add feature flag for enabling collection of proc files

swermin · swermin · commit 700070c8fa8a · 2024-04-01T17:56:43.000+02:00
Signed-off-by: Ermin Hrkalovic &lt;ermin.hrkalovic@outlook.com&gt;
diff --git a/charts/core-dump-handler/README.md b/charts/core-dump-handler/README.md
@@ -177,6 +177,11 @@ The agent pod has the following environment variables and these are all set by t
     false (Default): The composer will generate the additional JSON files.
 
     true: The composer will only collect the core dump and save the core parameters as an additional JSON
+* COMP_INCLUDE_PROC_INFO - Defines if the composer should get additional proc files from the container process. *Warning:* These files can contain sensitive information regarding the process, use with caution
+
+    false (Default): The composer will not collect any pid related files
+
+    true: The composer will copy 'auxv', 'cmdline', 'environ', 'maps' and 'status' for every container into the zip
 * COMP_CRIO_IMAGE_CMD - The command to use to get image information for the core dump.
 
     "img" (Default): This is the value most crictls expect.
@@ -271,6 +276,7 @@ Image
 Composer
 * logLevel: The log level for the composer (Default "Warn")
 * ignoreCrio: Maps to the COMP_IGNORE_CRIO enviroment variable  (Default false)
+* includeProcInfo: Maps to the COMP_INCLUDE_PROC_INFO enviroment variable  (Default false)
 * crioImageCmd: Maps to the COMP_CRIO_IMAGE_CMD enviroment variable (Default "img")
 * timeout: Maps to the COMP_TIMEOUT environment variable ("Default 600)
 * compression: Maps to the COMP_COMPRESSION environment variable (Default "true")
diff --git a/charts/core-dump-handler/ci/inotify-manage-store.yaml b/charts/core-dump-handler/ci/inotify-manage-store.yaml
@@ -21,6 +21,7 @@ storageClass: hostclass
 
 composer:
   ignoreCrio: false
+  includeProcInfo: false
   crioImageCmd: "img"
   logLevel: "Warn"
   # Double curlies are required otherwise helm trys to parse the string
diff --git a/charts/core-dump-handler/ci/interval-manage-store.yaml b/charts/core-dump-handler/ci/interval-manage-store.yaml
@@ -21,6 +21,7 @@ storageClass: hostclass
 
 composer:
   ignoreCrio: false
+  includeProcInfo: false
   crioImageCmd: "img"
   logLevel: "Warn"
   # Double curlies are required otherwise helm trys to parse the string
diff --git a/charts/core-dump-handler/ci/schedule-no-manage-store.yaml b/charts/core-dump-handler/ci/schedule-no-manage-store.yaml
@@ -21,6 +21,7 @@ storageClass: hostclass
 
 composer:
   ignoreCrio: false
+  includeProcInfo: false
   crioImageCmd: "img"
   logLevel: "Warn"
   # Double curlies are required otherwise helm trys to parse the string
diff --git a/charts/core-dump-handler/templates/daemonset.yaml b/charts/core-dump-handler/templates/daemonset.yaml
@@ -44,6 +44,8 @@ spec:
             value: {{ .Values.composer.logLevel }}
           - name: COMP_IGNORE_CRIO
             value: {{ .Values.composer.ignoreCrio | quote }}
+          - name: COMP_INCLUDE_PROC_INFO
+            value: {{ .Values.composer.includeProcInfo | quote }}
           - name: COMP_CRIO_IMAGE_CMD
             value:  {{ .Values.composer.crioImageCmd }}
           - name: COMP_POD_SELECTOR_LABEL
diff --git a/charts/core-dump-handler/values.schema.json b/charts/core-dump-handler/values.schema.json
@@ -110,6 +110,9 @@
                 "ignoreCrio": {
                     "type": "boolean"
                 },
+                "includeProcInfo": {
+                    "type": "boolean"
+                },
                 "crioImageCmd": {
                     "type": "string"
                 },
@@ -130,6 +133,7 @@
             "required": [
                 "crioImageCmd",
                 "ignoreCrio",
+                "includeProcInfo",
                 "logLevel",
                 "logLength",
                 "filenameTemplate",
diff --git a/charts/core-dump-handler/values.yaml b/charts/core-dump-handler/values.yaml
@@ -23,6 +23,7 @@ storageClass: hostclass
 
