Revert "Merge upstream pr 688 (falcosecurity#121)" (falcosecurity#122)

This reverts commit 35d80de. It was probably causing some container runtime tests to fail.
leogr · Nov 3, 2022 · c8dbbf3 · c8dbbf3
1 parent 35d80de
commit c8dbbf3
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 35 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -11,7 +11,7 @@ jobs:
         flavor:  [ regular, bundled-deps, with-chisels, minimal ]
         include:
           - flavor: regular
-            build-args: '-DBUILD_BPF=On -DUSE_BUNDLED_DEPS=False -DUSE_BUNDLED_VALIJSON=True'
+            build-args: '-DBUILD_BPF=On -DUSE_BUNDLED_DEPS=False'
           - flavor: bundled-deps
             build-args: '-DBUILD_BPF=On -DUSE_BUNDLED_DEPS=True'
           - flavor: with-chisels
@@ -50,7 +50,6 @@ jobs:
             protobuf-compiler-grpc \
             libgtest-dev \
             libprotobuf-dev \
-            libre2-dev \
             linux-headers-$(uname -r) \
             && apt-get clean
         env:

diff --git a/userspace/libsinsp/container.cpp b/userspace/libsinsp/container.cpp
@@ -341,20 +341,6 @@ void sinsp_container_manager::notify_new_container(const sinsp_container_info& c
 		}
 		else
 		{
-			// We don't log any warning when the inspector
-			// is doing its initial scan from /proc + any
-			// container lookups. Those don't have
-			// retries.
-			if(!container_info.is_successful() && m_inspector->m_inited)
-			{
-				// This means that the container
-				// engine made multiple attempts to
-				// look up the info and all attempts
-				// failed. Log that as a warning.
-				g_logger.format(sinsp_logger::SEV_WARNING,
-						"notify_new_container (%s): Saving empty container info after repeated failed lookups",
-						container_info.m_id.c_str());
-			}
 			add_container(std::make_shared<sinsp_container_info>(container_info), tinfo);
 		}
 		return;

diff --git a/userspace/libsinsp/container_engine/container_async_source.tpp b/userspace/libsinsp/container_engine/container_async_source.tpp
@@ -101,22 +101,15 @@ void container_async_source<key_type>::run_impl()
 
 		lookup_sync(key, res);
 
-		if(!res.m_lookup.should_retry())
+		// For security reasons we store the value regardless of the lookup status on the
+		// first attempt, so we can track the container activity even without its metadata.
+		// For subsequent attempts we store it only if successful.
+		if(res.m_lookup.first_attempt() || res.m_lookup.is_successful())
 		{
-			// Either the fetch was successful or the
-			// maximum number of retries have occurred.
-			if(!res.m_lookup.is_successful())
-			{
-				g_logger.format(sinsp_logger::SEV_DEBUG,
-						"%s_async (%s): Could not look up container info after %u retries",
-						name(),
-						container_id(key).c_str(),
-						res.m_lookup.retry_no());
-			}
-
 			this->store_value(key, res);
 		}
-		else
+
+		if(res.m_lookup.should_retry())
 		{
 			// Make a new attempt
 			res.m_lookup.attempt_increment();

diff --git a/userspace/libsinsp/container_engine/docker/base.cpp b/userspace/libsinsp/container_engine/docker/base.cpp
@@ -65,16 +65,10 @@ void docker_base::parse_docker(const docker_lookup_request& request, container_c
 	bool done;
 	if (cache->async_allowed())
 	{
-		g_logger.format(sinsp_logger::SEV_DEBUG,
-				"docker_async (%s): Starting asynchronous lookup",
-				request.container_id.c_str());
 		done = m_docker_info_source->lookup(request, result);
 	}
 	else
 	{
-		g_logger.format(sinsp_logger::SEV_DEBUG,
-				"docker_async (%s): Starting synchronous lookup",
-				request.container_id.c_str());
 		done = m_docker_info_source->lookup_sync(request, result);
 	}
 	if (done)