Skip to content

fix(controlplane): filter unnecessary enriches #4193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 17, 2024
Merged

fix(controlplane): filter unnecessary enriches #4193

merged 1 commit into from
Jul 17, 2024

Conversation

@NDStrahilevitz
Copy link
Collaborator

@NDStrahilevitz NDStrahilevitz commented Jul 17, 2024

1. Explain what the PR does

613986a fix(controlplane): filter unnecessary enriches

The condition for enrichment in the control plane was faulty. It relied
on the previous check for container relevant cgroups + not dead dirs.
This, however, is obviously not enough. Therefore the condition for
enrichment trigger now includes checking if the cgroup is a container's
root directory.

2. Explain how to test it

tracee -o json
docker run --rm -d ubuntu
Enrichment should work as before, with no new errors.

3. Other comments

@NDStrahilevitz
fix(controlplane): filter unnecessary enriches
613986a 
The condition for enrichment in the control plane was faulty. It relied
on the previous check for container relevant cgroups + not dead dirs.
This, however, is obviously not enough. Therefore the condition for
enrichment trigger now includes checking if the cgroup is a container's
root directory.
@NDStrahilevitz NDStrahilevitz requested a review from geyslan July 17, 2024 14:03
@NDStrahilevitz NDStrahilevitz self-assigned this Jul 17, 2024
geyslan
geyslan approved these changes Jul 17, 2024
View reviewed changes
Copy link
Member

@geyslan geyslan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@geyslan
Copy link
Member

geyslan commented Jul 17, 2024

It arose in upcoming changes: https://github.com/aquasecurity/tracee/actions/runs/9973741398/job/27564629591?pr=4191#step:5:1455

{"level":"error","ts":1721217866.2903428,"msg":"error enriching container in control plane","error":"containers.(*Containers).EnrichCgroupInfo: cgroup 4633: no containerId (path /system.slice/motd-news.service)","cgroup_id":4633}

@NDStrahilevitz
Copy link
Collaborator Author

NDStrahilevitz commented Jul 17, 2024

Possibly relevant #3870

@NDStrahilevitz NDStrahilevitz merged commit 772c609 into aquasecurity:main Jul 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@geyslan geyslan geyslan approved these changes

Assignees

@NDStrahilevitz NDStrahilevitz

Labels

area/ebpf kind/bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@NDStrahilevitz @geyslan