fix: address review comments

Signed-off-by: Roberto Scolaro <[email protected]>

Author: therealbobo

.github/workflows/ci.yaml

@@ -40,7 +40,7 @@ jobs:
             git \
             libelf-dev \
             libtool \
-            linux-tools-`uname -r` \
+            linux-tools-$(uname -r) \
             llvm \
             ninja-build \
             pkg-config \

.github/workflows/release-draft.yaml

@@ -50,7 +50,7 @@ jobs:
             git \
             libelf-dev \
             libtool \
-            linux-tools-`uname -r` \
+            linux-tools-$(uname -r) \
             llvm \
             ninja-build \
             pkg-config \

cmake/modules/container_plugin.cmake

@@ -17,17 +17,17 @@ include(ExternalProject)
 
 string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} PLUGINS_SYSTEM_NAME)
 
-set(CONTAINER_VERSION "0.3.7")
+set(CONTAINER_VERSION "0.4.1")
 
 if(UNIX AND NOT APPLE)
 
 	set(CONTAINER_LIBRARY
 		"${CMAKE_BINARY_DIR}/container_plugin-prefix/src/container_plugin/libcontainer.so"
 	)
 	if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
-		set(CONTAINER_HASH "fd4e0b36ff9eb8ea34ee8166d0bfa29f9de7939e7c6e1ef931a9d6261b20f5ab")
+		set(CONTAINER_HASH "2ca0390f8b44bb4d0ec4c7f030dfb82af349897d00276393b6cb29281e14588e")
 	else() # arm64
-		set(CONTAINER_HASH "fb13572da413d2272d249459f0afd1879514a265e43acaaa8a844163bede239d")
+		set(CONTAINER_HASH "aa69ae222fb3947d9eac3756e06d5006964e1544130d3ebff398a18462fd0b12")
 	endif()
 
 	if(NOT TARGET container_plugin)
@@ -75,7 +75,7 @@ else()
 		ExternalProject_Add(
 			container_plugin
 			URL "https://github.com/falcosecurity/plugins/archive/refs/tags/plugins/container/v${CONTAINER_VERSION}.tar.gz"
-			URL_HASH "SHA256=da063e8d99310596a4c369fb010053e391247f2db6cd3fae9e733582923b71c4"
+			URL_HASH "SHA256=7adbd1062533dbd3f6d18e77abe44f63dd80cf40ebb7755d0a1bdb8298888ac4"
 			SOURCE_SUBDIR plugins/container
 			BUILD_IN_SOURCE 1
 			BUILD_BYPRODUCTS "${CONTAINER_LIBRARY}"

userspace/sysdig/csysdig.cpp

@@ -21,9 +21,6 @@ limitations under the License.
 
 #include <stdio.h>
 #include <iostream>
-#include <fstream>
-#include <sstream>
-#include <filesystem>
 #include <time.h>
 #include <signal.h>
 #include <fcntl.h>
@@ -418,19 +415,8 @@ sysdig_init_res csysdig_init(int argc, char **argv)
 		plugins.add_directory(SYSDIG_PLUGINS_DIR);
 		plugins.read_plugins_from_dirs(inspector);
 
-		// Load container plugin
-		std::string container_config = R"({"hooks":["create","start"],"engines":{"docker":{"enabled":true,"sockets":["/var/run/docker.sock"]},"podman":{"enabled":true,"sockets":["/run/podman/podman.sock","/run/user/1000/podman/podman.sock"]},"containerd":{"enabled":false,"sockets":["/run/containerd/containerd.sock"]},"cri":{"enabled":true,"sockets":["/run/crio/crio.sock"]},"lxc":{"enabled":false},"libvirt_lxc":{"enabled":false},"bpm":{"enabled":false}}})";
-		auto container_config_file = "/etc/sysdig/container.json";
-		if (std::filesystem::exists(container_config_file))
-		{
-			std::ifstream file(container_config_file);
-			std::stringstream buffer;
-			buffer << file.rdbuf();
-			container_config = buffer.str();
-		}
-
-		plugins.load_plugin(inspector, "container");
-		plugins.config_plugin(inspector, "container", container_config);
+		// Load container plugin (if available)
+		plugins.load_container_plugin_if_available(inspector);
 
 		//
 		// Parse the args

userspace/sysdig/sysdig.cpp

@@ -21,16 +21,13 @@ limitations under the License.
 
