valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-06 17:45:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
baa8ebe885
osquery-1/cmake
History
Stefano Bonicatti 46c1e6d8be Implement container access from tables on Linux 
- Add the possibility of running table logic inside a container
  namespace, so that's possible to query it instead of the host.
  Needs minor modifications to each table logic and how they use logging.

  In practice it works by having a pid_with_namespace column, which should
  contain pids that are in the same mount namespace of the container one
  wants to query.
  The worker receives that column as a constraint, prepares two unnamed
  pipes for read/write communications with the future child, then forks
  into a new process.

  While the parent sends a query job to the just created child and then waits
  for results, the child receives the job, takes all the values given in the
  pid_with_namespace constraint, retrieves the fd of the mount namespace
  under "/proc/<constraint pid>/ns/mnt", then switches to it.
  Finally it runs the table logic, sending the results back to the parent
  through the pipe with a JSON message.

  Important to note that the logging in the table logic is not GLOG
  directly, because in the child this is in an unknown state; a custom
  logging system that resembles glog and that takes advantage of the
  existing communication channel is used to send the messages in JSON
  format to the parent, which will take care to forward to GLOG.

- Add FLAGS_keep_container_worker_open so that the process used for
  accessing a container is kept open, until the queries are for the same
  table; when the table changes, the process will be closed
  and a new one created.
  This is off by default, which means that a new process will be always
  created.

- Implemented a way to run tests that require root separated
  from the others.
  The OSQUERY_BUILD_ROOT_TESTS has been added to requests such tests to
  be built.
  To run only tests which require a normal user, one has to use
  `ctest -LE "root-required"`, while `sudo ctest -L "root-required"`
  to run those who need root.

PR: osquery/osquery#6209
2020-04-20 17:49:57 +02:00
..
modules Integrate cppcheck and clang-tidy within the CMake project (#5730) 2019-10-08 18:17:11 +02:00
wix_patches Fix MSI Service Error handling 2019-09-19 12:32:35 -04:00
CPackConfig.cmake.in cpack: Add RPM and DEB postinstall script (#6097) 2019-12-11 15:44:44 -05:00
flags.cmake toolchain: Add CMake options for linking (#6112) 2020-01-16 23:09:35 -05:00
globals.cmake Prepare CMake and Python framework for Python tests 2019-12-07 20:51:09 -05:00
options.cmake Implement container access from tables on Linux 2020-04-20 17:49:57 +02:00
packaging.cmake Do not force a specific path to install osquery on Windows (#6379) 2020-04-08 18:56:49 -04:00
toolchain.cmake toolchain: Add CMake options for linking (#6112) 2020-01-16 23:09:35 -05:00
utilities.cmake Fix format folder exclusion and format check self test (#6201) 2020-01-27 14:21:38 -08:00