proc_reader: handle in_init_tree #3338
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
will-isovalent
added
the
release-note/bug
will-isovalent
force-pushed
the
pr/will/in-init-tree-procfs
branch
8 times, most recently
from
2358040 to
a03cd85
Compare
|
@tixxdz pulling you in for review for the changes in the third patch. |
michi-covalent
approved these changes
Jan 24, 2025
olsajiri
reviewed
Jan 25, 2025
tixxdz
approved these changes
Jan 27, 2025
There was a problem hiding this comment.
LGTM, see also Jiri comments! much appreciated @will-isovalent
A subsequent commit in this series needs to user observertesthelper's docker-related helpers in a test, but that creates an import cycle. Resolve the import cycle by moving docker-related helpers into a separate package and maintain backward compatibility by introducing deprecated stubs in observertesthelper that call into that new package. Signed-off-by: William Findlay <[email protected]>
Recently we introduced the in_init_tree flag into execve map values to indicate whether a process is a member of the initial process tree for a container. This worked well for containers started after Tetragon, but broke for cases where the container was started before Tetragon, since our procfs walk did not account for the in_init_tree flag. Fix this behaviour by introducing logic in the procfs walk to account for this. Signed-off-by: William Findlay <[email protected]>
In our CI environment, docker cgroups do not contain the key word docker. This caused the procfs walker to fail to identify the container ID's of docker container processes started before Tetragon. Add some naive logic to fall back to so that we can handle this case. Signed-off-by: William Findlay <[email protected]>
will-isovalent
force-pushed
the
pr/will/in-init-tree-procfs
branch
from
a03cd85 to
df89bd1
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Recently we introduced the in_init_tree flag into execve map values to indicate whether
a process is a member of the initial process tree for a container. This worked well for
containers started after Tetragon, but broke for cases where the container was started
before Tetragon, since our procfs walk did not account for the in_init_tree flag. Fix this
behaviour by introducing logic in the procfs walk to account for this.