libs icon indicating copy to clipboard operation
libs copied to clipboard
verified publisher icon falcosecurity

Overlay FS: Add fields proc.is_exe_lower_layer, fd.is_upper_layer and fd.is_lower_layer

Open eddyduer-sysdig opened this issue 1 year ago • 5 comments

Overlay FS: Add fields proc.is_exe_lower_layer, fd.is_upper_layer and fd.is_lower_layer

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area API-version

/area build

/area CI

/area driver-kmod

/area driver-bpf

/area driver-modern-bpf

/area libscap-engine-bpf

/area libscap-engine-gvisor

/area libscap-engine-kmod

/area libscap-engine-modern-bpf

/area libscap-engine-nodriver

/area libscap-engine-noop

/area libscap-engine-source-plugin

/area libscap-engine-savefile

/area libscap

/area libpman

/area libsinsp

/area tests

/area proposals

Does this PR require a change in the driver versions?

/version driver-API-version-major

/version driver-API-version-minor

/version driver-API-version-patch

/version driver-SCHEMA-version-major

/version driver-SCHEMA-version-minor

/version driver-SCHEMA-version-patch

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Add fields proc.is_exe_lower_layer, fd.is_upper_layer and fd.is_lower_layer for Overlay FS

eddyduer-sysdig avatar Jun 26 '24 15:06 eddyduer-sysdig

Please double check driver/API_VERSION file. See versioning.

/hold

github-actions[bot] avatar Jun 26 '24 15:06 github-actions[bot]

Very nice 🚀 @eddyduer-sysdig! @loresuso could you help with the review since you worked on the upper layer flag? Thanks!

incertum avatar Jun 26 '24 15:06 incertum

Woah this is cool! I'm gonna review it soon 👀 🚀

loresuso avatar Jun 26 '24 16:06 loresuso

Perf diff from master - unit tests

     7.13%     +1.75%  [.] sinsp::next
     2.06%     +1.11%  [.] sinsp_thread_manager::find_thread
     5.95%     -0.97%  [.] next
     1.89%     -0.96%  [.] sinsp_evt::get_ts
     2.77%     +0.92%  [.] gzfile_read
     3.40%     -0.54%  [.] sinsp_thread_manager::get_thread_ref
     1.21%     -0.39%  [.] sinsp_utils::find_longest_matching_evt_param
     2.28%     -0.39%  [.] scap_event_decode_params
     1.22%     +0.38%  [.] libsinsp::sinsp_suppress::process_event
     0.87%     -0.36%  [.] sinsp_filter_check::parse_field_name

Heap diff from master - unit tests

peak heap memory consumption: -1.41K
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Heap diff from master - scap file

peak heap memory consumption: -586B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

github-actions[bot] avatar Jun 28 '24 06:06 github-actions[bot]

Perf diff from master - unit tests

     6.27%     -1.02%  [.] next
     1.34%     -0.90%  [.] scap_next
     1.39%     +0.84%  [.] std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release
     4.63%     -0.81%  [.] gzfile_read
     2.74%     +0.81%  [.] sinsp_thread_manager::get_thread_ref
     1.96%     +0.81%  [.] std::_Hashtable<long, std::pair<long const, std::shared_ptr<sinsp_threadinfo> >, std::allocator<std::pair<long const, std::shared_ptr<sinsp_threadinfo> > >, std::__detail::_Select1st, std::equal_to<long>, std::hash<long>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, false, true> >::_M_find_before_node
     2.85%     -0.63%  [.] scap_event_decode_params
     6.93%     -0.63%  [.] sinsp::next
     1.11%     +0.60%  [.] scap_event_encode_params_v
     1.40%     -0.56%  [.] sinsp_evt::get_ts

