From 15d1626e2c1ab5fccd5ac47726f6107fc2aa99e7 Mon Sep 17 00:00:00 2001
From: Federico Di Pierro <nierro92@gmail.com>
Date: Tue, 7 May 2024 15:40:31 +0200
Subject: [PATCH 1/3] fix(userspace/libsinsp): enable podman container engine
 when running in capture mode.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
---
 userspace/libsinsp/container_engine/docker/podman.cpp | 10 ++++++++--
 userspace/libsinsp/container_engine/docker/podman.h   |  2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/userspace/libsinsp/container_engine/docker/podman.cpp b/userspace/libsinsp/container_engine/docker/podman.cpp
index e084de6fba..6a4759037b 100644
--- a/userspace/libsinsp/container_engine/docker/podman.cpp
+++ b/userspace/libsinsp/container_engine/docker/podman.cpp
@@ -163,8 +163,14 @@ int detect_podman(const sinsp_threadinfo *tinfo, std::string &container_id)
 }
 }
 
-bool podman::can_api_sock_exist()
+bool podman::can_api_sock_exist(sinsp *inspector)
 {
+	// Short-circuit: always enable podman when running from a capture file.
+	if (inspector->is_capture())
+	{
+		return true;
+	}
+
 	glob_t gl;
 	int rc;
 	int glob_flags = 0;
@@ -193,7 +199,7 @@ bool podman::resolve(sinsp_threadinfo *tinfo, bool query_os_for_missing_info)
 
 	if(!m_api_sock_can_exist.has_value())
 	{
-		m_api_sock_can_exist = can_api_sock_exist();
+		m_api_sock_can_exist = can_api_sock_exist(tinfo->m_inspector);
 	}
 
 	if(!m_api_sock_can_exist.value())
diff --git a/userspace/libsinsp/container_engine/docker/podman.h b/userspace/libsinsp/container_engine/docker/podman.h
index 28d43734f5..49fae2d32a 100644
--- a/userspace/libsinsp/container_engine/docker/podman.h
+++ b/userspace/libsinsp/container_engine/docker/podman.h
@@ -21,7 +21,7 @@ class podman : public docker_base
 	std::optional<bool> m_api_sock_can_exist;
 
 	// Return true if any possible api socket pattern exists.
-	bool can_api_sock_exist();
+	static bool can_api_sock_exist(sinsp *inspector);
 
 	// Return whether or not any possible api socket exists. (The actual socket is
 	// implement container_engine_base

From 721fa55bf883b1292d3872b9226ad3f8284f3167 Mon Sep 17 00:00:00 2001
From: Federico Di Pierro <nierro92@gmail.com>
Date: Tue, 7 May 2024 18:08:34 +0200
Subject: [PATCH 2/3] chore(userspace/libsinsp): properly manage `podman`
 container type.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
---
 userspace/libsinsp/sinsp_filtercheck_container.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/userspace/libsinsp/sinsp_filtercheck_container.cpp b/userspace/libsinsp/sinsp_filtercheck_container.cpp
index 86cd99fd57..cc4a1bfc0a 100644
--- a/userspace/libsinsp/sinsp_filtercheck_container.cpp
+++ b/userspace/libsinsp/sinsp_filtercheck_container.cpp
@@ -343,6 +343,9 @@ uint8_t* sinsp_filter_check_container::extract_single(sinsp_evt *evt, OUT uint32
 			case sinsp_container_type::CT_BPM:
 				m_tstr = "bpm";
 				break;
+			case sinsp_container_type::CT_PODMAN:
+				m_tstr = "podman";
+				break;
 			default:
 				ASSERT(false);
 				break;

From ce04c9feb2d6619ceb2c582a3c3e9b66fdfcdece Mon Sep 17 00:00:00 2001
From: Federico Di Pierro <nierro92@gmail.com>
Date: Wed, 8 May 2024 11:34:59 +0200
Subject: [PATCH 3/3] chore(userspace/libsinsp): better check leveraging
 `query_os_for_missing_info`.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Angelo Puglisi <angelopuglisi86@gmail.com>
---
 .../container_engine/docker/podman.cpp         | 18 ++++++++++--------
 .../libsinsp/container_engine/docker/podman.h  |  2 +-
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/userspace/libsinsp/container_engine/docker/podman.cpp b/userspace/libsinsp/container_engine/docker/podman.cpp
index 6a4759037b..3ed3daed55 100644
--- a/userspace/libsinsp/container_engine/docker/podman.cpp
+++ b/userspace/libsinsp/container_engine/docker/podman.cpp
@@ -163,14 +163,8 @@ int detect_podman(const sinsp_threadinfo *tinfo, std::string &container_id)
 }
 }
 
-bool podman::can_api_sock_exist(sinsp *inspector)
+bool podman::can_api_sock_exist()
 {
-	// Short-circuit: always enable podman when running from a capture file.
-	if (inspector->is_capture())
-	{
-		return true;
-	}
-
 	glob_t gl;
 	int rc;
 	int glob_flags = 0;
@@ -199,7 +193,15 @@ bool podman::resolve(sinsp_threadinfo *tinfo, bool query_os_for_missing_info)
 
 	if(!m_api_sock_can_exist.has_value())
 	{
-		m_api_sock_can_exist = can_api_sock_exist(tinfo->m_inspector);
+		if (query_os_for_missing_info)
+		{
+			m_api_sock_can_exist = can_api_sock_exist();
+		}
+		else
+		{
+			// Short-circuit: always enable podman when running from a capture file.
+			m_api_sock_can_exist = true;
+		}
 	}
 
 	if(!m_api_sock_can_exist.value())
diff --git a/userspace/libsinsp/container_engine/docker/podman.h b/userspace/libsinsp/container_engine/docker/podman.h
index 49fae2d32a..28d43734f5 100644
--- a/userspace/libsinsp/container_engine/docker/podman.h
+++ b/userspace/libsinsp/container_engine/docker/podman.h
@@ -21,7 +21,7 @@ class podman : public docker_base
 	std::optional<bool> m_api_sock_can_exist;
 
 	// Return true if any possible api socket pattern exists.
-	static bool can_api_sock_exist(sinsp *inspector);
+	bool can_api_sock_exist();
 
 	// Return whether or not any possible api socket exists. (The actual socket is
 	// implement container_engine_base