 composer:
   ignoreCrio: false
+  includeProcInfo: false
   crioImageCmd: "img"
   logLevel: "Warn"
   filenameTemplate: "{uuid}-dump-{timestamp}-{hostname}-{exe_name}-{pid}-{signal}"
diff --git a/core-dump-agent/src/main.rs b/core-dump-agent/src/main.rs
@@ -466,6 +466,9 @@ fn create_env_file(host_location: &str) -> Result<(), std::io::Error> {
     let ignore_crio = env::var("COMP_IGNORE_CRIO")
         .unwrap_or_else(|_| "false".to_string())
         .to_lowercase();
+    let include_proc_info = env::var("COMP_INCLUDE_PROC_INFO")
+        .unwrap_or_else(|_| "false".to_string())
+        .to_lowercase();
     let crio_image = env::var("COMP_CRIO_IMAGE_CMD").unwrap_or_else(|_| "img".to_string());
     let destination = format!("{}/{}", host_location, ".env");
     let use_crio_config = env::var("DEPLOY_CRIO_CONFIG")
@@ -492,7 +495,7 @@ fn create_env_file(host_location: &str) -> Result<(), std::io::Error> {
     info!("Creating {} file with LOG_LEVEL={}", destination, loglevel);
     let mut env_file = File::create(destination)?;
     let text = format!(
-        "LOG_LEVEL={loglevel}\nIGNORE_CRIO={ignore_crio}\nCRIO_IMAGE_CMD={crio_image}\nUSE_CRIO_CONF={use_crio_config}\nFILENAME_TEMPLATE={filename_template}\nLOG_LENGTH={log_length}\nPOD_SELECTOR_LABEL={pod_selector_label}\nTIMEOUT={timeout}\nCOMPRESSION={compression}\nCORE_EVENTS={core_events}\nEVENT_DIRECTORY={event_directory}\n");
+        "LOG_LEVEL={loglevel}\nIGNORE_CRIO={ignore_crio}\nINCLUDE_PROC_INFO={include_proc_info}\nCRIO_IMAGE_CMD={crio_image}\nUSE_CRIO_CONF={use_crio_config}\nFILENAME_TEMPLATE={filename_template}\nLOG_LENGTH={log_length}\nPOD_SELECTOR_LABEL={pod_selector_label}\nTIMEOUT={timeout}\nCOMPRESSION={compression}\nCORE_EVENTS={core_events}\nEVENT_DIRECTORY={event_directory}\n");
     info!("Writing composer .env \n{}", text);
     env_file.write_all(text.as_bytes())?;
     env_file.flush()?;
diff --git a/core-dump-agent/tests/basic.rs b/core-dump-agent/tests/basic.rs
@@ -89,6 +89,7 @@ fn basic() -> Result<(), std::io::Error> {
     let env_content = fs::read_to_string(&env_file).unwrap();
     assert!(env_content.contains("LOG_LEVEL=debug"));
     assert!(env_content.contains("IGNORE_CRIO=false"));
+    assert!(env_content.contains("INCLUDE_PROC_INFO=false"));
     assert!(env_content.contains("CRIO_IMAGE_CMD=img"));
     assert!(env_content.contains("USE_CRIO_CONF=false"));
     assert!(env_content.contains(
diff --git a/core-dump-composer/src/config.rs b/core-dump-composer/src/config.rs
@@ -21,6 +21,7 @@ pub struct CoreConfig {
     pub pod_selector_label: String,
     pub use_crio_config: bool,
     pub ignore_crio: bool,
+    pub include_proc_info: bool,
     pub core_events: bool,
     pub timeout: u32,
     pub compression: bool,
@@ -98,6 +99,10 @@ impl CoreConfig {
             .to_lowercase()
             .parse::<bool>()
             .unwrap();
+        let include_proc_info = env::var("INCLUDE_PROC_INFO")
+            .unwrap_or_else(|_| "false".to_string().to_lowercase())
+            .parse::<bool>()
+            .unwrap();
         let log_length = env::var("LOG_LENGTH")
             .unwrap_or_else(|_| "500".to_string())
             .parse::<u32>()
@@ -145,6 +150,7 @@ impl CoreConfig {
             log_level,
             pod_selector_label,
             ignore_crio,
+            include_proc_info,
             dot_env_path,
             image_command,
             use_crio_config,
