container_info.get_lookup_status(), exp_info.state); + EXPECT_EQ(container_info.m_type, exp_info.type); + if(exp_info.state == sinsp_container_lookup::state::SUCCESSFUL) { + if(container_info.m_type == CT_CONTAINERD) { + verify_cri_container_info(container_info); + } else if(container_info.m_type == CT_DOCKER) { + verify_docker_container_info(container_info); + } else { + FAIL() << "Unexpected container type " << (int)container_info.m_type; + } + } +} + +} // namespace + +void container_cri::fake_cri_test_timing(const std::string& pb_prefix, + const std::string& delay_arg, + const std::string& runtime, + float docker_delay, + bool async, + const exp_container_event_info& exp_info, + uint64_t container_engine_mask, + int64_t test_duration) { + std::atomic saw_container_event(false); + std::atomic saw_container_callback(false); + unlink(fake_cri_socket.c_str()); + subprocess fake_cri_handle(LIBSINSP_TEST_PATH "/fake_cri/fake_cri", + {delay_arg, "unix://" + fake_cri_socket, pb_prefix, runtime}); + pid_t fake_cri_pid = fake_cri_handle.get_pid(); + + subprocess fake_docker_handle("/usr/bin/env", + {"python3", + LIBSINSP_TEST_RESOURCES_PATH "/fake_docker.py", + std::to_string(docker_delay), + fake_docker_socket}); + pid_t fake_docker_pid = fake_docker_handle.get_pid(); + + auto start_time = time(NULL); + + event_filter_t filter = [&](sinsp_evt* evt) { + return evt->get_type() == PPME_CONTAINER_JSON_E || + evt->get_type() == PPME_CONTAINER_JSON_2_E; + }; + + run_callback_async_t test = [&]() { + subprocess handle(LIBSINSP_TEST_PATH "/test_helper", {"cri_container_echo"}); + handle.in() << "\n"; + handle.wait(); + while(time(NULL) < start_time + test_duration) { + usleep(100000); + } + }; + + captured_event_callback_t container_event_callback = [&](const callback_param& param) { + EXPECT_FALSE(saw_container_event) << "Received more than one container event"; + + sinsp_threadinfo* tinfo = param.m_evt->get_tinfo(); + EXPECT_TRUE(tinfo != NULL); + + const auto container_info = + param.m_inspector->m_container_manager.get_container(tinfo->m_container_id); + EXPECT_NE(container_info, nullptr); + + verify_container_info(tinfo->m_container_id, exp_info, *(container_info.get())); + + saw_container_event = true; + }; + + before_capture_t setup = [&](sinsp* inspector) { + inspector->set_docker_socket_path(fake_docker_socket); + inspector->set_cri_socket_path(fake_cri_socket); + inspector->set_cri_extra_queries(false); + inspector->set_cri_async(async); + if(container_engine_mask != 0) { + inspector->set_container_engine_mask(container_engine_mask); + } + inspector->m_container_manager.subscribe_on_new_container( + [&](const sinsp_container_info& container, sinsp_threadinfo* tinfo) { + EXPECT_FALSE(saw_container_callback) + << "Received more than one on_new_container callback"; + + verify_container_info(tinfo->m_container_id, exp_info, container); + saw_container_callback = true; + }); + }; + + before_capture_t cleanup = [&](sinsp* inspector) { + inspector->set_docker_socket_path(default_docker_socket); + }; + + EXPECT_NO_FATAL_FAILURE( + { event_capture::run(test, container_event_callback, filter, setup, cleanup); }); + + // We only expect to see a container event when the lookup succeeds + if(exp_info.state == sinsp_container_lookup::state::SUCCESSFUL) { + EXPECT_TRUE(saw_container_event) << "Did not see expected container event"; + } else { + EXPECT_FALSE(saw_container_event) << "Received container event but did not expect one"; + } + + // We always expect an on_new_container callback + EXPECT_TRUE(saw_container_callback) << "Did not see expected on_new_container callback"; + + // The fake servers had to stay running the whole time in order + // for the test to be succesful + // Needed to reap the zombine if it exited + waitpid(fake_cri_pid, NULL, WNOHANG); + EXPECT_TRUE(fake_cri_handle.is_alive()); + waitpid(fake_docker_pid, NULL, WNOHANG); + EXPECT_TRUE(fake_docker_handle.is_alive()); + + fake_cri_handle.kill(); + fake_docker_handle.kill(); +} + +TEST_F(container_cri, fake_cri_then_docker) { + exp_container_event_info exp_info = {CT_CONTAINERD, sinsp_container_lookup::state::SUCCESSFUL}; + + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--nodelay", + "containerd", + 0.5, + true, + exp_info); +} + +TEST_F(container_cri, fake_docker_then_cri) { + exp_container_event_info exp_info = {CT_DOCKER, sinsp_container_lookup::state::SUCCESSFUL}; + + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--slow", + "containerd", + 0.0, + true, + exp_info); +} + +TEST_F(container_cri, fake_cri_fail_then_docker) { + exp_container_event_info exp_info = {CT_DOCKER, sinsp_container_lookup::state::SUCCESSFUL}; + + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--veryslow", + "containerd", + 1.0, + true, + exp_info); +} + +TEST_F(container_cri, fake_docker_then_cri_fail) { + exp_container_event_info exp_info = {CT_DOCKER, sinsp_container_lookup::state::SUCCESSFUL}; + + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--veryslow", + "containerd", + 0.0, + true, + exp_info); +} + +TEST_F(container_cri, fake_cri_then_docker_fail) { + exp_container_event_info exp_info{CT_CONTAINERD, sinsp_container_lookup::state::SUCCESSFUL}; + + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--nodelay", + "containerd", + -0.5, + true, + exp_info); +} + +TEST_F(container_cri, fake_docker_fail_then_cri) { + exp_container_event_info exp_info = {CT_CONTAINERD, sinsp_container_lookup::state::SUCCESSFUL}; + + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--slow", + "containerd", + -0.1, + true, + exp_info); +} + +TEST_F(container_cri, fake_cri_fail) { + exp_container_event_info exp_info = {CT_CONTAINERD, sinsp_container_lookup::state::FAILED}; + + // Run long enough for cri lookup to exhaust all retries + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--veryslow", + "containerd", + -2.0, + true, + exp_info, + 1 << CT_CONTAINERD, + 40); +} + +TEST_F(container_cri, docker_fail) { + exp_container_event_info exp_info = {CT_DOCKER, sinsp_container_lookup::state::FAILED}; + + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--veryslow", + "containerd", + -0.1, + true, + exp_info, + 1 << CT_DOCKER); +} + +TEST_F(container_cri, fake_cri_then_docker_sync) { + exp_container_event_info exp_info = {CT_CONTAINERD, sinsp_container_lookup::state::SUCCESSFUL}; + + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--nodelay", + "containerd", + 0.5, + false, + exp_info); +} + +TEST_F(container_cri, fake_docker_then_cri_sync) { + exp_container_event_info exp_info = {CT_DOCKER, sinsp_container_lookup::state::SUCCESSFUL}; + + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--slow", + "containerd", + 0.0, + false, + exp_info); +} + +TEST_F(container_cri, fake_cri_fail_then_docker_sync) { + exp_container_event_info exp_info = {CT_DOCKER, sinsp_container_lookup::state::SUCCESSFUL}; + + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--veryslow", + "containerd", + 1.0, + false, + exp_info); +} + +TEST_F(container_cri, fake_docker_then_cri_fail_sync) { + exp_container_event_info exp_info = {CT_DOCKER, sinsp_container_lookup::state::SUCCESSFUL}; + + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--veryslow", + "containerd", + 0.0, + false, + exp_info); +} + +TEST_F(container_cri, fake_cri_then_docker_fail_sync) { + exp_container_event_info exp_info = {CT_CONTAINERD, sinsp_container_lookup::state::SUCCESSFUL}; + + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--nodelay", + "containerd", + -0.5, + false, + exp_info); +} + +TEST_F(container_cri, fake_docker_fail_then_cri_sync) { + exp_container_event_info exp_info = {CT_CONTAINERD, sinsp_container_lookup::state::SUCCESSFUL}; + + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--slow", + "containerd", + -0.1, + false, + exp_info); +} + +TEST_F(container_cri, fake_cri_fail_sync) { + exp_container_event_info exp_info = {CT_CONTAINERD, sinsp_container_lookup::state::FAILED}; + + // Run long enough for cri lookup to exhaust all retries + fake_cri_test_timing(LIBSINSP_TEST_RESOURCES_PATH "/fake_cri_falco", + "--veryslow", + "containerd", + -2.0, + false, + exp_info, + 1 << CT_CONTAINERD); +} diff --git a/test/libsinsp_e2e/fake_cri/CMakeLists.txt b/test/libsinsp_e2e/fake_cri/CMakeLists.txt new file mode 100644 index 0000000000..49c12a5df6 --- /dev/null +++ b/test/libsinsp_e2e/fake_cri/CMakeLists.txt @@ -0,0 +1,34 @@ +include_directories(${CMAKE_CURRENT_BINARY_DIR}) + +if(NOT EXISTS ${CMAKE_BINARY_DIR}/libsinsp/cri-v1alpha2.grpc.pb.cc) + file(TOUCH ${CMAKE_BINARY_DIR}/libsinsp/cri-v1alpha2.grpc.pb.cc + ${CMAKE_BINARY_DIR}/libsinsp/cri-v1alpha2.pb.cc + ) +endif() + +add_executable( + fake_cri fake_cri.cpp ${CMAKE_BINARY_DIR}/libsinsp/cri-v1alpha2.grpc.pb.cc + ${CMAKE_BINARY_DIR}/libsinsp/cri-v1alpha2.pb.cc +) + +include(protobuf) +include(grpc) +target_link_libraries( + fake_cri + PRIVATE "${GRPC_LIBRARIES}" + "${GRPCPP_LIB}" + "${GRPC_LIB}" + "${GPR_LIB}" + "${PROTOBUF_LIB}" + "${CARES_LIB}" + pthread + sinsp + rt +) + +target_include_directories(fake_cri PRIVATE ${CMAKE_BINARY_DIR} ${PROTOBUF_INCLUDE}) + +file(GLOB PROTOS "*.pb") +foreach(FILENAME IN LISTS PROTOS) + configure_file(${FILENAME} ${CMAKE_BINARY_DIR}/test/libsinsp_e2e/resources/ COPYONLY) +endforeach() diff --git a/test/libsinsp_e2e/fake_cri/fake_cri.cpp