Skip to content

Commit

Permalink
Merge pull request kubearmor#722 from kloudmax/CleanUpExitedHostPids
Browse files Browse the repository at this point in the history 
fix CleanUpExitedHostPids
  • Loading branch information
@nyrahul
nyrahul authored May 27, 2022
2 parents 658b254 + 7b593ef commit 1c63466
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 18 deletions.
32 changes: 21 additions & 11 deletions KubeArmor/monitor/processTree.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,32 +231,42 @@ func (mon *SystemMonitor) DeleteActivePid(containerID string, ctx SyscallContext
// delete execve(at) host pid
if pidMap, ok := ActiveHostPidMap[containerID]; ok {
if node, ok := pidMap[ctx.HostPID]; ok {
node.Exited = true
node.ExitedTime = now
newNode := node
newNode.Exited = true
newNode.ExitedTime = now
pidMap[ctx.HostPID] = newNode
}
}
}

// CleanUpExitedHostPids Function
func (mon *SystemMonitor) CleanUpExitedHostPids() {
for range mon.Ticker.C {
now := time.Now()
ActiveHostPidMap := *(mon.ActiveHostPidMap)
ActivePidMapLock := *(mon.ActivePidMapLock)

ActiveHostPidMap := *(mon.ActiveHostPidMap)
ActivePidMapLock := *(mon.ActivePidMapLock)
for {
now := time.Now()

ActivePidMapLock.Lock()

for _, pidMap := range ActiveHostPidMap {
for containerID, pidMap := range ActiveHostPidMap {
for pid, pidNode := range pidMap {
if pidNode.Exited {
if now.After(pidNode.ExitedTime.Add(time.Second * 5)) {
delete(pidMap, pid)
}
if pidNode.Exited && now.After(pidNode.ExitedTime.Add(time.Second*5)) {
delete(pidMap, pid)
}
}

if len(pidMap) == 0 {
delete(ActiveHostPidMap, containerID)
}
}

ActivePidMapLock.Unlock()

if !mon.Status {
break
}

time.Sleep(10 * time.Second)
}
}
11 changes: 4 additions & 7 deletions KubeArmor/monitor/systemMonitor.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,11 +141,9 @@ type SystemMonitor struct {
// lists to skip
UntrackedNamespaces []string

Status bool
UptimeTimeStamp float64
HostByteOrder binary.ByteOrder

// ticker to clean up exited pids
Ticker *time.Ticker
}

// NewSystemMonitor Function
Expand All @@ -169,11 +167,10 @@ func NewSystemMonitor(node *tp.Node, logger *fd.Feeder, containers *map[string]t

mon.UntrackedNamespaces = []string{"kube-system", "kubearmor"}

mon.Status = true
mon.UptimeTimeStamp = kl.GetUptimeTimestamp()
mon.HostByteOrder = bcc.GetHostByteOrder()

mon.Ticker = time.NewTicker(time.Second * 10)

return mon
}

Expand Down Expand Up @@ -324,6 +321,8 @@ func (mon *SystemMonitor) InitBPF() error {

// DestroySystemMonitor Function
func (mon *SystemMonitor) DestroySystemMonitor() error {
mon.Status = false

if mon.SyscallPerfMap != nil {
mon.SyscallPerfMap.Stop()
}
Expand All @@ -336,8 +335,6 @@ func (mon *SystemMonitor) DestroySystemMonitor() error {
close(mon.ContextChan)
}

mon.Ticker.Stop()

return nil
}

Expand Down

0 comments on commit 1c63466

Please sign in to comment.