Skip to content

Commit

Permalink
Add podman support deepfence/ThreatMapper#1642
Browse files Browse the repository at this point in the history
  • Loading branch information
ramanan-ravi committed Oct 4, 2023
1 parent 5972330 commit 8ff5e73
Show file tree
Hide file tree
Showing 8 changed files with 299 additions and 149 deletions.
32 changes: 29 additions & 3 deletions autodetect.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,10 @@ import (

"github.com/containerd/containerd"
"github.com/containerd/containerd/namespaces"
self_containerd "github.com/deepfence/vessel/containerd"
selfContainerd "github.com/deepfence/vessel/containerd"
"github.com/deepfence/vessel/crio"
"github.com/deepfence/vessel/docker"
selfPodman "github.com/deepfence/vessel/podman"
"github.com/deepfence/vessel/utils"
"github.com/docker/docker/api/types"
"github.com/docker/docker/client"
Expand Down Expand Up @@ -99,6 +100,18 @@ func checkDockerRuntime(endPoint string) (bool, error) {
return true, nil
}

func checkPodmanRuntime(endPoint string) (bool, error) {
running, err := isPodmanRunning(endPoint)
if err != nil {
return false, err
}
if !running {
logrus.Debugf("no running containers found with endpoint %s", endPoint)
return false, nil
}
return true, nil
}

func checkContainerdRuntime(endPoint string) (bool, error) {
addr, dialer, err := GetAddressAndDialer(endPoint)
if err != nil {
Expand Down Expand Up @@ -168,6 +181,8 @@ func getContainerRuntime() (string, string, error) {
connected, err = checkContainerdRuntime(endPoint)
case utils.CRIO:
connected, err = checkCrioRuntime(endPoint)
case utils.PODMAN:
connected, err = checkPodmanRuntime(endPoint)
default:
err = fmt.Errorf("unknown container runtime %s", runtime)
}
Expand Down Expand Up @@ -235,6 +250,15 @@ func isDockerRunning(host string) (bool, error) {
return len(containers) > 0, nil
}

func isPodmanRunning(host string) (bool, error) {
op, err := utils.RunCommand(exec.Command("podman", "--url", host, "ps"), "podman ps:")
if err != nil {
logrus.Warn(err.Error())
return false, err
}
return len(strings.Split(strings.TrimSpace(op.String()), "\n")) > 1, nil
}

func isContainerdRunning(host string) (bool, error) {
clientd, err := containerd.New(strings.Replace(host, "unix://", "", 1))
if err != nil {
Expand Down Expand Up @@ -282,11 +306,13 @@ func NewRuntime() (Runtime, error) {
}

if runtime == utils.DOCKER {
return docker.New(), nil
return docker.New(endpoint), nil
} else if runtime == utils.CONTAINERD {
return self_containerd.New(endpoint), nil
return selfContainerd.New(endpoint), nil
} else if runtime == utils.CRIO {
return crio.New(endpoint), nil
} else if runtime == utils.PODMAN {
return selfPodman.New(endpoint), nil
}

return nil, errors.New("Unknown runtime")
Expand Down
34 changes: 9 additions & 25 deletions docker/docker.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,17 @@ import (
"bufio"
"bytes"
"errors"
"fmt"
"os/exec"
"strings"

"github.com/deepfence/vessel/utils"
"github.com/sirupsen/logrus"
)

// New instantiates a new Docker runtime object
func New() *Docker {
func New(endpoint string) *Docker {
return &Docker{
socketPath: "unix:///var/run/docker.sock",
socketPath: endpoint,
}
}

Expand Down Expand Up @@ -67,7 +67,7 @@ func (d Docker) Save(imageName, outputParam string) ([]byte, error) {

// ExtractFileSystem Extract the file system from tar of an image by creating a temporary dormant container instance
func (d Docker) ExtractFileSystem(imageTarPath string, outputTarPath string, imageName string) error {
imageMsg, err := runCommand(exec.Command("docker", "load", "-i", imageTarPath), "docker load: "+imageTarPath)
imageMsg, err := utils.RunCommand(exec.Command("docker", "load", "-i", imageTarPath), "docker load: "+imageTarPath)
if err != nil {
return err
}
Expand All @@ -86,20 +86,20 @@ func (d Docker) ExtractFileSystem(imageTarPath string, outputTarPath string, ima
if imageId == "" {
return errors.New("image not found from docker load with output: " + string(imageMsg.Bytes()))
}
containerOutput, err := runCommand(exec.Command("docker", "create", imageId), "docker create: "+imageId)
containerOutput, err := utils.RunCommand(exec.Command("docker", "create", imageId), "docker create: "+imageId)
if err != nil {
return err
}
containerId := strings.TrimSpace(containerOutput.String())
_, err = runCommand(exec.Command("docker", "export", strings.TrimSpace(containerId), "-o", outputTarPath), "docker export: "+string(containerId))
_, err = utils.RunCommand(exec.Command("docker", "export", strings.TrimSpace(containerId), "-o", outputTarPath), "docker export: "+string(containerId))
if err != nil {
return err
}
_, err = runCommand(exec.Command("docker", "container", "rm", containerId), "delete container:"+containerId)
_, err = utils.RunCommand(exec.Command("docker", "container", "rm", containerId), "delete container:"+containerId)
if err != nil {
logrus.Warn(err.Error())
}
_, err = runCommand(exec.Command("docker", "image", "rm", imageId), "delete image:"+imageId)
_, err = utils.RunCommand(exec.Command("docker", "image", "rm", imageId), "delete image:"+imageId)
if err != nil {
logrus.Warn(err.Error())
}
Expand All @@ -109,7 +109,7 @@ func (d Docker) ExtractFileSystem(imageTarPath string, outputTarPath string, ima
// ExtractFileSystemContainer Extract the file system of an existing container to tar
func (d Docker) ExtractFileSystemContainer(containerId string, namespace string, outputTarPath string) error {
cmd := exec.Command("docker", "export", strings.TrimSpace(containerId), "-o", outputTarPath)
_, err := runCommand(cmd, "docker export: "+string(containerId))
_, err := utils.RunCommand(cmd, "docker export: "+string(containerId))
if err != nil {
return err
}
Expand All @@ -120,19 +120,3 @@ func (d Docker) ExtractFileSystemContainer(containerId string, namespace string,
func (d Docker) GetFileSystemPathsForContainer(containerId string, namespace string) ([]byte, error) {
return exec.Command("docker", "inspect", strings.TrimSpace(containerId), "|", "jq", "-r", "'map([.Name, .GraphDriver.Data.MergedDir]) | .[] | \"\\(.[0])\t\\(.[1])\"'").Output()
}

