update(gvisor): check runsc return value and if it is correctly insta…

…lled in the system Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
falcosecurity · Jun 15, 2022 · e0c14d6 · e0c14d6
1 parent 74172e5
commit e0c14d6
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 20 deletions.
diff --git a/userspace/libscap/engine/gvisor/gvisor.h b/userspace/libscap/engine/gvisor/gvisor.h
@@ -101,10 +101,16 @@ class engine {
     int32_t process_message_from_fd(int fd);
     void free_sandbox_buffers();
 
-    std::vector<std::string> runsc(char *argv[]);
-    std::vector<std::string> runsc_list();
-    void runsc_trace_create(const std::string &sandbox_id, bool force);
-    void runsc_trace_delete(const std::string &session_name, const std::string &sandbox_id);
+    struct runsc_result {
+        int error;
+        std::vector<std::string> output;
+    };
+
+    runsc_result runsc(char *argv[]);
+    runsc_result runsc_version();
+    runsc_result runsc_list();
+    runsc_result runsc_trace_create(const std::string &sandbox_id, bool force);
+    runsc_result runsc_trace_delete(const std::string &session_name, const std::string &sandbox_id);
     std::string generate_trace_session_config();
 
     char *m_lasterr;

diff --git a/userspace/libscap/engine/gvisor/scap_gvisor.cpp b/userspace/libscap/engine/gvisor/scap_gvisor.cpp
@@ -103,6 +103,14 @@ int32_t engine::init(std::string socket_path, std::string runsc_root_path, std::
 	}
 	unlink(m_socket_path.c_str());
 
+	// Check if runsc is installed in the system
+	runsc_result version = runsc_version();
+	if(version.error)
+	{
+		strlcpy(m_lasterr, "Cannot find runsc binary", SCAP_LASTERR_SIZE);
+		return SCAP_FAILURE;
+	}
+
 	if(runsc_root_path.empty())
 	{
 		m_runsc_root_path = default_runsc_root_path;
@@ -252,7 +260,13 @@ int32_t engine::start_capture()
 	// Retrieve all running sandboxes
 	// We will need to recreate a session for each of them
 	//
-	std::vector<std::string> existing_sandboxes = runsc_list();
+	runsc_result exisiting_sandboxes_res = runsc_list();
+	if(exisiting_sandboxes_res.error)
+	{
+		strlcpy(m_lasterr, "Error listing running sandboxes", SCAP_LASTERR_SIZE);
+		return SCAP_FAILURE;
+	}
+	std::vector<std::string> &existing_sandboxes = exisiting_sandboxes_res.output;
 
 	// Start accepting connections
 	m_accept_thread = std::thread(accept_thread, m_listenfd, m_epollfd);
@@ -268,7 +282,13 @@ int32_t engine::start_capture()
 
 
 	// Catch all sandboxes that might have been created in the meantime
-	std::vector<std::string> new_sandboxes = runsc_list();
+	runsc_result new_sandboxes_res = runsc_list();
+	if(new_sandboxes_res.error)
+	{
+		strlcpy(m_lasterr, "Error listing running sandboxes", SCAP_LASTERR_SIZE);
+		return SCAP_FAILURE;
+	}
+	std::vector<std::string> &new_sandboxes = new_sandboxes_res.output;
 
 	// Remove the existing sandboxes (erase-remove idiom)
 	new_sandboxes.erase(
@@ -303,7 +323,13 @@ int32_t engine::stop_capture()
 	free_sandbox_buffers();
 
 	// todo(loresuso): change session name when gVisor will support it
-	std::vector<std::string> sandboxes = runsc_list();
+	runsc_result sandboxes_res = runsc_list();
+	if(sandboxes_res.error)
+	{
+		strlcpy(m_lasterr, "Error listing running sandboxes", SCAP_LASTERR_SIZE);
+		return SCAP_FAILURE;
+	}
+	std::vector<std::string> &sandboxes = sandboxes_res.output;
 	for(const auto &sandbox : sandboxes)
 	{
 		runsc_trace_delete("Default", sandbox);
@@ -452,9 +478,9 @@ int32_t engine::next(scap_evt **pevent, uint16_t *pcpuid)
     return SCAP_TIMEOUT;
 }
 