b/test/libsinsp_e2e/fake_cri/fake_cri.cpp new file mode 100644 index 0000000000..3bc592dbc1 --- /dev/null +++ b/test/libsinsp_e2e/fake_cri/fake_cri.cpp @@ -0,0 +1,212 @@ +#include "libsinsp/cri-v1alpha2.grpc.pb.h" + +#include +#include + +#include +#include +#include +#include +#include + +#include +#include + +using namespace runtime::v1alpha2; + +class FakeCRIServer final : public runtime::v1alpha2::RuntimeService::Service { +public: + FakeCRIServer(int delay_us, + ContainerStatusResponse&& cs, + PodSandboxStatusResponse&& ps, + ListContainersResponse&& lc, + const std::string& runtime_name): + m_delay_us(delay_us), + m_container_status_response(cs), + m_pod_sandbox_status_response(ps), + m_list_containers_response(lc), + m_runtime_name(runtime_name) {} + + grpc::Status ContainerStatus(grpc::ServerContext* context, + const ContainerStatusRequest* req, + ContainerStatusResponse* resp) { + usleep(m_delay_us); + if(CONTAINER_IDS.find(req->container_id()) == CONTAINER_IDS.end()) { + std::cout << "CONTAINER NOT FOUND\n"; + return grpc::Status( + grpc::StatusCode::NOT_FOUND, + "fake_cri does not serve this container id: " + req->container_id()); + } + resp->CopyFrom(m_container_status_response); + resp->mutable_status()->set_id(req->container_id()); + return grpc::Status::OK; + } + + grpc::Status ListContainers(grpc::ServerContext* context, + const ListContainersRequest* req, + ListContainersResponse* resp) { + usleep(m_delay_us); + resp->CopyFrom(m_list_containers_response); + return grpc::Status::OK; + } + + grpc::Status StopContainer(grpc::ServerContext* context, + const StopContainerRequest* req, + StopContainerResponse* resp) { + usleep(m_delay_us); + return grpc::Status::OK; + } + + grpc::Status PodSandboxStatus(grpc::ServerContext* context, + const PodSandboxStatusRequest* req, + PodSandboxStatusResponse* resp) { + usleep(m_delay_us); + if(POD_SANDBOX_IDS.find(req->pod_sandbox_id()) == POD_SANDBOX_IDS.end()) { + return grpc::Status( + grpc::StatusCode::NOT_FOUND, + "fake_cri does not serve this pod sandbox id: " + req->pod_sandbox_id()); + } + resp->CopyFrom(m_pod_sandbox_status_response); + resp->mutable_status()->set_id(req->pod_sandbox_id()); + return grpc::Status::OK; + } + + grpc::Status Version(grpc::ServerContext* context, + const VersionRequest* req, + VersionResponse* resp) { + resp->set_version("0.1.0"); + resp->set_runtime_name(m_runtime_name); + resp->set_runtime_version("1.1.2"); + resp->set_runtime_api_version("v1alpha2"); + return grpc::Status::OK; + } + +private: + int m_delay_us; + ContainerStatusResponse m_container_status_response; + PodSandboxStatusResponse m_pod_sandbox_status_response; + ListContainersResponse m_list_containers_response; + std::string m_runtime_name; + static const std::set CONTAINER_IDS; + static const std::set POD_SANDBOX_IDS; +}; + +// The fake cri server will only answer to these container IDs/Pod sandbox ids +const std::set FakeCRIServer::CONTAINER_IDS{ + "aec4c703604b4504df03108eef12e8256870eca8aabcb251855a35bf4f0337f1", + "aec4c703604b", + "ea457cc8202bb5684ddd4a2845ad7450ad48fb01448da5172790dcc4641757b9", + "ea457cc8202b"}; + +const std::set FakeCRIServer::POD_SANDBOX_IDS{ + "e16577158fb2003bc4d0a152dd0e2bda888235d0f131ff93390d16138c11c556", + "e16577158fb2"}; + +class FakeCRIImageServer final : public runtime::v1alpha2::ImageService::Service { +public: + FakeCRIImageServer(ListImagesResponse&& is): m_list_images_response(is) {} + + grpc::Status ListImages(grpc::ServerContext* context, + const ListImagesRequest* req, + ListImagesResponse* resp) { + resp->CopyFrom(m_list_images_response); + return grpc::Status::OK; + } + +private: + ListImagesResponse m_list_images_response; +}; + +int main(int argc, char** argv) { + google::protobuf::io::FileOutputStream pb_stdout(1); + int delay_us = 0; + + if(argc < 3) { + fprintf(stderr, + "Usage: fake_cri [--nodelay|--slow|--veryslow] listen_addr pb_file_prefix " + "[runtime_name]\n"); + return 1; + } + + if(argv[1] == std::string("--nodelay")) { + // no delay, the default + delay_us = 0; + argv++; + } else if(argv[1] == std::string("--slow")) { + // 500 ms is slow but not slow enough to trigger the timeout + delay_us = 500000; + argv++; + } else if(argv[1] == std::string("--veryslow")) { + // 1200 ms is beyond the default 1 sec timeout so queries will fail + delay_us = 1200000; + argv++; + } + + const char* addr = argv[1]; + const std::string pb_prefix(argv[2]); + const std::string runtime(argc > 3 ? argv[3] : "containerd"); + + ContainerStatusResponse cs; + { + const std::string path = pb_prefix + "_container.pb"; + int fd = open(path.c_str(), O_RDONLY); + if(fd >= 0) { + google::protobuf::io::FileInputStream fs(fd); + google::protobuf::TextFormat::Parse(&fs, &cs); + close(fd); + } else { + std::cout << "could not open file " << path << std::endl; + } + } + + PodSandboxStatusResponse ps; + { + const std::string path = pb_prefix + "_pod.pb"; + int fd = open(path.c_str(), O_RDONLY); + if(fd >= 0) { + google::protobuf::io::FileInputStream fs(fd); + google::protobuf::TextFormat::Parse(&fs, &ps); + close(fd); + } else { + std::cout << "could not open file " << path << std::endl; + } + } + + ListImagesResponse is; + { + const std::string path = pb_prefix + "_images.pb"; + int fd = open(path.c_str(), O_RDONLY); + if(fd >= 0) { + google::protobuf::io::FileInputStream fs(fd); + google::protobuf::TextFormat::Parse(&fs, &is); + close(fd); + } else { + std::cout << "could not open file " << path << std::endl; + } + } + + ListContainersResponse lc; + { + const std::string path = pb_prefix + "_listcontainers.pb"; + int fd = open(path.c_str(), O_RDONLY); + if(fd >= 0) { + google::protobuf::io::FileInputStream fs(fd); + google::protobuf::TextFormat::Parse(&fs, &lc); + close(fd); + } else { + std::cout << "could not open file " << path << std::endl; + } + } + + FakeCRIServer service(delay_us, std::move(cs), std::move(ps), std::move(lc), runtime); + FakeCRIImageServer image_service(std::move(is)); + + grpc::ServerBuilder builder; + builder.AddListeningPort(addr, grpc::InsecureServerCredentials()); + builder.RegisterService(&service); + builder.RegisterService(&image_service); + std::unique_ptr server(builder.BuildAndStart()); + server->Wait(); + + return 0; +} diff --git a/test/libsinsp_e2e/fake_cri/fake_cri_crio_container.pb b/test/libsinsp_e2e/fake_cri/fake_cri_crio_container.pb new file mode 100644 index 0000000000..9a2e72b18f --- /dev/null +++ b/test/libsinsp_e2e/fake_cri/fake_cri_crio_container.pb @@ -0,0 +1,144 @@ +status { +id: "aec4c703604b4504df03108eef12e8256870eca8aabcb251855a35bf4f0337f1" +metadata { + name: "falco", + attempt: 0 +} +state: CONTAINER_EXITED +created_at: 1549308953419092021 +started_at: 1549308953442910382 +finished_at: 0 +exit_code: 0 +image { + image: "docker.io/falcosecurity/falco:crio" +} +image_ref: "docker.io/falcosecurity/falco@sha256:5241704b37e01f7bbca0ef6a90f5034731eba85320afd2eb9e4bce7ab09165a2" +labels { + key: "io.kubernetes.container.name" + value: "falco" +} +labels { + key: "io.kubernetes.pod.name" + value: "falco-w5fbj" +} +labels { + key: "io.kubernetes.pod.namespace" + value: "default" +} +labels { + key: "io.kubernetes.pod.uid" + value: "153b7a61-28b4-11e9-afc4-16bf8ef8d9dc" +} +annotations { + key: "io.kubernetes.container.hash" + value: "9435c2ec" +} +annotations { + key: "io.kubernetes.container.restartCount" + value: "0" +} +annotations { + key: "io.kubernetes.container.terminationMessagePath" + value: "/dev/termination-log" +} +annotations { + key: "io.kubernetes.container.terminationMessagePolicy" + value: "File" +} +annotations { + key: "io.kubernetes.pod.terminationGracePeriod" + value: "5" +} +mounts { + container_path: "/dev/shm" + host_path: "/var/lib/kubelet/pods/153b7a61-28b4-11e9-afc4-16bf8ef8d9dc/volumes/kubernetes.io~empty-dir/dshm" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/host/proc" + host_path: "/proc" + readonly: true + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/host/boot" + host_path: "/boot" + readonly: true + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/etc/hosts" + host_path: "/var/lib/kubelet/pods/153b7a61-28b4-11e9-afc4-16bf8ef8d9dc/etc-hosts" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/host/usr" + host_path: "/usr" + readonly: true + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/host/run" + host_path: "/run" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/host/dev" + host_path: "/dev" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/dev/termination-log" + host_path: "/var/lib/kubelet/pods/153b7a61-28b4-11e9-afc4-16bf8ef8d9dc/containers/falco/e01754de" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/host/lib/modules" + host_path: "/lib/modules" + readonly: true + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/host/var/run" + host_path: "/run" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/opt/falco/etc/kubernetes/config" + host_path: "/var/lib/kubelet/pods/153b7a61-28b4-11e9-afc4-16bf8ef8d9dc/volumes/kubernetes.io~configmap/falco-config" + readonly: true + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/opt/falco/etc/kubernetes/secrets" + host_path: "/var/lib/kubelet/pods/153b7a61-28b4-11e9-afc4-16bf8ef8d9dc/volumes/kubernetes.io~secret/falco-secrets" + readonly: true + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/var/run/secrets/kubernetes.io/serviceaccount" + host_path: "/var/lib/kubelet/pods/153b7a61-28b4-11e9-afc4-16bf8ef8d9dc/volumes/kubernetes.io~secret/falco-token-wl4zl" + readonly: true + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +log_path: "/var/log/pods/153b7a61-28b4-11e9-afc4-16bf8ef8d9dc/-falco/0.log" +} diff --git a/test/libsinsp_e2e/fake_cri/fake_cri_crio_images.pb b/test/libsinsp_e2e/fake_cri/fake_cri_crio_images.pb new file mode 100644 index 0000000000..ba8b47f978 --- /dev/null +++ b/test/libsinsp_e2e/fake_cri/fake_cri_crio_images.pb @@ -0,0 +1,6 @@ +images { + id: "4e01602047d456fa783025a26b4b4c59b6527d304f9983fbd63b8d9a3bec53dc" + repo_tags: "docker.io/falcosecurity/falco:crio" + repo_digests: "docker.io/falcosecurity/falco@sha256:5241704b37e01f7bbca0ef6a90f5034731eba85320afd2eb9e4bce7ab09165a2" + size: 1402153176 +} diff --git a/test/libsinsp_e2e/fake_cri/fake_cri_crio_listcontainers.pb b/test/libsinsp_e2e/fake_cri/fake_cri_crio_listcontainers.pb new file mode 100644 index 0000000000..7c9bb2241d --- /dev/null +++ b/test/libsinsp_e2e/fake_cri/fake_cri_crio_listcontainers.pb @@ -0,0 +1,50 @@ +containers { +id: "ea457cc8202bb5684ddd4a2845ad7450ad48fb01448da5172790dcc4641757b9" +pod_sandbox_id: "e16577158fb2003bc4d0a152dd0e2bda888235d0f131ff93390d16138c11c556" +metadata { + name: "falco" + attempt: 0 +} +state: CONTAINER_RUNNING +created_at: 1545339739712670450 +image { + image: "docker.io/falcosecurity/falco:latest" +} +image_ref: "docker.io/falcosecurity/falco@sha256:8d0619a4da278dfe2772f75aa3cc74df0a250385de56085766035db5c9a062ed" +labels { + key: "io.kubernetes.container.name" + value: "falco" +} +labels { + key: "io.kubernetes.pod.name" + value: "falco-9bzbj" +} +labels { + key: "io.kubernetes.pod.namespace" + value: "default" +} +labels { + key: "io.kubernetes.pod.uid" + value: "893231bb-049a-11e9-9b30-0a583e8b7896" +} +annotations { + key: "io.kubernetes.container.hash" + value: "decd134" +} +annotations { + key: "io.kubernetes.container.restartCount" + value: "0" +} +annotations { + key: "io.kubernetes.container.terminationMessagePath" + value: "/dev/termination-log" +} +annotations { + key: "io.kubernetes.container.terminationMessagePolicy" + value: "File" +} +annotations { + key: "io.kubernetes.pod.terminationGracePeriod" + value: "5" +} +} diff --git a/test/libsinsp_e2e/fake_cri/fake_cri_crio_pod.pb b/test/libsinsp_e2e/fake_cri/fake_cri_crio_pod.pb new file mode 100644 index 0000000000..64f5259294 --- /dev/null +++ b/test/libsinsp_e2e/fake_cri/fake_cri_crio_pod.pb @@ -0,0 +1,63 @@ +status { +id: "e16577158fb2003bc4d0a152dd0e2bda888235d0f131ff93390d16138c11c556" +metadata { + name: "falco-w5fbj" + uid: "153b7a61-28b4-11e9-afc4-16bf8ef8d9dc" + namespace: "default" + attempt: 0 +} +state: SANDBOX_READY +created_at: 1549308953113637984 +network { + ip: "172.31.95.87" +} +linux { +namespaces { +options { + network: NODE + pid: NODE + ipc: POD +} +} +} +labels { + key: "app" + value: "falco" +} +labels { + key: "controller-revision-hash" + value: "56d6c4cf5" +} +labels { + key: "io.kubernetes.container.name" + value: "POD" +} +labels { + key: "io.kubernetes.pod.name" + value: "falco-w5fbj" +} +labels { + key: "io.kubernetes.pod.namespace" + value: "default" +} +labels { + key: "io.kubernetes.pod.uid" + value: "153b7a61-28b4-11e9-afc4-16bf8ef8d9dc" +} +labels { + key: "pod-template-generation" + value: "2" +} +annotations { + key: "kubernetes.io/config.seen" + value: "2019-02-04T19:35:52.701633172Z" +} +annotations { + key: "kubernetes.io/config.source" + value: "api" +} +} +info { + key: "version" + value: "{\"version\":\"1.26.0\"}" +} diff --git a/test/libsinsp_e2e/fake_cri/fake_cri_falco_container.pb b/test/libsinsp_e2e/fake_cri/fake_cri_falco_container.pb new file mode 100644 index 0000000000..e1e17802a0 --- /dev/null +++ b/test/libsinsp_e2e/fake_cri/fake_cri_falco_container.pb @@ -0,0 +1,141 @@ +status { +id: "ea457cc8202bb5684ddd4a2845ad7450ad48fb01448da5172790dcc4641757b9" +metadata { + name: "falco" + attempt: 0 +} +state: CONTAINER_RUNNING +created_at: 1545339739712670450 +started_at: 1545339739819661493 +finished_at: 0 +exit_code: 0 +image { + image: "docker.io/falcosecurity/falco:latest" +} +image_ref: "docker.io/falcosecurity/falco@sha256:8d0619a4da278dfe2772f75aa3cc74df0a250385de56085766035db5c9a062ed" +labels { + key: "io.kubernetes.container.name" + value: "falco" +} +labels { + key: "io.kubernetes.pod.name" + value: "falco-9bzbj" +} +labels { + key: "io.kubernetes.pod.namespace" + value: "default" +} +labels { + key: "io.kubernetes.pod.uid" + value: "893231bb-049a-11e9-9b30-0a583e8b7896" +} +annotations { + key: "io.kubernetes.container.hash" + value: "decd134" +} +annotations { + key: "io.kubernetes.container.restartCount" + value: "0" +} +annotations { + key: "io.kubernetes.container.terminationMessagePath" + value: "/dev/termination-log" +} +annotations { + key: "io.kubernetes.container.terminationMessagePolicy" + value: "File" +} +annotations { + key: "io.kubernetes.pod.terminationGracePeriod" + value: "5" +} +mounts { + container_path: "/opt/falco/bin/cointerface" + host_path: "/root/cointerface" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/host/dev" + host_path: "/dev" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/host/proc" + host_path: "/proc" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/host/boot" + host_path: "/boot" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/host/lib/modules" + host_path: "/lib/modules" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/host/usr" + host_path: "/usr" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/dev/shm" + host_path: "/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/volumes/kubernetes.io~empty-dir/dshm" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/opt/falco/etc/kubernetes/config" + host_path: "/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/volumes/kubernetes.io~configmap/falco-config" + readonly: true + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/opt/falco/etc/kubernetes/secrets" + host_path: "/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/volumes/kubernetes.io~secret/falco-secrets" + readonly: true + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/var/run/secrets/kubernetes.io/serviceaccount" + host_path: "/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/volumes/kubernetes.io~secret/falco-token-6zbgh" + readonly: true + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/etc/hosts" + host_path: "/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/etc-hosts" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +mounts { + container_path: "/dev/termination-log" + host_path: "/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/containers/falco/f26e7883" + readonly: false + selinux_relabel: false + propagation: PROPAGATION_PRIVATE +} +log_path: "/var/log/pods/893231bb-049a-11e9-9b30-0a583e8b7896/falco/0.log" +} +info { + key: "info" + value: "{\n \"sandboxID\": \"599ad631db94fef0be7722785e299ba128bd3f7f83a27dd00e4f94974eb5acfa\",\n \"pid\": 31417,\n \"removing\": false,\n \"snapshotKey\": \"ea457cc8202bb5684ddd4a2845ad7450ad48fb01448da5172790dcc4641757b9\",\n \"snapshotter\": \"overlayfs\",\n \"runtime\": {\n \"runtimeType\": \"io.containerd.runtime.v1.linux\",\n \"runtimeEngine\": \"\",\n \"runtimeRoot\": \"\"\n },\n \"config\": {\n \"metadata\": {\n \"name\": \"falco\"\n },\n \"image\": {\n \"image\": \"sha256:4bc0e14060f4263acf658387e76715bd836a13b9ba44f48465bd0633a412dbd0\"\n },\n \"envs\": [\n {\n \"key\": \"NGINX_SERVICE_PORT\",\n \"value\": \"tcp://10.98.54.136:80\"\n },\n {\n \"key\": \"NGINX_SERVICE_PORT_80_TCP_PROTO\",\n \"value\": \"tcp\"\n },\n {\n \"key\": \"NGINX_SERVICE_SERVICE_HOST\",\n \"value\": \"10.98.54.136\"\n },\n {\n \"key\": \"KUBERNETES_PORT\",\n \"value\": \"tcp://10.96.0.1:443\"\n },\n {\n \"key\": \"KUBERNETES_PORT_443_TCP_PROTO\",\n \"value\": \"tcp\"\n },\n {\n \"key\": \"NGINX_SERVICE_SERVICE_PORT\",\n \"value\": \"80\"\n },\n {\n \"key\": \"NGINX_SERVICE_PORT_80_TCP_PORT\",\n \"value\": \"80\"\n },\n {\n \"key\": \"KUBERNETES_PORT_443_TCP\",\n \"value\": \"tcp://10.96.0.1:443\"\n },\n {\n \"key\": \"KUBERNETES_PORT_443_TCP_PORT\",\n \"value\": \"443\"\n },\n {\n \"key\": \"KUBERNETES_PORT_443_TCP_ADDR\",\n \"value\": \"10.96.0.1\"\n },\n {\n \"key\": \"NGINX_SERVICE_PORT_80_TCP\",\n \"value\": \"tcp://10.98.54.136:80\"\n },\n {\n \"key\": \"NGINX_SERVICE_PORT_80_TCP_ADDR\",\n \"value\": \"10.98.54.136\"\n },\n {\n \"key\": \"KUBERNETES_SERVICE_HOST\",\n \"value\": \"10.96.0.1\"\n },\n {\n \"key\": \"KUBERNETES_SERVICE_PORT\",\n \"value\": \"443\"\n },\n {\n \"key\": \"KUBERNETES_SERVICE_PORT_HTTPS\",\n \"value\": \"443\"\n }\n ],\n \"mounts\": [\n {\n \"container_path\": \"/opt/falco/bin/cointerface\",\n \"host_path\": \"/root/cointerface\"\n },\n {\n \"container_path\": \"/host/dev\",\n \"host_path\": \"/dev\"\n },\n {\n \"container_path\": \"/host/proc\",\n \"host_path\": \"/proc\",\n \"readonly\": true\n },\n {\n \"container_path\": \"/host/boot\",\n \"host_path\": \"/boot\",\n \"readonly\": true\n },\n {\n \"container_path\": \"/host/lib/modules\",\n \"host_path\": \"/lib/modules\",\n \"readonly\": true\n },\n {\n \"container_path\": \"/host/usr\",\n \"host_path\": \"/usr\",\n \"readonly\": true\n },\n {\n \"container_path\": \"/dev/shm\",\n \"host_path\": \"/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/volumes/kubernetes.io~empty-dir/dshm\"\n },\n {\n \"container_path\": \"/opt/falco/etc/kubernetes/config\",\n \"host_path\": \"/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/volumes/kubernetes.io~configmap/falco-config\",\n \"readonly\": true\n },\n {\n \"container_path\": \"/opt/falco/etc/kubernetes/secrets\",\n \"host_path\": \"/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/volumes/kubernetes.io~secret/falco-secrets\",\n \"readonly\": true\n },\n {\n \"container_path\": \"/var/run/secrets/kubernetes.io/serviceaccount\",\n \"host_path\": \"/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/volumes/kubernetes.io~secret/falco-token-6zbgh\",\n \"readonly\": true\n },\n {\n \"container_path\": \"/etc/hosts\",\n \"host_path\": \"/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/etc-hosts\"\n },\n {\n \"container_path\": \"/dev/termination-log\",\n \"host_path\": \"/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/containers/falco/f26e7883\"\n }\n ],\n \"labels\": {\n \"io.kubernetes.container.name\": \"falco\",\n \"io.kubernetes.pod.name\": \"falco-9bzbj\",\n \"io.kubernetes.pod.namespace\": \"default\",\n \"io.kubernetes.pod.uid\": \"893231bb-049a-11e9-9b30-0a583e8b7896\"\n },\n \"annotations\": {\n \"io.kubernetes.container.hash\": \"decd134\",\n \"io.kubernetes.container.restartCount\": \"0\",\n \"io.kubernetes.container.terminationMessagePath\": \"/dev/termination-log\",\n \"io.kubernetes.container.terminationMessagePolicy\": \"File\",\n \"io.kubernetes.pod.terminationGracePeriod\": \"5\"\n },\n \"log_path\": \"falco/0.log\",\n \"linux\": {\n \"resources\": {\n \"cpu_period\": 100000,\n \"cpu_shares\": 102,\n \"memory_limit_in_bytes\": 1073741824,\n \"oom_score_adj\": 869\n },\n \"security_context\": {\n \"privileged\": true,\n \"namespace_options\": {\n \"network\": 2,\n \"pid\": 2\n },\n \"run_as_user\": {}\n }\n }\n },\n \"runtimeSpec\": {\n \"ociVersion\": \"1.0.1\",\n \"process\": {\n \"user\": {\n \"uid\": 0,\n \"gid\": 0\n },\n \"args\": [\n \"/docker-entrypoint.sh\"\n ],\n \"env\": [\n \"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\",\n \"FALCO_REPOSITORY=stable\",\n \"FALCO_BUILD_KERNEL_MODULE=1\",\n \"FALCO_LAUNCH=1\",\n \"FALCO_HOST_ROOT=/host\",\n \"HOME=/root\",\n \"NGINX_SERVICE_PORT=tcp://10.98.54.136:80\",\n \"NGINX_SERVICE_PORT_80_TCP_PROTO=tcp\",\n \"NGINX_SERVICE_SERVICE_HOST=10.98.54.136\",\n \"KUBERNETES_PORT=tcp://10.96.0.1:443\",\n \"KUBERNETES_PORT_443_TCP_PROTO=tcp\",\n \"NGINX_SERVICE_SERVICE_PORT=80\",\n \"NGINX_SERVICE_PORT_80_TCP_PORT=80\",\n \"KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443\",\n \"KUBERNETES_PORT_443_TCP_PORT=443\",\n \"KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1\",\n \"NGINX_SERVICE_PORT_80_TCP=tcp://10.98.54.136:80\",\n \"NGINX_SERVICE_PORT_80_TCP_ADDR=10.98.54.136\",\n \"KUBERNETES_SERVICE_HOST=10.96.0.1\",\n \"KUBERNETES_SERVICE_PORT=443\",\n \"KUBERNETES_SERVICE_PORT_HTTPS=443\"\n ],\n \"cwd\": \"/\",\n \"capabilities\": {\n \"bounding\": [\n \"CAP_CHOWN\",\n \"CAP_DAC_OVERRIDE\",\n \"CAP_DAC_READ_SEARCH\",\n \"CAP_FOWNER\",\n \"CAP_FSETID\",\n \"CAP_KILL\",\n \"CAP_SETGID\",\n \"CAP_SETUID\",\n \"CAP_SETPCAP\",\n \"CAP_LINUX_IMMUTABLE\",\n \"CAP_NET_BIND_SERVICE\",\n \"CAP_NET_BROADCAST\",\n \"CAP_NET_ADMIN\",\n \"CAP_NET_RAW\",\n \"CAP_IPC_LOCK\",\n \"CAP_IPC_OWNER\",\n \"CAP_SYS_MODULE\",\n \"CAP_SYS_RAWIO\",\n \"CAP_SYS_CHROOT\",\n \"CAP_SYS_PTRACE\",\n \"CAP_SYS_PACCT\",\n \"CAP_SYS_ADMIN\",\n \"CAP_SYS_BOOT\",\n \"CAP_SYS_NICE\",\n \"CAP_SYS_RESOURCE\",\n \"CAP_SYS_TIME\",\n \"CAP_SYS_TTY_CONFIG\",\n \"CAP_MKNOD\",\n \"CAP_LEASE\",\n \"CAP_AUDIT_WRITE\",\n \"CAP_AUDIT_CONTROL\",\n \"CAP_SETFCAP\",\n \"CAP_MAC_OVERRIDE\",\n \"CAP_MAC_ADMIN\",\n \"CAP_SYSLOG\",\n \"CAP_WAKE_ALARM\",\n \"CAP_BLOCK_SUSPEND\",\n \"CAP_AUDIT_READ\"\n ],\n \"effective\": [\n \"CAP_CHOWN\",\n \"CAP_DAC_OVERRIDE\",\n \"CAP_DAC_READ_SEARCH\",\n \"CAP_FOWNER\",\n \"CAP_FSETID\",\n \"CAP_KILL\",\n \"CAP_SETGID\",\n \"CAP_SETUID\",\n \"CAP_SETPCAP\",\n \"CAP_LINUX_IMMUTABLE\",\n \"CAP_NET_BIND_SERVICE\",\n \"CAP_NET_BROADCAST\",\n \"CAP_NET_ADMIN\",\n \"CAP_NET_RAW\",\n \"CAP_IPC_LOCK\",\n \"CAP_IPC_OWNER\",\n \"CAP_SYS_MODULE\",\n \"CAP_SYS_RAWIO\",\n \"CAP_SYS_CHROOT\",\n \"CAP_SYS_PTRACE\",\n \"CAP_SYS_PACCT\",\n \"CAP_SYS_ADMIN\",\n \"CAP_SYS_BOOT\",\n \"CAP_SYS_NICE\",\n \"CAP_SYS_RESOURCE\",\n \"CAP_SYS_TIME\",\n \"CAP_SYS_TTY_CONFIG\",\n \"CAP_MKNOD\",\n \"CAP_LEASE\",\n \"CAP_AUDIT_WRITE\",\n \"CAP_AUDIT_CONTROL\",\n \"CAP_SETFCAP\",\n \"CAP_MAC_OVERRIDE\",\n \"CAP_MAC_ADMIN\",\n \"CAP_SYSLOG\",\n \"CAP_WAKE_ALARM\",\n \"CAP_BLOCK_SUSPEND\",\n \"CAP_AUDIT_READ\"\n ],\n \"inheritable\": [\n \"CAP_CHOWN\",\n \"CAP_DAC_OVERRIDE\",\n \"CAP_DAC_READ_SEARCH\",\n \"CAP_FOWNER\",\n \"CAP_FSETID\",\n \"CAP_KILL\",\n \"CAP_SETGID\",\n \"CAP_SETUID\",\n \"CAP_SETPCAP\",\n \"CAP_LINUX_IMMUTABLE\",\n \"CAP_NET_BIND_SERVICE\",\n \"CAP_NET_BROADCAST\",\n \"CAP_NET_ADMIN\",\n \"CAP_NET_RAW\",\n \"CAP_IPC_LOCK\",\n \"CAP_IPC_OWNER\",\n \"CAP_SYS_MODULE\",\n \"CAP_SYS_RAWIO\",\n \"CAP_SYS_CHROOT\",\n \"CAP_SYS_PTRACE\",\n \"CAP_SYS_PACCT\",\n \"CAP_SYS_ADMIN\",\n \"CAP_SYS_BOOT\",\n \"CAP_SYS_NICE\",\n \"CAP_SYS_RESOURCE\",\n \"CAP_SYS_TIME\",\n \"CAP_SYS_TTY_CONFIG\",\n \"CAP_MKNOD\",\n \"CAP_LEASE\",\n \"CAP_AUDIT_WRITE\",\n \"CAP_AUDIT_CONTROL\",\n \"CAP_SETFCAP\",\n \"CAP_MAC_OVERRIDE\",\n \"CAP_MAC_ADMIN\",\n \"CAP_SYSLOG\",\n \"CAP_WAKE_ALARM\",\n \"CAP_BLOCK_SUSPEND\",\n \"CAP_AUDIT_READ\"\n ],\n \"permitted\": [\n \"CAP_CHOWN\",\n \"CAP_DAC_OVERRIDE\",\n \"CAP_DAC_READ_SEARCH\",\n \"CAP_FOWNER\",\n \"CAP_FSETID\",\n \"CAP_KILL\",\n \"CAP_SETGID\",\n \"CAP_SETUID\",\n \"CAP_SETPCAP\",\n \"CAP_LINUX_IMMUTABLE\",\n \"CAP_NET_BIND_SERVICE\",\n \"CAP_NET_BROADCAST\",\n \"CAP_NET_ADMIN\",\n \"CAP_NET_RAW\",\n \"CAP_IPC_LOCK\",\n \"CAP_IPC_OWNER\",\n \"CAP_SYS_MODULE\",\n \"CAP_SYS_RAWIO\",\n \"CAP_SYS_CHROOT\",\n \"CAP_SYS_PTRACE\",\n \"CAP_SYS_PACCT\",\n \"CAP_SYS_ADMIN\",\n \"CAP_SYS_BOOT\",\n \"CAP_SYS_NICE\",\n \"CAP_SYS_RESOURCE\",\n \"CAP_SYS_TIME\",\n \"CAP_SYS_TTY_CONFIG\",\n \"CAP_MKNOD\",\n \"CAP_LEASE\",\n \"CAP_AUDIT_WRITE\",\n \"CAP_AUDIT_CONTROL\",\n \"CAP_SETFCAP\",\n \"CAP_MAC_OVERRIDE\",\n \"CAP_MAC_ADMIN\",\n \"CAP_SYSLOG\",\n \"CAP_WAKE_ALARM\",\n \"CAP_BLOCK_SUSPEND\",\n \"CAP_AUDIT_READ\"\n ]\n },\n \"oomScoreAdj\": 869\n },\n \"root\": {\n \"path\": \"rootfs\"\n },\n \"mounts\": [\n {\n \"destination\": \"/proc\",\n \"type\": \"proc\",\n \"source\": \"proc\"\n },\n {\n \"destination\": \"/dev\",\n \"type\": \"tmpfs\",\n \"source\": \"tmpfs\",\n \"options\": [\n \"nosuid\",\n \"strictatime\",\n \"mode=755\",\n \"size=65536k\"\n ]\n },\n {\n \"destination\": \"/dev/pts\",\n \"type\": \"devpts\",\n \"source\": \"devpts\",\n \"options\": [\n \"nosuid\",\n \"noexec\",\n \"newinstance\",\n \"ptmxmode=0666\",\n \"mode=0620\",\n \"gid=5\"\n ]\n },\n {\n \"destination\": \"/dev/mqueue\",\n \"type\": \"mqueue\",\n \"source\": \"mqueue\",\n \"options\": [\n \"nosuid\",\n \"noexec\",\n \"nodev\"\n ]\n },\n {\n \"destination\": \"/sys\",\n \"type\": \"sysfs\",\n \"source\": \"sysfs\",\n \"options\": [\n \"nosuid\",\n \"noexec\",\n \"nodev\",\n \"rw\"\n ]\n },\n {\n \"destination\": \"/sys/fs/cgroup\",\n \"type\": \"cgroup\",\n \"source\": \"cgroup\",\n \"options\": [\n \"nosuid\",\n \"noexec\",\n \"nodev\",\n \"relatime\",\n \"rw\"\n ]\n },\n {\n \"destination\": \"/etc/resolv.conf\",\n \"type\": \"bind\",\n \"source\": \"/var/lib/containerd/io.containerd.grpc.v1.cri/sandboxes/599ad631db94fef0be7722785e299ba128bd3f7f83a27dd00e4f94974eb5acfa/resolv.conf\",\n \"options\": [\n \"rbind\",\n \"rprivate\",\n \"rw\"\n ]\n },\n {\n \"destination\": \"/opt/falco/bin/cointerface\",\n \"type\": \"bind\",\n \"source\": \"/root/cointerface\",\n \"options\": [\n \"rbind\",\n \"rprivate\",\n \"rw\"\n ]\n },\n {\n \"destination\": \"/host/dev\",\n \"type\": \"bind\",\n \"source\": \"/dev\",\n \"options\": [\n \"rbind\",\n \"rprivate\",\n \"rw\"\n ]\n },\n {\n \"destination\": \"/host/proc\",\n \"type\": \"bind\",\n \"source\": \"/proc\",\n \"options\": [\n \"rbind\",\n \"rprivate\",\n \"ro\"\n ]\n },\n {\n \"destination\": \"/host/boot\",\n \"type\": \"bind\",\n \"source\": \"/boot\",\n \"options\": [\n \"rbind\",\n \"rprivate\",\n \"ro\"\n ]\n },\n {\n \"destination\": \"/host/lib/modules\",\n \"type\": \"bind\",\n \"source\": \"/lib/modules\",\n \"options\": [\n \"rbind\",\n \"rprivate\",\n \"ro\"\n ]\n },\n {\n \"destination\": \"/host/usr\",\n \"type\": \"bind\",\n \"source\": \"/usr\",\n \"options\": [\n \"rbind\",\n \"rprivate\",\n \"ro\"\n ]\n },\n {\n \"destination\": \"/dev/shm\",\n \"type\": \"bind\",\n \"source\": \"/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/volumes/kubernetes.io~empty-dir/dshm\",\n \"options\": [\n \"rbind\",\n \"rprivate\",\n \"rw\"\n ]\n },\n {\n \"destination\": \"/opt/falco/etc/kubernetes/config\",\n \"type\": \"bind\",\n \"source\": \"/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/volumes/kubernetes.io~configmap/falco-config\",\n \"options\": [\n \"rbind\",\n \"rprivate\",\n \"ro\"\n ]\n },\n {\n \"destination\": \"/opt/falco/etc/kubernetes/secrets\",\n \"type\": \"bind\",\n \"source\": \"/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/volumes/kubernetes.io~secret/falco-secrets\",\n \"options\": [\n \"rbind\",\n \"rprivate\",\n \"ro\"\n ]\n },\n {\n \"destination\": \"/var/run/secrets/kubernetes.io/serviceaccount\",\n \"type\": \"bind\",\n \"source\": \"/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/volumes/kubernetes.io~secret/falco-token-6zbgh\",\n \"options\": [\n \"rbind\",\n \"rprivate\",\n \"ro\"\n ]\n },\n {\n \"destination\": \"/etc/hosts\",\n \"type\": \"bind\",\n \"source\": \"/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/etc-hosts\",\n \"options\": [\n \"rbind\",\n \"rprivate\",\n \"rw\"\n ]\n },\n {\n \"destination\": \"/dev/termination-log\",\n \"type\": \"bind\",\n \"source\": \"/var/lib/kubelet/pods/893231bb-049a-11e9-9b30-0a583e8b7896/containers/falco/f26e7883\",\n \"options\": [\n \"rbind\",\n \"rprivate\",\n \"rw\"\n ]\n }\n ],\n \"annotations\": {\n \"io.kubernetes.cri.container-type\": \"container\",\n \"io.kubernetes.cri.sandbox-id\": \"599ad631db94fef0be7722785e299ba128bd3f7f83a27dd00e4f94974eb5acfa\"\n },\n \"linux\": {\n \"resources\": {\n \"devices\": [\n {\n \"allow\": true,\n \"access\": \"rwm\"\n }\n ],\n \"memory\": {\n \"limit\": 1073741824\n },\n \"cpu\": {\n \"shares\": 102,\n \"quota\": 0,\n \"period\": 100000\n }\n },\n \"cgroupsPath\": \"/kubepods/burstable/pod893231bb-049a-11e9-9b30-0a583e8b7896/ea457cc8202bb5684ddd4a2845ad7450ad48fb01448da5172790dcc4641757b9\",\n \"namespaces\": [\n {\n \"type\": \"pid\",\n \"path\": \"/proc/31353/ns/pid\"\n },\n {\n \"type\": \"ipc\",\n \"path\": \"/proc/31353/ns/ipc\"\n },\n {\n \"type\": \"uts\",\n \"path\": \"/proc/31353/ns/uts\"\n },\n {\n \"type\": \"mount\"\n },\n {\n \"type\": \"network\",\n \"path\": \"/proc/31353/ns/net\"\n }\n ],\n \"devices\": [\n {\n \"path\": \"/dev/autofs\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 235,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/btrfs-control\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 234,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/cpu_dma_latency\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 59,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/ecryptfs\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 61,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/full\",\n \"type\": \"c\",\n \"major\": 1,\n \"minor\": 7,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/fuse\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 229,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/hpet\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 228,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/hwrng\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 183,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/input/event0\",\n \"type\": \"c\",\n \"major\": 13,\n \"minor\": 64,\n \"uid\": 0,\n \"gid\": 106\n },\n {\n \"path\": \"/dev/input/event1\",\n \"type\": \"c\",\n \"major\": 13,\n \"minor\": 65,\n \"uid\": 0,\n \"gid\": 106\n },\n {\n \"path\": \"/dev/input/event2\",\n \"type\": \"c\",\n \"major\": 13,\n \"minor\": 66,\n \"uid\": 0,\n \"gid\": 106\n },\n {\n \"path\": \"/dev/input/mice\",\n \"type\": \"c\",\n \"major\": 13,\n \"minor\": 63,\n \"uid\": 0,\n \"gid\": 106\n },\n {\n \"path\": \"/dev/kmsg\",\n \"type\": \"c\",\n \"major\": 1,\n \"minor\": 11,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/lightnvm/control\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 60,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/loop-control\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 237,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/loop0\",\n \"type\": \"b\",\n \"major\": 7,\n \"minor\": 0,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/loop1\",\n \"type\": \"b\",\n \"major\": 7,\n \"minor\": 1,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/loop2\",\n \"type\": \"b\",\n \"major\": 7,\n \"minor\": 2,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/loop3\",\n \"type\": \"b\",\n \"major\": 7,\n \"minor\": 3,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/loop4\",\n \"type\": \"b\",\n \"major\": 7,\n \"minor\": 4,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/loop5\",\n \"type\": \"b\",\n \"major\": 7,\n \"minor\": 5,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/loop6\",\n \"type\": \"b\",\n \"major\": 7,\n \"minor\": 6,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/loop7\",\n \"type\": \"b\",\n \"major\": 7,\n \"minor\": 7,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/mapper/control\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 236,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/mcelog\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 227,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/mem\",\n \"type\": \"c\",\n \"major\": 1,\n \"minor\": 1,\n \"uid\": 0,\n \"gid\": 15\n },\n {\n \"path\": \"/dev/memory_bandwidth\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 56,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/net/tun\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 200,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/network_latency\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 58,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/network_throughput\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 57,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/null\",\n \"type\": \"c\",\n \"major\": 1,\n \"minor\": 3,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/nvme0\",\n \"type\": \"c\",\n \"major\": 248,\n \"minor\": 0,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/nvme0n1\",\n \"type\": \"b\",\n \"major\": 259,\n \"minor\": 0,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/nvme0n1p1\",\n \"type\": \"b\",\n \"major\": 259,\n \"minor\": 1,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/port\",\n \"type\": \"c\",\n \"major\": 1,\n \"minor\": 4,\n \"uid\": 0,\n \"gid\": 15\n },\n {\n \"path\": \"/dev/ppp\",\n \"type\": \"c\",\n \"major\": 108,\n \"minor\": 0,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/psaux\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 1,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/ptmx\",\n \"type\": \"c\",\n \"major\": 5,\n \"minor\": 2,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/ram0\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 0,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram1\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 1,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram10\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 10,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram11\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 11,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram12\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 12,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram13\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 13,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram14\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 14,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram15\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 15,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram2\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 2,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram3\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 3,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram4\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 4,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram5\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 5,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram6\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 6,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram7\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 7,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram8\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 8,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/ram9\",\n \"type\": \"b\",\n \"major\": 1,\n \"minor\": 9,\n \"uid\": 0,\n \"gid\": 6\n },\n {\n \"path\": \"/dev/random\",\n \"type\": \"c\",\n \"major\": 1,\n \"minor\": 8,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/rfkill\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 62,\n \"uid\": 0,\n \"gid\": 109\n },\n {\n \"path\": \"/dev/rtc0\",\n \"type\": \"c\",\n \"major\": 251,\n \"minor\": 0,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/snapshot\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 231,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/scap0\",\n \"type\": \"c\",\n \"major\": 246,\n \"minor\": 0,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/scap1\",\n \"type\": \"c\",\n \"major\": 246,\n \"minor\": 1,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/tty\",\n \"type\": \"c\",\n \"major\": 5,\n \"minor\": 0,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty0\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 0,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty1\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 1,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty10\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 