diff --git a/.gitmodules b/.gitmodules index 1ef16e12..c6667ba7 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,4 +1,4 @@ [submodule "third_party/stackrox"] path = third_party/stackrox url = https://github.com/stackrox/stackrox - branch = master + branch = jv-ROX-31434-enrich-file-system-events-with-node-details diff --git a/fact-ebpf/src/bpf/bound_path.h b/fact-ebpf/src/bpf/bound_path.h index 3dbe7efc..b0877130 100644 --- a/fact-ebpf/src/bpf/bound_path.h +++ b/fact-ebpf/src/bpf/bound_path.h @@ -23,6 +23,9 @@ __always_inline static void path_write_char(char* p, unsigned int offset, char c __always_inline static struct bound_path_t* path_read(struct path* path) { struct bound_path_t* bound_path = get_bound_path(); + if (bound_path == NULL) { + return NULL; + } bound_path->len = bpf_d_path(path, bound_path->path, PATH_MAX); if (bound_path->len <= 0) { diff --git a/fact-ebpf/src/bpf/events.h b/fact-ebpf/src/bpf/events.h index 38395132..3ef7ff53 100644 --- a/fact-ebpf/src/bpf/events.h +++ b/fact-ebpf/src/bpf/events.h @@ -17,9 +17,11 @@ __always_inline static void submit_event(struct metrics_by_hook_t* m, file_activ bpf_probe_read_str(event->filename, PATH_MAX, filename); struct helper_t* helper = get_helper(); - const char* p = get_host_path(helper->buf, dentry); - if (p != NULL) { - bpf_probe_read_str(event->host_file, PATH_MAX, p); + if (helper != NULL) { + const char* p = get_host_path(helper->buf, dentry); + if (p != NULL) { + bpf_probe_read_str(event->host_file, PATH_MAX, p); + } } int64_t err = process_fill(&event->process); diff --git a/fact-ebpf/src/bpf/main.c b/fact-ebpf/src/bpf/main.c index 8a05e389..4b2aae66 100644 --- a/fact-ebpf/src/bpf/main.c +++ b/fact-ebpf/src/bpf/main.c @@ -22,6 +22,9 @@ char _license[] SEC("license") = "Dual MIT/GPL"; SEC("lsm/file_open") int BPF_PROG(trace_file_open, struct file* file) { struct metrics_t* m = get_metrics(); + if (m == NULL) { + return 0; + } m->file_open.total++; @@ -58,6 +61,9 @@ int BPF_PROG(trace_file_open, struct file* file) { SEC("lsm/path_unlink") int BPF_PROG(trace_path_unlink, struct path* dir, struct dentry* dentry) { struct metrics_t* m = get_metrics(); + if (m == NULL) { + return 0; + } m->path_unlink.total++; diff --git a/fact-ebpf/src/bpf/maps.h b/fact-ebpf/src/bpf/maps.h index 3a3d20a6..3609d8b8 100644 --- a/fact-ebpf/src/bpf/maps.h +++ b/fact-ebpf/src/bpf/maps.h @@ -38,6 +38,9 @@ struct { __always_inline static bool filter_by_prefix() { unsigned int zero = 0; char* res = bpf_map_lookup_elem(&filter_by_prefix_map, &zero); + if (res == NULL) { + return false; + } return *res != 0; } diff --git a/fact/src/event/mod.rs b/fact/src/event/mod.rs index 745b426d..2acd5b0a 100644 --- a/fact/src/event/mod.rs +++ b/fact/src/event/mod.rs @@ -89,6 +89,7 @@ impl From for fact_api::FileActivity { file: Some(file), timestamp: Some(timestamp), process: Some(process), + node: value.hostname.to_string(), } } } diff --git a/third_party/stackrox b/third_party/stackrox index 8868116f..deb34eb5 160000 --- a/third_party/stackrox +++ b/third_party/stackrox @@ -1 +1 @@ -Subproject commit 8868116f7addf4d826ae489605ffbb2b26c3be08 +Subproject commit deb34eb50afd8c90ccafe9ebe25b31ab1495befc