 #include <stdio.h>
 #include <iostream>
-#include <fstream>
-#include <sstream>
 #include <time.h>
 #include <signal.h>
 #include <fcntl.h>
 #include <sys/stat.h>
 #include <assert.h>
 #include <algorithm>
 #include <atomic>
-#include <filesystem>
 
 #include <libsinsp/sinsp.h>
 #include <libsinsp/sinsp_cycledumper.h>
@@ -1096,19 +1093,8 @@ sysdig_init_res sysdig_init(int argc, char **argv)
 		plugins.add_directory(SYSDIG_PLUGINS_DIR);
 		plugins.read_plugins_from_dirs(inspector.get());
 
-		// Load container plugin
-		std::string container_config = R"({"hooks":["create","start"],"engines":{"docker":{"enabled":true,"sockets":["/var/run/docker.sock"]},"podman":{"enabled":true,"sockets":["/run/podman/podman.sock","/run/user/1000/podman/podman.sock"]},"containerd":{"enabled":false,"sockets":["/run/containerd/containerd.sock"]},"cri":{"enabled":true,"sockets":["/run/crio/crio.sock", "/run/containerd/containerd.sock"]},"lxc":{"enabled":false},"libvirt_lxc":{"enabled":false},"bpm":{"enabled":false}}})";
-		auto container_config_file = "/etc/sysdig/container.json";
-		if (std::filesystem::exists(container_config_file))
-		{
-			std::ifstream file(container_config_file);
-			std::stringstream buffer;
-			buffer << file.rdbuf();
-			container_config = buffer.str();
-		}
-
-		plugins.load_plugin(inspector.get(), "container");
-		plugins.config_plugin(inspector.get(), "container", container_config);
+		// Load container plugin (if available)
+		plugins.load_container_plugin_if_available(inspector.get());
 
 		//
 		// Parse the args

userspace/sysdig/utils/plugin_utils.cpp

@@ -22,6 +22,8 @@ limitations under the License.
 
 #include <utility>
 #include <filesystem>
+#include <fstream>
+#include <sstream>
 #include <yaml-cpp/yaml.h>
 #include <nlohmann/json.hpp>
 
@@ -644,3 +646,52 @@ std::vector<std::unique_ptr<sinsp_filter_check>> plugin_utils::get_filterchecks(
     }
     return list;
 }
+
+bool plugin_utils::load_container_plugin_if_available(sinsp *inspector)
+{
+    // Check if container plugin exists in any of the plugin directories
+    std::string soname = SHAREDOBJ_PREFIX "container" SHAREDOBJ_EXT;
+    bool plugin_exists = false;
+
+    iterate_plugins_dirs(m_dirs, [&soname, &plugin_exists] (const std::filesystem::path file) -> bool {
+        auto filename = file.filename().generic_string();
+        if (filename == soname)
+        {
+            plugin_exists = true;
+            return true; // break-out
+        }
+        return false;
+    });
+
+    if (!plugin_exists)
+    {
+        fprintf(stderr, "Warning: container plugin (%s) not found in plugin directories. Container metadata will not be available.\n", soname.c_str());
+        fprintf(stderr, "         This is expected if you're running sysdig standalone (not installed via package manager).\n");
+        return false;
+    }
+
+    try
+    {
+        // Load container configuration from file or use default
+        std::string container_config = R"({"hooks":["create","start"],"engines":{"docker":{"enabled":true,"sockets":["/var/run/docker.sock"]},"podman":{"enabled":true,"sockets":["/run/podman/podman.sock","/run/user/1000/podman/podman.sock"]},"containerd":{"enabled":false,"sockets":["/run/containerd/containerd.sock"]},"cri":{"enabled":true,"sockets":["/run/crio/crio.sock", "/run/containerd/containerd.sock"]},"lxc":{"enabled":false},"libvirt_lxc":{"enabled":false},"bpm":{"enabled":false}}})";
+        auto container_config_file = "/etc/sysdig/container.json";
+        if (std::filesystem::exists(container_config_file))
+        {
+            std::ifstream file(container_config_file);
+            std::stringstream buffer;
+            buffer << file.rdbuf();
+            container_config = buffer.str();
+        }
+
+        // Load and configure the plugin
+        load_plugin(inspector, "container");
+        config_plugin(inspector, "container", container_config);
+        return true;
+    }
+    catch (const sinsp_exception& e)
+    {
+        fprintf(stderr, "Warning: failed to load container plugin: %s\n", e.what());
+        fprintf(stderr, "         Container metadata will not be available.\n");
+        return false;
+    }
+}

userspace/sysdig/utils/plugin_utils.h

@@ -39,6 +39,9 @@ class plugin_utils
 
 	void config_plugin(sinsp *inspector, const std::string& name, const std::string& conf);
 
+	// Load container plugin if available, with graceful fallback
+	bool load_container_plugin_if_available(sinsp *inspector);
+
 	void select_input_plugin(sinsp *inspector, filter_check_list* flist, const std::string& name, const std::string& params);
 	void clear_input_plugin();