utils

package

v0.0.0-...-6e97c07 Latest Latest Go to latest Published: Aug 15, 2023 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubescape/host-scanner

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func CNIConfigDirFromKubelet(ctx context.Context, proc *ProcessDetails) (string, error)
func GetCNIConfigPath(ctx context.Context, kubeletProc *ProcessDetails) string
func GetFilePermissions(filePath string) (int, error)
func GetFileUNIXOwnership(filePath string) (int64, int64, error)
func GetHttpClient() *http.Client
func GetKubeletServiceFiles(kubeletPid int) ([]string, error)
func GetServiceFilesByPIDSystemd(pid int) (string, error)
func HostPath(filePath string) string
func IsPathExists(filename string) bool
func LookupGroupnameByGID(gid int64, root string) (string, error)
func MakeChangedRootFileInfo(ctx context.Context, rootDir string, filePath string, readContent bool) (*ds.FileInfo, error)
func MakeContaineredFileInfo(ctx context.Context, p *ProcessDetails, filePath string, readContent bool) (*ds.FileInfo, error)
func MakeFileInfo(filePath string, readContent bool) (*ds.FileInfo, error)
func ReadFileOnHostFileSystem(fileName string) ([]byte, error)
type ContainerRuntimeInfo
type ProcessDetails
- func LocateProcessByExecSuffix(processSuffix string) (*ProcessDetails, error)
- func (p ProcessDetails) ContaineredPath(filePath string) string
- func (p ProcessDetails) GetArg(argName string) (string, bool)
- func (p ProcessDetails) RawCmd() string
- func (p ProcessDetails) RootDir() string

Constants ¶

View Source

const (
	CNIDefaultConfigDir string = "/etc/cni/"
)

CNI default constants

Variables ¶

View Source

var (
	// ErrDockershimRT means the used container runtime is dockershim.
	// no kubelet flags or --container-runtime not 'remote' means dockershim.sock which is not supported
	ErrDockershimRT = errors.New("dockershim runtime is not supported")

	// ErrCRINotFound means no container runtime was found.
	ErrCRINotFound = errors.New("no container runtime was found")
)

Errors

View Source

var (
	ErrNotUnixFS = errors.New("operation not supported by the file system")
)

View Source

var (
	ErrServicePathNotFound = errors.New("cannot locate service file path")
)

View Source

var (
	// Where the host sensor is expecting host fs to be mounted.
	// Defined as var for testing purposes only
	HostFileSystemDefaultLocation = "/host_fs"
)

Functions ¶

func CNIConfigDirFromKubelet ¶

func CNIConfigDirFromKubelet(ctx context.Context, proc *ProcessDetails) (string, error)

CNIConfigDirFromKubelet - returns cni config dir by kubelet --container-runtime-endpoint flag. Returns empty string if not found. A specific case is cri-dockerd.sock process which it's container runtime is determined by kubernetes docs.

func GetCNIConfigPath ¶

func GetCNIConfigPath(ctx context.Context, kubeletProc *ProcessDetails) string

getCNIConfigPath returns CNI config dir from a running container runtime. Flow:

Find CNI config dir through kubelet flag (--container-runtime-endpoint). If not found:
Find CNI config dir through process of supported container runtimes. If not found:
return CNI config dir default that is defined in the container runtime properties.

func GetFilePermissions ¶

func GetFilePermissions(filePath string) (int, error)

GetFilePermissions returns file permissions as int. On filesystem error, it returns the error as is.

func GetFileUNIXOwnership ¶

func GetFileUNIXOwnership(filePath string) (int64, int64, error)

GetFileUNIXOwnership returns the user id and group of a file. On error, it return values of -1 for the ids. On filesystem error, it returns the error as is. If the filesystem not support UNIX ownership (like FAT), it returns ErrNotUnixFS.

func GetHttpClient ¶

func GetHttpClient() *http.Client

GetHttpClient - instantiate http.client object

func GetKubeletServiceFiles ¶

func GetKubeletServiceFiles(kubeletPid int) ([]string, error)

GetKubeletServiceFiles all the service files associated with the kubelet service.

func GetServiceFilesByPIDSystemd ¶

func GetServiceFilesByPIDSystemd(pid int) (string, error)

GetServiceFilesByPIDSystemd returns the serivce config directory for a given process id.

func HostPath ¶

func HostPath(filePath string) string

func IsPathExists ¶

func IsPathExists(filename string) bool

IsPathExists returns true if a given path exist and false otherwise

func LookupGroupnameByGID ¶

func LookupGroupnameByGID(gid int64, root string) (string, error)

returns group name if gid was found in a group file {root}/etc/group, otherwise returns empty string.

func MakeChangedRootFileInfo ¶

func MakeChangedRootFileInfo(ctx context.Context, rootDir string, filePath string, readContent bool) (*ds.FileInfo, error)

MakeChangedRootFileInfo makes a file info object for the given path on the given root directory.

func MakeContaineredFileInfo ¶

func MakeContaineredFileInfo(ctx context.Context, p *ProcessDetails, filePath string, readContent bool) (*ds.FileInfo, error)

MakeContaineredFileInfo makes a file info object for a given process file system view.

func MakeFileInfo ¶

func MakeFileInfo(filePath string, readContent bool) (*ds.FileInfo, error)

MakeFileInfo returns a `ds.FileInfo` object for given path If `readContent` is set to `true`, it adds the file content On access error, it returns the error as is

func ReadFileOnHostFileSystem ¶

func ReadFileOnHostFileSystem(fileName string) ([]byte, error)

ReadFileOnHostFileSystem reads a file on the host file system.

Types ¶

type ContainerRuntimeInfo ¶

type ContainerRuntimeInfo struct {
	// contains filtered or unexported fields
}

A ContainerRuntimeInfo holds a container runtime properties and process info.

type ProcessDetails ¶

type ProcessDetails struct {
	CmdLine []string `json:"cmdline"`
	PID     int32    `json:"pid"`
}

func LocateProcessByExecSuffix ¶

func LocateProcessByExecSuffix(processSuffix string) (*ProcessDetails, error)

LocateProcessByExecSuffix locates process with executable name ends with `processSuffix`. The first entry at `/proc` that matches the suffix is returned, other process are ignored. It returns a `ProcessDetails` object.

func (ProcessDetails) ContaineredPath ¶

func (p ProcessDetails) ContaineredPath(filePath string) string

ContaineredPath returns path for the file that the process see. This is useful when dealing with processes that are running inside a container

func (ProcessDetails) GetArg ¶

func (p ProcessDetails) GetArg(argName string) (string, bool)

GetArg returns argument value from the process cmdline, and an ok. If the argument does not exist, it returns an empty string and `false`. If the argument exists but has no value, it returns an empty string and `true`. TODO: support multiple options

func (ProcessDetails) RawCmd ¶

func (p ProcessDetails) RawCmd() string

RawCmd returns the raw command used to start the process

func (ProcessDetails) RootDir ¶

func (p ProcessDetails) RootDir() string

RootDir returns the root directory of a process. This is useful when dealing with processes that are running inside a container

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL