chore(userspace/libsinsp): move user group manager on container_id ch…

…anged refresh to a RAII object.

Signed-off-by: Federico Di Pierro <[email protected]>

userspace/libsinsp/parsers.cpp

@@ -1274,12 +1274,6 @@ void sinsp_parser::parse_clone_exit_caller(sinsp_evt *evt, int64_t child_tid) {
 		return;
 	}
 
-	/* Refresh user / group */
-	if(new_child->m_container_id.empty() == false) {
-		new_child->set_group(new_child->m_gid);
-		new_child->set_user(new_child->m_uid);
-	}
-
 	/* If there's a listener, invoke it */
 	if(m_inspector->get_observer()) {
 		m_inspector->get_observer()->on_clone(evt, new_child.get(), tid_collision);
@@ -1764,12 +1758,6 @@ void sinsp_parser::parse_clone_exit_child(sinsp_evt *evt) {
 	 */
 	evt->set_tinfo(new_child.get());
 
-	/* Refresh user / group */
-	if(new_child->m_container_id.empty() == false) {
-		new_child->set_group(new_child->m_gid);
-		new_child->set_user(new_child->m_uid);
-	}
-
 	//
 	// If there's a listener, invoke it
 	//
@@ -2239,15 +2227,6 @@ void sinsp_parser::parse_execve_exit(sinsp_evt *evt) {
 	//
 	evt->get_tinfo()->compute_program_hash();
 
-	//
-	// Refresh user / group
-	// if we happen to change container id
-	//
-	if(container_id != evt->get_tinfo()->m_container_id) {
-		evt->get_tinfo()->set_group(evt->get_tinfo()->m_gid);
-		evt->get_tinfo()->set_user(evt->get_tinfo()->m_uid);
-	}
-
 	//
 	// If there's a listener, invoke it
 	//
@@ -4992,14 +4971,6 @@ void sinsp_parser::parse_chroot_exit(sinsp_evt *evt) {
 		m_inspector->m_container_manager.resolve_container(
 		        evt->get_tinfo(),
 		        m_inspector->is_live() || m_inspector->is_syscall_plugin());
-		//
-		// Refresh user / group
-		// if we happen to change container id
-		//
-		if(container_id != evt->get_tinfo()->m_container_id) {
-			evt->get_tinfo()->set_group(evt->get_tinfo()->m_gid);
-			evt->get_tinfo()->set_user(evt->get_tinfo()->m_uid);
-		}
 	}
 }
 

userspace/libsinsp/sinsp.cpp

@@ -1297,6 +1297,11 @@ int32_t sinsp::next(sinsp_evt** puevt) {
 	{
 		// Object that uses RAII to enable event filtered out flag
 		sinsp_evt_filter evt_filter(evt);
+		// Object that uses RAII to automatically update user/group associated with a threadinfo
+		// upon threadinfo's container_id changes.
+		// Since the threadinfo state might get changed from a plugin parser,
+		// evaluate this one after all parsers get run.
+		sinsp_usergroup_manager::user_group_updater usr_grp_updater(evt);
 
 		if(!evt->is_filtered_out()) {
 			//

userspace/libsinsp/user.h

@@ -147,6 +147,54 @@ class sinsp_usergroup_manager {
 
 	bool clear_host_users_groups();
 
+	struct user_group_updater {
+		explicit user_group_updater(sinsp_evt *evt) {
+			switch(evt->get_type()) {
+			case PPME_SYSCALL_CLONE_11_X:
+			case PPME_SYSCALL_CLONE_16_X:
+			case PPME_SYSCALL_CLONE_17_X:
+			case PPME_SYSCALL_CLONE_20_X:
+			case PPME_SYSCALL_FORK_X:
+			case PPME_SYSCALL_FORK_17_X:
+			case PPME_SYSCALL_FORK_20_X:
+			case PPME_SYSCALL_VFORK_X:
+			case PPME_SYSCALL_VFORK_17_X:
+			case PPME_SYSCALL_VFORK_20_X:
+			case PPME_SYSCALL_CLONE3_X:
+			case PPME_SYSCALL_EXECVE_8_X:
+			case PPME_SYSCALL_EXECVE_13_X:
+			case PPME_SYSCALL_EXECVE_14_X:
+			case PPME_SYSCALL_EXECVE_15_X:
+			case PPME_SYSCALL_EXECVE_16_X:
+			case PPME_SYSCALL_EXECVE_17_X:
+			case PPME_SYSCALL_EXECVE_18_X:
+			case PPME_SYSCALL_EXECVE_19_X:
+			case PPME_SYSCALL_EXECVEAT_X:
+			case PPME_SYSCALL_CHROOT_X:
+				m_evt = evt;
+				if(m_evt->get_tinfo() != nullptr) {
+					m_container_id = m_evt->get_tinfo()->m_container_id;
+				}
+				break;
+			default:
+				break;
+			}
+		}
+
+		~user_group_updater() {
+			if(m_evt != nullptr && m_evt->get_tinfo() != nullptr) {
+				if(m_evt->get_tinfo()->m_container_id != m_container_id) {
+					// Refresh user/group
+					m_evt->get_tinfo()->set_group(m_evt->get_tinfo()->m_gid);
+					m_evt->get_tinfo()->set_user(m_evt->get_tinfo()->m_uid);
+				}
+			}
+		}
+
+		sinsp_evt *m_evt;
+		std::string m_container_id;
+	};
+
 	//
 	// User and group tables
 	//