Perf diff from master - scap file

    15.37%     -5.31%  [.] scap_event_decode_params
    19.29%     -3.53%  [.] sinsp_filter_check_event::extract_single
     4.89%     +3.14%  [.] sinsp_filter_check::tostring
     4.86%     +3.09%  [.] sinsp::next
     9.75%     -2.72%  [.] libsinsp::runc::match_one_container_id
     5.98%     +2.56%  [.] rawstring_check::extract_single
    11.13%     -1.56%  [.] sinsp_filter_check_thread::extract_single
     5.25%     +1.12%  [.] sinsp_filter_check::get_transformed_field_info
     4.98%     -0.51%  [.] scap_next
     4.89%     -0.47%  [.] sinsp_evt::get_param_as_str

Heap diff from master - unit tests

peak heap memory consumption: -586B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Heap diff from master - scap file

peak heap memory consumption: -586B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

github-actions[bot] avatar Aug 09 '24 07:08 github-actions[bot]

Hey @Molter73 I see that e2e tests are failing but the report is not uploaded in CI https://github.com/falcosecurity/libs/actions/runs/10307297656/job/28555325360?pr=1936#step:8:8 Any idea why is this happening?

Andreagit97 avatar Aug 09 '24 10:08 Andreagit97

Fixed comments from code review and added some tests

eddyduer-sysdig avatar Aug 22 '24 08:08 eddyduer-sysdig

Codecov Report

Attention: Patch coverage is 95.71429% with 3 lines in your changes missing coverage. Please review.

Project coverage is 74.25%. Comparing base (c7d7530) to head (a332c03). Report is 16 commits behind head on master.

Files Patch % Lines
userspace/libsinsp/sinsp_filtercheck_thread.cpp 0.00% 3 Missing :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1936      +/-   ##
==========================================
+ Coverage   74.20%   74.25%   +0.04%     
==========================================
  Files         253      253              
  Lines       30832    30895      +63     
  Branches     5411     5410       -1     
==========================================
+ Hits        22880    22941      +61     
+ Misses       7952     7935      -17     
- Partials        0       19      +19
Flag Coverage Δ
libsinsp 74.25% <95.71%> (+0.04%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Aug 22 '24 14:08 codecov[bot]

/milestone next-driver

FedeDP avatar Aug 27 '24 06:08 FedeDP

Results of kernel tests: https://github.com/falcosecurity/libs/actions/runs/10575083303

x86

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-4.19 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2-5.10 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.15 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢 🟢
amazonlinux2023-6.1 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.0 🟢 🟢 🟢 🟢 🟢 🟢
archlinux-6.7 🟢 🟢 🟢 🟢 🟢 🟢
centos-3.10 🟢 🟢 🟢 🟡 🟡 🟡
centos-4.18 🟢 🟢 🟢 🟢 🟢 🟢
centos-5.14 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.17 🟢 🟢 🟢 🟢 🟢 🟢
fedora-5.8 🟢 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-3.10 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-4.14 🟢 🟢 🟢 🟢 🟢 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-5.4 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-4.15 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-5.8 🟢 🟢 🟢 🟢 🟢 🟡
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

arm64

KERNEL CMAKE-CONFIGURE KMOD BUILD KMOD SCAP-OPEN BPF-PROBE BUILD BPF-PROBE SCAP-OPEN MODERN-BPF SCAP-OPEN
amazonlinux2-5.4 🟢 🟢 🟢 🟢 🟢 🟡
amazonlinux2022-5.15 🟢 🟢 🟢 🟢 🟢 🟢
fedora-6.2 🟢 🟢 🟢 🟢 🟢 🟢
oraclelinux-4.14 🟢 🟢 🟢 🟡 🟡 🟡
oraclelinux-5.15 🟢 🟢 🟢 🟢 🟢 🟢
ubuntu-6.5 🟢 🟢 🟢 🟢 🟢 🟢

Andreagit97 avatar Aug 27 '24 14:08 Andreagit97

LGTM label has been added.

Git tree hash: dbd6247baa518ba2d5473ef695fa5edc7c0a3215

poiana avatar Aug 28 '24 07:08 poiana

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, eddyduer-sysdig, FedeDP

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • ~~OWNERS~~ [Andreagit97,FedeDP]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

poiana avatar Aug 28 '24 07:08 poiana

/unhold

FedeDP avatar Aug 28 '24 07:08 FedeDP