wip

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

Author: therealbobo

.github/workflows/ci.yaml

@@ -99,34 +99,34 @@ jobs:
           path: |
             build/sysdig-*.tar.gz
 
-  #build-sysdig-others:
-  #  name: build-sysdig-${{ matrix.os }}-${{ matrix.arch }}
-  #  strategy:
-  #    matrix:
-  #      os: [windows-latest, macos-13, macos-14]
-  #      include:
-  #        - os: windows-latest
-  #          artifact_name: win
-  #          artifact_ext: exe
-  #          arch: x86_64
-  #        - os: macos-13
-  #          artifact_name: osx
-  #          artifact_ext: dmg
-  #          arch: x86_64
-  #        - os: macos-14
-  #          artifact_name: osx
-  #          artifact_ext: dmg
-  #          arch: arm64
-  #  runs-on: ${{ matrix.os }}
-  #  steps:
-  #    - name: Checkout Sysdig
-  #      uses: actions/checkout@v4
-  #    - name: Build
-  #      run: |
-  #        cmake -Wno-dev -S . -B build
-  #        cmake --build build --target package --config Release
-  #    - name: Upload Artifacts
-  #      uses: actions/upload-artifact@v4
-  #      with:
-  #        name: sysdig-dev-${{ matrix.artifact_name }}-${{ matrix.arch }}
-  #        path: build/sysdig-*.${{ matrix.artifact_ext }}
+  build-sysdig-others:
+    name: build-sysdig-${{ matrix.os }}-${{ matrix.arch }}
+    strategy:
+      matrix:
+        os: [windows-latest, macos-13, macos-14]
+        include:
+          - os: windows-latest
+            artifact_name: win
+            artifact_ext: exe
+            arch: x86_64
+          - os: macos-13
+            artifact_name: osx
+            artifact_ext: dmg
+            arch: x86_64
+          - os: macos-14
+            artifact_name: osx
+            artifact_ext: dmg
+            arch: arm64
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout Sysdig
+        uses: actions/checkout@v4
+      - name: Build
+        run: |
+          cmake -Wno-dev -DCMAKE_POLICY_VERSION_MINIMUM=3.5 -S . -B build
+          cmake --build build --target package --config Release
+      - name: Upload Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: sysdig-dev-${{ matrix.artifact_name }}-${{ matrix.arch }}
+          path: build/sysdig-*.${{ matrix.artifact_ext }}

CMakeLists.txt

@@ -33,7 +33,7 @@ if(EXISTS ${CMAKE_CURRENT_BINARY_DIR}/CMakeLists.txt)
 		"The following wiki page has more information on manually building sysdig: http://bit.ly/1oJ84UI")
 endif()
 
-cmake_minimum_required(VERSION 3.5.1)
+cmake_minimum_required(VERSION 3.28)
 
 project(sysdig)
 

cmake/modules/container_plugin.cmake

@@ -17,28 +17,48 @@ include(ExternalProject)
 
 string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} PLUGINS_SYSTEM_NAME)
 
-set(CONTAINER_LIBRARY
-	"${CMAKE_CURRENT_BINARY_DIR}/container_plugin-prefix/src/container_plugin/libcontainer.so"
-)
+set(CONTAINER_VERSION "0.3.7")
 