10,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty11\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 11,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty12\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 12,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty13\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 13,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty14\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 14,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty15\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 15,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty16\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 16,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty17\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 17,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty18\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 18,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty19\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 19,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty2\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 2,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty20\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 20,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty21\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 21,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty22\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 22,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty23\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 23,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty24\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 24,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty25\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 25,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty26\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 26,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty27\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 27,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty28\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 28,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty29\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 29,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty3\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 3,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty30\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 30,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty31\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 31,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty32\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 32,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty33\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 33,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty34\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 34,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty35\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 35,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty36\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 36,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty37\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 37,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty38\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 38,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty39\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 39,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty4\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 4,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty40\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 40,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty41\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 41,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty42\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 42,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty43\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 43,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty44\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 44,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty45\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 45,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty46\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 46,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty47\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 47,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty48\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 48,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty49\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 49,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty5\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 5,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty50\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 50,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty51\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 51,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty52\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 52,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty53\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 53,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty54\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 54,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty55\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 55,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty56\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 56,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty57\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 57,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty58\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 58,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty59\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 59,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty6\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 6,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty60\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 60,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty61\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 61,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty62\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 62,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty63\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 63,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty7\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 7,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty8\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 8,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/tty9\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 9,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/ttyS0\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 64,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/ttyS1\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 65,\n \"uid\": 0,\n \"gid\": 20\n },\n {\n \"path\": \"/dev/ttyS2\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 66,\n \"uid\": 0,\n \"gid\": 20\n },\n {\n \"path\": \"/dev/ttyS3\",\n \"type\": \"c\",\n \"major\": 4,\n \"minor\": 67,\n \"uid\": 0,\n \"gid\": 20\n },\n {\n \"path\": \"/dev/ttyprintk\",\n \"type\": \"c\",\n \"major\": 5,\n \"minor\": 3,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/uinput\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 223,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/urandom\",\n \"type\": \"c\",\n \"major\": 1,\n \"minor\": 9,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/vcs\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 0,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vcs1\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 1,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vcs2\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 2,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vcs3\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 3,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vcs4\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 4,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vcs5\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 5,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vcs6\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 6,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vcsa\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 128,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vcsa1\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 129,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vcsa2\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 130,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vcsa3\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 131,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vcsa4\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 132,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vcsa5\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 133,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vcsa6\",\n \"type\": \"c\",\n \"major\": 7,\n \"minor\": 134,\n \"uid\": 0,\n \"gid\": 5\n },\n {\n \"path\": \"/dev/vga_arbiter\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 63,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/vhost-net\",\n \"type\": \"c\",\n \"major\": 10,\n \"minor\": 238,\n \"uid\": 0,\n \"gid\": 0\n },\n {\n \"path\": \"/dev/zero\",\n \"type\": \"c\",\n \"major\": 1,\n \"minor\": 5,\n \"uid\": 0,\n \"gid\": 0\n }\n ]\n }\n }\n}" +} diff --git a/test/libsinsp_e2e/fake_cri/fake_cri_falco_images.pb b/test/libsinsp_e2e/fake_cri/fake_cri_falco_images.pb new file mode 100644 index 0000000000..b6fc82cf22 --- /dev/null +++ b/test/libsinsp_e2e/fake_cri/fake_cri_falco_images.pb @@ -0,0 +1,6 @@ +images { + id: "4bc0e14060f4263acf658387e76715bd836a13b9ba44f48465bd0633a412dbd0" + repo_tags: "docker.io/falcosecurity/falco:latest" + repo_digests: "docker.io/falcosecurity/falco@sha256:8d0619a4da278dfe2772f75aa3cc74df0a250385de56085766035db5c9a062ed" + size: 1402153176 +} diff --git a/test/libsinsp_e2e/fake_cri/fake_cri_falco_listcontainers.pb b/test/libsinsp_e2e/fake_cri/fake_cri_falco_listcontainers.pb new file mode 100644 index 0000000000..7cb4cad99e --- /dev/null +++ b/test/libsinsp_e2e/fake_cri/fake_cri_falco_listcontainers.pb @@ -0,0 +1,50 @@ +containers { +id: "ea457cc8202bb5684ddd4a2845ad7450ad48fb01448da5172790dcc4641757b9" +pod_sandbox_id: "599ad631db94fef0be7722785e299ba128bd3f7f83a27dd00e4f94974eb5acfa" +metadata { + name: "falco" + attempt: 0 +} +state: CONTAINER_RUNNING +created_at: 1545339739712670450 +image { + image: "docker.io/falcosecurity/falco:latest" +} +image_ref: "docker.io/falcosecurity/falco@sha256:8d0619a4da278dfe2772f75aa3cc74df0a250385de56085766035db5c9a062ed" +labels { + key: "io.kubernetes.container.name" + value: "falco" +} +labels { + key: "io.kubernetes.pod.name" + value: "falco-9bzbj" +} +labels { + key: "io.kubernetes.pod.namespace" + value: "default" +} +labels { + key: "io.kubernetes.pod.uid" + value: "893231bb-049a-11e9-9b30-0a583e8b7896" +} +annotations { + key: "io.kubernetes.container.hash" + value: "decd134" +} +annotations { + key: "io.kubernetes.container.restartCount" + value: "0" +} +annotations { + key: "io.kubernetes.container.terminationMessagePath" + value: "/dev/termination-log" +} +annotations { + key: "io.kubernetes.container.terminationMessagePolicy" + value: "File" +} +annotations { + key: "io.kubernetes.pod.terminationGracePeriod" + value: "5" +} +} diff --git a/test/libsinsp_e2e/fake_cri/fake_cri_falco_pod.pb b/test/libsinsp_e2e/fake_cri/fake_cri_falco_pod.pb new file mode 100644 index 0000000000..27c0a020e9 --- /dev/null +++ b/test/libsinsp_e2e/fake_cri/fake_cri_falco_pod.pb @@ -0,0 +1,58 @@ +status { +metadata { + name: "falco-9bzbj" + uid: "893231bb-049a-11e9-9b30-0a583e8b7896" + namespace: "default", + attempt: 0 +} +state: SANDBOX_READY +created_at: 1545339738831266021 +network { + ip: "" +} +linux { +namespaces { +options { + network: NODE, + pid: NODE, + ipc: POD +} +} +} +labels { + key: "app" + value: "falco" +} +labels { + key: "controller-revision-hash" + value: "b5944cc84" +} +labels { + key: "io.kubernetes.pod.name" + value: "falco-9bzbj" +} +labels { + key: "io.kubernetes.pod.namespace" + value: "default" +} +labels { + key: "io.kubernetes.pod.uid" + value: "893231bb-049a-11e9-9b30-0a583e8b7896" +} +labels { + key: "pod-template-generation" + value: "1" +} +annotations { + key: "kubernetes.io/config.seen" + value: "2018-12-20T21:02:18.502551218Z" +} +annotations { + key: "kubernetes.io/config.source" + value: "api" +} +} +info { + key: "info" + value: "{\"pid\":31353, \"processStatus\":\"running\", \"netNamespaceClosed\":false, \"image\":\"k8s.gcr.io/pause:3.1\", \"snapshotKey\":\"599ad631db94fef0be7722785e299ba128bd3f7f83a27dd00e4f94974eb5acfa\", \"snapshotter\":\"overlayfs\", \"runtime\":{\"runtimeType\":\"io.containerd.runtime.v1.linux\", \"runtimeEngine\":\"\", \"runtimeRoot\":\"\"}, \"config\":{\"metadata\":{\"name\":\"falco-9bzbj\", \"uid\":\"893231bb-049a-11e9-9b30-0a583e8b7896\", \"namespace\":\"default\"}, \"log_directory\":\"/var/log/pods/893231bb-049a-11e9-9b30-0a583e8b7896\", \"dns_config\":{\"servers\":[\"10.96.0.10\"], \"searches\":[\"default.svc.cluster.local\", \"svc.cluster.local\", \"cluster.local\", \"us-east-2.compute.internal\"], \"options\":[\"ndots:5\"]}, \"labels\":{\"app\":\"falco\", \"controller-revision-hash\":\"b5944cc84\", \"io.kubernetes.pod.name\":\"falco-9bzbj\", \"io.kubernetes.pod.namespace\":\"default\", \"io.kubernetes.pod.uid\":\"893231bb-049a-11e9-9b30-0a583e8b7896\", \"pod-template-generation\":\"1\"}, \"annotations\":{\"kubernetes.io/config.seen\":\"2018-12-20T21:02:18.502551218Z\", \"kubernetes.io/config.source\":\"api\"}, \"linux\":{\"cgroup_parent\":\"/kubepods/burstable/pod893231bb-049a-11e9-9b30-0a583e8b7896\", \"security_context\":{\"namespace_options\":{\"network\":2, \"pid\":2}, \"privileged\":true}}}, \"runtimeSpec\":{\"ociVersion\":\"1.0.1\", \"process\":{\"user\":{\"uid\":0, \"gid\":0}, \"args\":[\"/pause\"], \"env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"], \"cwd\":\"/\", \"capabilities\":{\"bounding\":[\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"], \"effective\":[\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"], \"inheritable\":[\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"], \"permitted\":[\"CAP_CHOWN\", \"CAP_DAC_OVERRIDE\", \"CAP_FSETID\", \"CAP_FOWNER\", \"CAP_MKNOD\", \"CAP_NET_RAW\", \"CAP_SETGID\", \"CAP_SETUID\", \"CAP_SETFCAP\", \"CAP_SETPCAP\", \"CAP_NET_BIND_SERVICE\", \"CAP_SYS_CHROOT\", \"CAP_KILL\", \"CAP_AUDIT_WRITE\"]}, \"noNewPrivileges\":true, \"oomScoreAdj\":-998}, \"root\":{\"path\":\"rootfs\", \"readonly\":true}, \"mounts\":[{\"destination\":\"/proc\", \"type\":\"proc\", \"source\":\"proc\"}, {\"destination\":\"/dev\", \"type\":\"tmpfs\", \"source\":\"tmpfs\", \"options\":[\"nosuid\", \"strictatime\", \"mode=755\", \"size=65536k\"]}, {\"destination\":\"/dev/pts\", \"type\":\"devpts\", \"source\":\"devpts\", \"options\":[\"nosuid\", \"noexec\", \"newinstance\", \"ptmxmode=0666\", \"mode=0620\", \"gid=5\"]}, {\"destination\":\"/dev/mqueue\", \"type\":\"mqueue\", \"source\":\"mqueue\", \"options\":[\"nosuid\", \"noexec\", \"nodev\"]}, {\"destination\":\"/sys\", \"type\":\"sysfs\", \"source\":\"sysfs\", \"options\":[\"nosuid\", \"noexec\", \"nodev\", \"ro\"]}, {\"destination\":\"/dev/shm\", \"type\":\"bind\", \"source\":\"/run/containerd/io.containerd.grpc.v1.cri/sandboxes/599ad631db94fef0be7722785e299ba128bd3f7f83a27dd00e4f94974eb5acfa/shm\", \"options\":[\"rbind\", \"ro\"]}], \"annotations\":{\"io.kubernetes.cri.container-type\":\"sandbox\", \"io.kubernetes.cri.sandbox-id\":\"599ad631db94fef0be7722785e299ba128bd3f7f83a27dd00e4f94974eb5acfa\"}, \"linux\":{\"resources\":{\"devices\":[{\"allow\":false, \"access\":\"rwm\"}], \"cpu\":{\"shares\":2}}, \"cgroupsPath\":\"/kubepods/burstable/pod893231bb-049a-11e9-9b30-0a583e8b7896/599ad631db94fef0be7722785e299ba128bd3f7f83a27dd00e4f94974eb5acfa\", \"namespaces\":[{\"type\":\"ipc\"}, {\"type\":\"uts\"}, {\"type\":\"mount\"}], \"maskedPaths\":[\"/proc/acpi\", \"/proc/kcore\", \"/proc/keys\", \"/proc/latency_stats\", \"/proc/timer_list\", \"/proc/timer_stats\", \"/proc/sched_debug\", \"/sys/firmware\", \"/proc/scsi\"], \"readonlyPaths\":[\"/proc/asound\", \"/proc/bus\", \"/proc/fs\", \"/proc/irq\", \"/proc/sys\", \"/proc/sysrq-trigger\"]}}}" +} diff --git a/test/libsinsp_e2e/resources/fake_docker.py b/test/libsinsp_e2e/resources/fake_docker.py new file mode 100755 index 0000000000..6c1e8809e2 --- /dev/null +++ b/test/libsinsp_e2e/resources/fake_docker.py @@ -0,0 +1,283 @@ +#!/usr/bin/env python3 + +import socketserver +import os +import re +import socket +import sys +import time +from http.server import HTTPServer, BaseHTTPRequestHandler + + +DELAY = 0.0 +CONTAINER_JSON = '''{ + "Id": "CONTAINER_ID", + "Created": "2019-01-14T16:42:46.980332855Z", + "Path": "nginx", + "Args": [ + "-g", + "daemon off;" + ], + "State": { + "Status": "running", + "Running": true, + "Paused": false, + "Restarting": false, + "OOMKilled": false, + "Dead": false, + "Pid": 6892, + "ExitCode": 0, + "Error": "", + "StartedAt": "2019-07-04T15:14:21.106678691Z", + "FinishedAt": "2019-06-24T14:45:06.735210924Z" + }, + "Image": "sha256:568c4670fa800978e08e4a51132b995a54f8d5ae83ca133ef5546d092b864acf", + "ResolvConfPath": "/var/lib/docker/containers/CONTAINER_ID/resolv.conf", + "HostnamePath": "/var/lib/docker/containers/CONTAINER_ID/hostname", + "HostsPath": "/var/lib/docker/containers/CONTAINER_ID/hosts", + "LogPath": "/var/lib/docker/containers/CONTAINER_ID/CONTAINER_ID-json.log", + "Name": "/nginx", + "RestartCount": 0, + "Driver": "overlay2", + "Platform": "linux", + "MountLabel": "", + "ProcessLabel": "", + "AppArmorProfile": "docker-default", + "ExecIDs": null, + "HostConfig": { + "Binds": null, + "ContainerIDFile": "", + "LogConfig": { + "Type": "json-file", + "Config": {} + }, + "NetworkMode": "default", + "PortBindings": {}, + "RestartPolicy": { + "Name": "no", + "MaximumRetryCount": 0 + }, + "AutoRemove": false, + "VolumeDriver": "", + "VolumesFrom": null, + "CapAdd": null, + "CapDrop": null, + "Dns": [], + "DnsOptions": [], + "DnsSearch": [], + "ExtraHosts": null, + "GroupAdd": null, + "IpcMode": "shareable", + "Cgroup": "", + "Links": null, + "OomScoreAdj": 