proc: handle docker container id format in CI

In our CI environment, docker cgroups do not contain the key word docker. This caused the procfs walker to fail to identify the container ID's of docker container processes started before Tetragon. Add some naive logic to fall back to so that we can handle this case. Signed-off-by: William Findlay <william.findlay@isovalent.com>
cilium · Jan 28, 2025 · 9988b44 · 9988b44
1 parent 503cab7
commit 9988b44
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 6 deletions.
diff --git a/pkg/sensors/exec/procevents/proc.go b/pkg/sensors/exec/procevents/proc.go
@@ -5,6 +5,7 @@ package procevents
 
 import (
 	"bytes"
+	"encoding/hex"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -136,6 +137,17 @@ func procsFindDockerId(cgroups string) (string, int) {
 				return container, i
 			}
 		}
+		// In some environments, such as the GitHub Ubuntu CI runner, docker cgroups do not contain the docker keyword but do end with a hex ID in their last component. Fall back to a naive approach here to handle that case.
+		components := strings.Split(s, "/")
+		if len(components) > 0 {
+			id := components[len(components)-1]
+			_, err := hex.DecodeString(id)
+			if err == nil {
+				if len(id) >= 31 {
+					return id[:31], len(strings.Join(components[:len(components)-1], "")) + 1
+				}
+			}
+		}
 	}
 	return "", 0
 }

diff --git a/pkg/sensors/exec/procevents/proc_reader.go b/pkg/sensors/exec/procevents/proc_reader.go
@@ -4,12 +4,10 @@
 package procevents
 
 import (
-	"cmp"
 	"fmt"
 	"os"
 	"path/filepath"
 	"regexp"
-	"slices"
 	"sort"
 	"strconv"
 	"strings"
@@ -661,10 +659,6 @@ func listRunningProcs(procPath string) ([]procs, error) {
 
 	logger.GetLogger().Infof("Read ProcFS %s appended %d/%d entries", option.Config.ProcFS, len(processes), len(procFS))
 
-	slices.SortFunc(processes, func(a, b procs) int {
-		return cmp.Compare(a.pid, b.pid)
-	})
-
 	return processes, nil
 }
 

diff --git a/pkg/sensors/exec/procevents/proc_test.go b/pkg/sensors/exec/procevents/proc_test.go
@@ -165,6 +165,11 @@ func TestProcsFindContainerId(t *testing.T) {
 	assert.Equal(t, i, 80, "ContainerId offset wrong")
 	assert.Equal(t, d, "0ca2b3cd20e5f55a2bbe8d4aa3f811c", "ContainerId wrong")
 
+	p = "11:pids:/actions_job/ec5fd62ba68d0b75a3cbdb7f7f78b526440b7969e22b2b362fb6f429ded42fdc"
+	d, i = procsFindDockerId(p)
+	assert.Equal(t, i, 20, "ContainerId offset wrong")
+	assert.Equal(t, d, "ec5fd62ba68d0b75a3cbdb7f7f78b52", "ContainerId wrong")
+
 	p = ""
 	d, i = procsFindDockerId(p)
 	assert.Equal(t, d, "", "Expect output '' empty string")