Skip to content

Commit

Permalink
process:username: metric for errors
Browse files Browse the repository at this point in the history 
Add two metrics:

- process_metadata_username_ignored_not_in_host_namespaces:
  This is to note that we did not perform uid->username resolution
  and it was ignored due the target process not being in mount or
  user host namespaces.

- process_metadata_username_failed: that is to note that we did
  try to resolve target process uid->username but it failed for some
  reasons.

Signed-off-by: Djalal Harouni <[email protected]>
  • Loading branch information
@tixxdz
tixxdz committed Jun 24, 2024
1 parent 1775eb6 commit ff514d1
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 11 deletions.
2 changes: 1 addition & 1 deletion docs/content/en/docs/reference/metrics.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

21 changes: 14 additions & 7 deletions pkg/metrics/errormetrics/errormetrics.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,23 @@ const (
HandlerError
// An event finalizer on Process failed
EventFinalizeProcessInfoFailed
// Failed to resolve Process uid to username
ProcessMetadataUsernameFailed
// The username resolution was skipped since the process is not in host
// namespaces.
ProcessMetadataUsernameIgnoredNotInHost
)

var errorTypeLabelValues = map[ErrorType]string{
ProcessCacheMissOnGet: "process_cache_miss_on_get",
ProcessCacheEvicted: "process_cache_evicted",
ProcessCacheMissOnRemove: "process_cache_miss_on_remove",
ProcessPidTidMismatch: "process_pid_tid_mismatch",
EventMissingProcessInfo: "event_missing_process_info",
HandlerError: "handler_error",
EventFinalizeProcessInfoFailed: "event_finalize_process_info_failed",
ProcessCacheMissOnGet: "process_cache_miss_on_get",
ProcessCacheEvicted: "process_cache_evicted",
ProcessCacheMissOnRemove: "process_cache_miss_on_remove",
ProcessPidTidMismatch: "process_pid_tid_mismatch",
EventMissingProcessInfo: "event_missing_process_info",
HandlerError: "handler_error",
EventFinalizeProcessInfoFailed: "event_finalize_process_info_failed",
ProcessMetadataUsernameFailed: "process_metadata_username_failed",
ProcessMetadataUsernameIgnoredNotInHost: "process_metadata_username_ignored_not_in_host_namespaces",
}

func (e ErrorType) String() string {
Expand Down
13 changes: 10 additions & 3 deletions pkg/sensors/exec/userinfo/userinfo.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (

"github.com/cilium/tetragon/pkg/api/processapi"
"github.com/cilium/tetragon/pkg/grpc/exec"
"github.com/cilium/tetragon/pkg/metrics/errormetrics"
"github.com/cilium/tetragon/pkg/option"
"github.com/cilium/tetragon/pkg/reader/namespace"
"github.com/cilium/tetragon/pkg/reader/userdb"
Expand Down Expand Up @@ -36,11 +37,17 @@ func getAccountUnix(uid uint32, ns *processapi.MsgNamespaces) (string, error) {
func MsgToExecveAccountUnix(m *exec.MsgExecveEventUnix) error {
if option.Config.UsernameMetadata == int(option.USERNAME_METADATA_UNIX) {
username, err := getAccountUnix(m.Unix.Process.UID, &m.Unix.Msg.Namespaces)
if err != nil {
return err
if err == nil {
m.Unix.Process.User.Name = username
return nil
}

m.Unix.Process.User.Name = username
if errors.Is(err, ErrNotInHostNs) {
errormetrics.ErrorTotalInc(errormetrics.ProcessMetadataUsernameIgnoredNotInHost)
} else {
errormetrics.ErrorTotalInc(errormetrics.ProcessMetadataUsernameFailed)
}
return err
}
return nil
}

0 comments on commit ff514d1

Please sign in to comment.