// operation is prepended to error message in case of error: optional
func runCommand(cmd *exec.Cmd, operation string) (*bytes.Buffer, error) {

var out bytes.Buffer
var stderr bytes.Buffer
cmd.Stdout = &out
cmd.Stderr = &stderr
errorOnRun := cmd.Run()
if errorOnRun != nil {
logrus.Errorf("cmd: %s", cmd.String())
logrus.Error(errorOnRun)
return nil, errors.New(operation + fmt.Sprint(errorOnRun) + ": " + stderr.String())
}
return &out, nil
}
61 changes: 33 additions & 28 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,58 +3,63 @@ module github.com/deepfence/vessel
go 1.20

require (
github.com/containerd/containerd v1.7.2
github.com/docker/docker v24.0.2+incompatible
github.com/containerd/containerd v1.7.6
github.com/docker/docker v24.0.6+incompatible
github.com/joho/godotenv v1.5.1
github.com/pkg/errors v0.9.1
github.com/sirupsen/logrus v1.9.3
google.golang.org/grpc v1.55.0
google.golang.org/grpc v1.58.2
)

require (
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20221215162035-5330a85ea652 // indirect
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/Microsoft/hcsshim v0.10.0-rc.8 // indirect
github.com/containerd/cgroups v1.1.0 // indirect
github.com/containerd/continuity v0.4.1 // indirect
github.com/Microsoft/hcsshim v0.12.0-rc.0 // indirect
github.com/containerd/cgroups/v3 v3.0.2 // indirect
github.com/containerd/continuity v0.4.2 // indirect
github.com/containerd/fifo v1.1.0 // indirect
github.com/containerd/ttrpc v1.2.2 // indirect
github.com/containerd/typeurl/v2 v2.1.1 // indirect
github.com/cyphar/filepath-securejoin v0.2.3 // indirect
github.com/docker/distribution v2.8.1+incompatible // indirect
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11 // indirect
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/go-logr/logr v1.2.3 // indirect
github.com/go-logr/logr v1.2.4 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/klauspost/compress v1.16.0 // indirect
github.com/google/uuid v1.3.1 // indirect
github.com/klauspost/compress v1.16.7 // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/sys/mountinfo v0.6.2 // indirect
github.com/moby/sys/sequential v0.5.0 // indirect
github.com/moby/sys/signal v0.7.0 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect
github.com/opencontainers/runc v1.1.5 // indirect
github.com/opencontainers/runtime-spec v1.1.0-rc.1 // indirect
github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
github.com/opencontainers/runc v1.1.9 // indirect
github.com/opencontainers/runtime-spec v1.1.1-0.20230823135140-4fec88fd00a4 // indirect
github.com/opencontainers/selinux v1.11.0 // indirect
github.com/prometheus/procfs v0.10.1 // indirect
github.com/stretchr/testify v1.8.4 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/otel v1.14.0 // indirect
go.opentelemetry.io/otel/trace v1.14.0 // indirect
golang.org/x/mod v0.9.0 // indirect
golang.org/x/net v0.8.0 // indirect
golang.org/x/sync v0.1.0 // indirect
golang.org/x/sys v0.7.0 // indirect
golang.org/x/text v0.8.0 // indirect
golang.org/x/tools v0.7.0 // indirect
google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect
google.golang.org/protobuf v1.30.0 // indirect
gotest.tools/v3 v3.4.0 // indirect
go.opentelemetry.io/otel v1.16.0 // indirect
go.opentelemetry.io/otel/metric v1.16.0 // indirect
go.opentelemetry.io/otel/trace v1.16.0 // indirect
golang.org/x/mod v0.12.0 // indirect
golang.org/x/net v0.15.0 // indirect
golang.org/x/sync v0.3.0 // indirect
golang.org/x/sys v0.12.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect
google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
google.golang.org/protobuf v1.31.0 // indirect
gotest.tools/v3 v3.5.1 // indirect
)
Loading

0 comments on commit 8ff5e73

Please sign in to comment.