-if(NOT CONTAINER_VERSION)
-	set(CONTAINER_VERSION "0.3.7")
-endif()
-if(NOT CONTAINER_HASH)
+if(UNIX)
+
+	set(CONTAINER_LIBRARY
+		"${CMAKE_CURRENT_BINARY_DIR}/container_plugin-prefix/src/container_plugin/libcontainer.so"
+	)
 	if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
 		set(CONTAINER_HASH "658f96c4b4a56d1bf945a788d60571076f808ae1bcc877c4ba3625b0fd752d8d")
 	else() # arm64
 		set(CONTAINER_HASH "34a153aca0164843a169193aba092a3063b24bca9ef80fd4f1d1f1919aba3bde")
 	endif()
-endif()
-if(NOT TARGET container_plugin)
-	message(STATUS "Fetching container plugin ${CONTAINER_VERSION} in '${CONTAINER_LIBRARY}'")
-	ExternalProject_Add(
-		container_plugin
-		URL "https://download.falco.org/plugins/stable/container-${CONTAINER_VERSION}-${PLUGINS_SYSTEM_NAME}-${CMAKE_HOST_SYSTEM_PROCESSOR}.tar.gz"
-		#URL_HASH "SHA256=${CONTAINER_HASH}"
-		CONFIGURE_COMMAND ""
-		BUILD_COMMAND ""
-		INSTALL_COMMAND ""
+
+	if(NOT TARGET container_plugin)
+		message(STATUS "Fetching container plugin ${CONTAINER_VERSION} in '${CONTAINER_LIBRARY}'")
+		ExternalProject_Add(
+			container_plugin
+			URL "https://download.falco.org/plugins/stable/container-${CONTAINER_VERSION}-${PLUGINS_SYSTEM_NAME}-${CMAKE_HOST_SYSTEM_PROCESSOR}.tar.gz"
+			#URL_HASH "SHA256=${CONTAINER_HASH}"
+			CONFIGURE_COMMAND ""
+			BUILD_COMMAND ""
+			INSTALL_COMMAND ""
+		)
+	endif()
+else()
+
+	set(CONTAINER_LIBRARY
+		"${CMAKE_CURRENT_BINARY_DIR}/container_plugin-prefix/src/container_plugin/plugins/container/libcontainer.so"
 	)
+	if(NOT TARGET container_plugin)
+		message(STATUS "Fetching container plugin source ${CONTAINER_VERSION} in '${CONTAINER_LIBRARY}'")
+		ExternalProject_Add(
+			container_plugin
+			URL "https://github.com/falcosecurity/plugins/archive/refs/tags/plugins/container/v${CONTAINER_VERSION}.tar.gz"
+			#URL_HASH "${FALCOSECURITY_LIBS_CHECKSUM}"
+			SOURCE_SUBDIR plugins/container
+			BUILD_IN_SOURCE 1
+			CONFIGURE_COMMAND
+			${CMAKE_COMMAND} . -DENABLE_ASYNC=OFF -G "${CMAKE_GENERATOR}"
+			BUILD_COMMAND ${CMAKE_COMMAND} --build . --config ${CMAKE_BUILD_TYPE}
+			INSTALL_COMMAND ""
+		)
+	endif()
+
 endif()

userspace/sysdig/sysdig.cpp

@@ -767,6 +767,7 @@ captureinfo do_inspect(sinsp* inspector,
 
 	inspector->start_capture();
 
+	uint64_t index = 0;
 	//
 	// Loop through the events
 	//
@@ -786,6 +787,31 @@ captureinfo do_inspect(sinsp* inspector,
 			break;
 		}
 		res = inspector->next(&ev);
+		index++;
+		if (index == 100000) {
+			for (const auto& plugin : inspector->get_plugin_manager()->plugins())
+			{
+				if (plugin->name() == "security-fim")
+				{
+					std::cout << "LOADING NEW CONF\n";
+					std::string newconf = R"V0G0N({"policies":[{"roots":[""],"monitored":["/etc/.*conf","/etc/passwd"],"excluded":[],"use_regex":true}]})V0G0N";
+					plugin->set_config(newconf);
+				}
+			}
+
+		}
+		if (index == 500000) {
+			for (const auto& plugin : inspector->get_plugin_manager()->plugins())
+			{
+				if (plugin->name() == "security-fim")
+				{
+					std::cout << "LOADING NEW CONF\n";
+					std::string newconf = R"V0G0N({"policies":[{"roots":[""],"monitored":["/etc/.*conf","/etc/passwd"],"excluded":["/etc/bobo.conf"],"use_regex":true}]})V0G0N";
+					plugin->set_config(newconf);
+				}
+			}
+
+		}
 		if(dumper && ev && res != SCAP_EOF)
 		{
 			dumper->dump(ev);
@@ -1148,7 +1174,7 @@ sysdig_init_res sysdig_init(int argc, char **argv)
 		plugins.read_plugins_from_dirs(inspector.get());
 
 		// Load container plugin
-		auto container_config = R"({"engines":{"docker":{"enabled":true,"sockets":["/var/run/docker.sock"]},"podman":{"enabled":true,"sockets":["/run/podman/podman.sock","/run/user/1000/podman/podman.sock"]},"containerd":{"enabled":false,"sockets":["/run/containerd/containerd.sock"]},"cri":{"enabled":true,"sockets":["/run/crio/crio.sock"]},"lxc":{"enabled":false},"libvirt_lxc":{"enabled":false},"bpm":{"enabled":false}}})";
+		auto container_config = R"({"hooks":["create","start"],"engines":{"docker":{"enabled":true,"sockets":["/var/run/docker.sock"]},"podman":{"enabled":true,"sockets":["/run/podman/podman.sock","/run/user/1000/podman/podman.sock"]},"containerd":{"enabled":false,"sockets":["/run/containerd/containerd.sock"]},"cri":{"enabled":true,"sockets":["/run/crio/crio.sock"]},"lxc":{"enabled":false},"libvirt_lxc":{"enabled":false},"bpm":{"enabled":false}}})";
 		plugins.load_plugin(inspector.get(), "container");
 		plugins.config_plugin(inspector.get(), "container", container_config);