0, + "PidMode": "", + "Privileged": false, + "PublishAllPorts": false, + "ReadonlyRootfs": false, + "SecurityOpt": null, + "UTSMode": "", + "UsernsMode": "", + "ShmSize": 67108864, + "Runtime": "runc", + "ConsoleSize": [ + 0, + 0 + ], + "Isolation": "", + "CpuShares": 0, + "Memory": 0, + "NanoCpus": 1000000000, + "CgroupParent": "", + "BlkioWeight": 0, + "BlkioWeightDevice": [], + "BlkioDeviceReadBps": null, + "BlkioDeviceWriteBps": null, + "BlkioDeviceReadIOps": null, + "BlkioDeviceWriteIOps": null, + "CpuPeriod": 0, + "CpuQuota": 0, + "CpuRealtimePeriod": 0, + "CpuRealtimeRuntime": 0, + "CpusetCpus": "", + "CpusetMems": "", + "Devices": [], + "DeviceCgroupRules": null, + "DiskQuota": 0, + "KernelMemory": 0, + "MemoryReservation": 0, + "MemorySwap": 0, + "MemorySwappiness": null, + "OomKillDisable": false, + "PidsLimit": 0, + "Ulimits": null, + "CpuCount": 0, + "CpuPercent": 0, + "IOMaximumIOps": 0, + "IOMaximumBandwidth": 0, + "MaskedPaths": [ + "/proc/acpi", + "/proc/kcore", + "/proc/keys", + "/proc/latency_stats", + "/proc/timer_list", + "/proc/timer_stats", + "/proc/sched_debug", + "/proc/scsi", + "/sys/firmware" + ], + "ReadonlyPaths": [ + "/proc/asound", + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger" + ] + }, + "GraphDriver": { + "Data": { + "LowerDir": "/var/lib/docker/overlay2/5284854b193a34c17b13fb545c36dff28edce5643a93f19ad40147a667dd0f58-init/diff:/var/lib/docker/overlay2/19c870f9c69f36e320db5da254282fe84260abf1af9b85eab226450a0e74dfe5/diff:/var/lib/docker/overlay2/9ebfada4bda894ff1bc7e22c07d0590128f59e36abac32963372cf1faa50bd21/diff:/var/lib/docker/overlay2/172e9582199ef0bb9de43451eb95f0d1901625a18af7351e1909aca8d1a7cd37/diff", + "MergedDir": "/var/lib/docker/overlay2/5284854b193a34c17b13fb545c36dff28edce5643a93f19ad40147a667dd0f58/merged", + "UpperDir": "/var/lib/docker/overlay2/5284854b193a34c17b13fb545c36dff28edce5643a93f19ad40147a667dd0f58/diff", + "WorkDir": "/var/lib/docker/overlay2/5284854b193a34c17b13fb545c36dff28edce5643a93f19ad40147a667dd0f58/work" + }, + "Name": "overlay2" + }, + "Mounts": [], + "Config": { + "Hostname": "7951fb549ab9", + "Domainname": "", + "User": "", + "AttachStdin": false, + "AttachStdout": true, + "AttachStderr": true, + "ExposedPorts": { + "80/tcp": {} + }, + "Tty": false, + "OpenStdin": false, + "StdinOnce": false, + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "NGINX_VERSION=1.15.7-1~stretch", + "NJS_VERSION=1.15.7.0.2.6-1~stretch" + ], + "Cmd": [ + "nginx", + "-g", + "daemon off;" + ], + "ArgsEscaped": true, + "Image": "nginx", + "Volumes": null, + "WorkingDir": "", + "Entrypoint": null, + "OnBuild": null, + "Labels": { + "maintainer": "NGINX Docker Maintainers " + }, + "StopSignal": "SIGTERM" + }, + "NetworkSettings": { + "Bridge": "", + "SandboxID": "7ed54ba097dd40da1bfa11a7ab1add815f9289407037f0971c5b487c279a3da7", + "HairpinMode": false, + "LinkLocalIPv6Address": "", + "LinkLocalIPv6PrefixLen": 0, + "Ports": { + "80/tcp": null + }, + "SandboxKey": "/var/run/docker/netns/7ed54ba097dd", + "SecondaryIPAddresses": null, + "SecondaryIPv6Addresses": null, + "EndpointID": "1316e3ef1748bc5dd0771fd2b2736cc9cbd612096b03685180a839f750bc17e7", + "Gateway": "172.17.0.1", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "IPAddress": "172.17.0.2", + "IPPrefixLen": 16, + "IPv6Gateway": "", + "MacAddress": "02:42:ac:11:00:02", + "Networks": { + "bridge": { + "IPAMConfig": null, + "Links": null, + "Aliases": null, + "NetworkID": "ed370a609b530f9c5560561d37fcec6a0d444ba2ed5e85d9bda66c8e36fbb210", + "EndpointID": "1316e3ef1748bc5dd0771fd2b2736cc9cbd612096b03685180a839f750bc17e7", + "Gateway": "172.17.0.1", + "IPAddress": "172.17.0.2", + "IPPrefixLen": 16, + "IPv6Gateway": "", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "MacAddress": "02:42:ac:11:00:02", + "DriverOpts": null + } + } + } +} +''' + +CONTAINER_REQUEST = re.compile('^(?:/v1.[0-9]*)?/containers/([0-9a-f]+)/json') + +class FakeDockerHTTPHandler(BaseHTTPRequestHandler): + + def _send_response(self, resp): + resp_bytes = resp.encode('utf-8') # Convert to bytes + self.send_header('Content-Length', len(resp_bytes)) + self.send_header('Connection', 'close') + self.end_headers() + self.wfile.write(resp_bytes) + + def do_GET(self): + matches = CONTAINER_REQUEST.match(self.path) + if matches: + if DELAY < 0: + time.sleep(-DELAY) + self.send_response(404) + self._send_response('Not found\n') + else: + time.sleep(DELAY) + self.send_response(200) + self.send_header('Content-type', 'application/json') + resp = CONTAINER_JSON.replace('CONTAINER_ID', matches.group(1)) + self._send_response(resp) + else: + self.send_response(404) + self.send_header('Content-type', 'text/plain') + self._send_response('Not found\n') + + +class UnixHTTPServer(HTTPServer): + address_family = socket.AF_UNIX + + def server_bind(self): + socketserver.TCPServer.server_bind(self) + self.server_name = 'localhost' + self.server_port = 0 + + def get_request(self): + request, client_address = HTTPServer.get_request(self) + return request, ['local', 0] + + +if __name__ == '__main__': + try: + DELAY = float(sys.argv[1]) + except Exception: + pass + + try: + socket_path = sys.argv[2] + except Exception: + socket_path = '/tmp/http.socket' + + try: + os.unlink(socket_path) + except Exception: + pass + + server = UnixHTTPServer(socket_path, FakeDockerHTTPHandler) + server.serve_forever() diff --git a/test/libsinsp_e2e/subprocess.cpp b/test/libsinsp_e2e/subprocess.cpp index c40be2745f..73dda94848 100644 --- a/test/libsinsp_e2e/subprocess.cpp +++ b/test/libsinsp_e2e/subprocess.cpp @@ -81,6 +81,14 @@ void subprocess::wait_for_start() { } } +void subprocess::kill() { + ::kill(m_pid, SIGKILL); +} + +bool subprocess::is_alive() { + return getpgid(m_pid) != 0; +} + pid_t subprocess::get_pid() { return m_pid; } diff --git a/test/libsinsp_e2e/subprocess.h b/test/libsinsp_e2e/subprocess.h index 27570748e0..1bb845fd26 100644 --- a/test/libsinsp_e2e/subprocess.h +++ b/test/libsinsp_e2e/subprocess.h @@ -38,6 +38,8 @@ class subprocess { ~subprocess(); void wait_for_start(); + void kill(); + bool is_alive(); int wait(); pid_t get_pid(); diff --git a/test/libsinsp_e2e/sys_call_test.cpp b/test/libsinsp_e2e/sys_call_test.cpp index 558668c039..1e3522e555 100644 --- a/test/libsinsp_e2e/sys_call_test.cpp +++ b/test/libsinsp_e2e/sys_call_test.cpp @@ -1357,13 +1357,15 @@ TEST_F(sys_call_test, getsetresuid_and_gid) { ret = system("groupdel testsetresgid"); usleep(200); + const pid_t self = getpid(); + // // FILTER // event_filter_t filter = [&](sinsp_evt* evt) { auto type = evt->get_type(); auto tinfo = evt->get_thread_info(true); - return tinfo->m_comm != "sudo" && + return tinfo->m_comm != "sudo" && tinfo->m_pid == self && (type == PPME_USER_ADDED_E || type == PPME_USER_ADDED_X || type == PPME_GROUP_ADDED_E || type == PPME_GROUP_ADDED_X || type == PPME_SYSCALL_GETRESUID_E || type == PPME_SYSCALL_GETRESUID_X || @@ -1461,6 +1463,10 @@ TEST_F(sys_call_test, getsetresuid_and_gid) { result += setresuid(orig_uids[0], orig_uids[1], orig_uids[2]); result += setresgid(orig_gids[0], orig_gids[1], orig_gids[2]); + // Clean environment + result += system("userdel testsetresuid"); + result += system("groupdel testsetresgid"); + if(result != 0) { FAIL() << "Cannot restore initial id state."; } diff --git a/test/libsinsp_e2e/test_helper.cpp b/test/libsinsp_e2e/test_helper.cpp index d6d35be6c8..a6d9024331 100644 --- a/test/libsinsp_e2e/test_helper.cpp +++ b/test/libsinsp_e2e/test_helper.cpp @@ -18,8 +18,6 @@ limitations under the License. #include #include -#include -#include #include #include #include @@ -30,6 +28,9 @@ limitations under the License. #include #include +#include +#include +#include #include #include #include @@ -52,6 +53,19 @@ limitations under the License. using namespace std; +bool is_cgroupv2_mounted() { + constexpr const char* mounts_file = "/proc/mounts"; + constexpr const char cgroup_v2_prefix[] = "cgroup2 "; + std::ifstream mounts_file_handle(mounts_file); + std::string line; + while(std::getline(mounts_file_handle, line)) { + if(line.rfind(cgroup_v2_prefix, 0) == 0) { + return true; + } + } + return false; +} + void proc_mgmt(const vector& args) { auto filename = args.at(0).c_str(); static const char DATA[] = "ABCDEFGHI"; @@ -307,7 +321,12 @@ void pgid_test(const vector& args) { } bool custom_container_set_cgroup() { - string cpu_cgroup = "/sys/fs/cgroup/cpu/custom_container_foo"; + std::string cpu_cgroup; + if(is_cgroupv2_mounted()) { + cpu_cgroup = "/sys/fs/cgroup/system.slice/custom_container_foo"; + } else { + cpu_cgroup = "/sys/fs/cgroup/cpu/custom_container_foo"; + } struct stat s; if(stat(cpu_cgroup.c_str(), &s) < 0) { @@ -533,9 +552,16 @@ void custom_container(const vector& args) { } bool cri_container_set_cgroup() { - string cpu_cgroup = - "/sys/fs/cgroup/cpu/docker/" - "aec4c703604b4504df03108eef12e8256870eca8aabcb251855a35bf4f0337f1"; + std::string cpu_cgroup; + if(is_cgroupv2_mounted()) { + cpu_cgroup = + "/sys/fs/cgroup/system.slice/" + "aec4c703604b4504df03108eef12e8256870eca8aabcb251855a35bf4f0337f1"; + } else { + cpu_cgroup = + "/sys/fs/cgroup/cpu/docker/" + "aec4c703604b4504df03108eef12e8256870eca8aabcb251855a35bf4f0337f1"; + } struct stat s; if(stat(cpu_cgroup.c_str(), &s) < 0) {