-std::vector<std::string> engine::runsc(char *argv[])
+engine::runsc_result engine::runsc(char *argv[])
 {
-	std::vector<std::string> res;
+	runsc_result res = {0};
 	int pipefds[2];
 
 	int ret = pipe(pipefds);
@@ -473,6 +499,7 @@ std::vector<std::string> engine::runsc(char *argv[])
 		wait(&status);
 		if(status)
 		{
+			res.error = status;
 			return res;
 		}
 
@@ -484,7 +511,7 @@ std::vector<std::string> engine::runsc(char *argv[])
 
 		while(fgets(line, max_line_size, f))
 		{
-			res.emplace_back(std::string(line));
+			res.output.emplace_back(std::string(line));
 		}
 
 		fclose(f);
@@ -500,9 +527,21 @@ std::vector<std::string> engine::runsc(char *argv[])
 	return res;
 }
 
-std::vector<std::string> engine::runsc_list()
+engine::runsc_result engine::runsc_version()
+{
+	const char *argv[] = {
+		"runsc",
+		"--version",
+		NULL
+	};
+
+	return runsc((char **)argv);
+}
+
+engine::runsc_result engine::runsc_list()
 {
-	std::vector<std::string> sandboxes;
+	runsc_result res = {0};
+	std::vector<std::string> running_sandboxes;
 
 	const char *argv[] = {
 		"runsc", 
@@ -512,21 +551,26 @@ std::vector<std::string> engine::runsc_list()
 		NULL
 	};
 
-	std::vector<std::string> output = runsc((char **)argv);
+	res = runsc((char **)argv);
+	if(res.error)
+	{
+		return res;
+	}
 
-	for(auto &line : output)
+	for(const auto &line : res.output)
 	{
 		if(line.find("running") != std::string::npos)
 		{
 			std::string sandbox = line.substr(0, line.find_first_of(" ", 0));
-			sandboxes.emplace_back(sandbox);
+			running_sandboxes.emplace_back(sandbox);
 		}
 	}
 
-	return sandboxes;
+	res.output = running_sandboxes;
+	return res;
 }
 
-void engine::runsc_trace_create(const std::string &sandbox_id, bool force)
+engine::runsc_result engine::runsc_trace_create(const std::string &sandbox_id, bool force)
 {
 	const char *argv[] = {
 		"runsc", 
@@ -541,10 +585,10 @@ void engine::runsc_trace_create(const std::string &sandbox_id, bool force)
 		NULL
 	};
 
-	runsc((char **)argv);
+	return runsc((char **)argv);
 }
 
-void engine::runsc_trace_delete(const std::string &session_name, const std::string &sandbox_id)
+engine::runsc_result engine::runsc_trace_delete(const std::string &session_name, const std::string &sandbox_id)
 {
 	const char *argv[] = {
 		"runsc", 
@@ -558,7 +602,7 @@ void engine::runsc_trace_delete(const std::string &session_name, const std::stri
 		NULL
 	};
 
-	runsc((char **)argv);
+	return runsc((char **)argv);
 }
 
 std::string engine::generate_trace_session_config()

diff --git a/userspace/libscap/scap.c b/userspace/libscap/scap.c
@@ -459,6 +459,7 @@ scap_t* scap_open_gvisor_int(char *error, int32_t *rc, scap_open_args *args)
 	*rc = handle->m_vtable->init(handle, args);
 	if(*rc != SCAP_SUCCESS)
 	{
+		snprintf(error, SCAP_LASTERR_SIZE, "%s", handle->m_lasterr);
 		scap_close(handle);
 		return NULL;
 	}