From 9b4c4e88d0afb5c41abf651c21899dda672234b0 Mon Sep 17 00:00:00 2001
From: Grzegorz Nosek <grzegorz.nosek@sysdig.com>
Date: Thu, 27 Jan 2022 20:07:32 +0100
Subject: [PATCH] Allow enabling/disabling individual container engines on
 startup

---
 userspace/libsinsp/container.cpp | 16 ++++++++++++++--
 userspace/libsinsp/container.h   | 17 +++++++++++++++++
 userspace/libsinsp/sinsp.h       |  5 +++++
 3 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/userspace/libsinsp/container.cpp b/userspace/libsinsp/container.cpp
index 5316933b93..383e241302 100644
--- a/userspace/libsinsp/container.cpp
+++ b/userspace/libsinsp/container.cpp
@@ -48,7 +48,8 @@ sinsp_container_manager::sinsp_container_manager(sinsp* inspector, bool static_c
 	m_static_container(static_container),
 	m_static_id(static_id),
 	m_static_name(static_name),
-	m_static_image(static_image)
+	m_static_image(static_image),
+	m_container_engine_mask(~0ULL)
 {
 }
 
@@ -563,6 +564,7 @@ void sinsp_container_manager::create_engines()
 	}
 #ifndef MINIMAL_BUILD
 #ifdef CYGWING_AGENT
+	if (m_container_engine_mask & (1 << CT_DOCKER))
 	{
 		auto docker_engine = std::make_shared<container_engine::docker_win>(*this, m_inspector /*wmi source*/);
 		m_container_engines.push_back(docker_engine);
@@ -570,11 +572,13 @@ void sinsp_container_manager::create_engines()
 	}
 #else
 #ifndef _WIN32
+	if (m_container_engine_mask & (1 << CT_PODMAN))
 	{
 		auto podman_engine = std::make_shared<container_engine::podman>(*this);
 		m_container_engines.push_back(podman_engine);
 		m_container_engine_by_type[CT_PODMAN] = podman_engine;
 	}
+	if (m_container_engine_mask & (1 << CT_DOCKER))
 	{
 		auto docker_engine = std::make_shared<container_engine::docker_linux>(*this);
 		m_container_engines.push_back(docker_engine);
@@ -582,6 +586,10 @@ void sinsp_container_manager::create_engines()
 	}
 
 #if defined(HAS_CAPTURE)
+	if (m_container_engine_mask &
+	   ((1 << CT_CRI) |
+	    (1 << CT_CRIO) |
+	    (1 << CT_CONTAINERD)))
 	{
 		auto cri_engine = std::make_shared<container_engine::cri>(*this);
 		m_container_engines.push_back(cri_engine);
@@ -590,27 +598,31 @@ void sinsp_container_manager::create_engines()
 		m_container_engine_by_type[CT_CONTAINERD] = cri_engine;
 	}
 #endif
+	if (m_container_engine_mask & (1 << CT_LXC))
 	{
 		auto lxc_engine = std::make_shared<container_engine::lxc>(*this);
 		m_container_engines.push_back(lxc_engine);
 		m_container_engine_by_type[CT_LXC] = lxc_engine;
 	}
+	if (m_container_engine_mask & (1 << CT_LIBVIRT_LXC))
 	{
 		auto libvirt_lxc_engine = std::make_shared<container_engine::libvirt_lxc>(*this);
 		m_container_engines.push_back(libvirt_lxc_engine);
 		m_container_engine_by_type[CT_LIBVIRT_LXC] = libvirt_lxc_engine;
 	}
-
+	if (m_container_engine_mask & (1 << CT_MESOS))
 	{
 		auto mesos_engine = std::make_shared<container_engine::mesos>(*this);
 		m_container_engines.push_back(mesos_engine);
 		m_container_engine_by_type[CT_MESOS] = mesos_engine;
 	}
+	if (m_container_engine_mask & (1 << CT_RKT))
 	{
 		auto rkt_engine = std::make_shared<container_engine::rkt>(*this);
 		m_container_engines.push_back(rkt_engine);
 		m_container_engine_by_type[CT_RKT] = rkt_engine;
 	}
+	if (m_container_engine_mask & (1 << CT_BPM))
 	{
 		auto bpm_engine = std::make_shared<container_engine::bpm>(*this);
 		m_container_engines.push_back(bpm_engine);
diff --git a/userspace/libsinsp/container.h b/userspace/libsinsp/container.h
index 3dd2941de0..38e3589fd1 100644
--- a/userspace/libsinsp/container.h
+++ b/userspace/libsinsp/container.h
@@ -138,6 +138,22 @@ class sinsp_container_manager :
 	void subscribe_on_new_container(new_container_cb callback);
 	void subscribe_on_remove_container(remove_container_cb callback);
 
+	/**
+	 * @brief Selectively enable/disable container engines
+	 * @param mask the bit mask of sinsp_container_type values
+	 *             for the engines to be enabled
+	 *
+	 *  Note: the CRI engine handles multiple container types which can only
+	 *  be enabled or disabled together.
+	 *
+	 *  This method *must* be called before the first container detection,
+	 *  i.e. before inspector->open()
+	 */
+	inline void set_container_engine_mask(uint64_t mask)
+	{
+		m_container_engine_mask = mask;
+	}
+
 	void create_engines();
 
 	/**
@@ -217,6 +233,7 @@ class sinsp_container_manager :
 	std::string m_static_id;
 	std::string m_static_name;
 	std::string m_static_image;
+	uint64_t m_container_engine_mask;
 
 	friend class test_helper;
 };
diff --git a/userspace/libsinsp/sinsp.h b/userspace/libsinsp/sinsp.h
index d34e090abe..e4faeba55b 100644
--- a/userspace/libsinsp/sinsp.h
+++ b/userspace/libsinsp/sinsp.h
@@ -1102,6 +1102,11 @@ class SINSP_PUBLIC sinsp : public capture_stats_source, public wmi_handle_source
 
 	static unsigned num_possible_cpus();
 
+	inline void set_container_engine_mask(uint64_t mask)
+	{
+		m_container_manager.set_container_engine_mask(mask);
+	}
+
 #if defined(HAS_CAPTURE) && !defined(_WIN32)
 	static std::shared_ptr<std::string> lookup_cgroup_dir(const std::string& subsys);
 #endif