Skip to content

Commit

Permalink
start of darwin support in event monitor
Browse files Browse the repository at this point in the history
  • Loading branch information
paulcacheux committed Jun 27, 2024
1 parent 45fe11b commit ce8c55c
Show file tree
Hide file tree
Showing 36 changed files with 5,656 additions and 22 deletions.
18 changes: 18 additions & 0 deletions cmd/system-probe/modules/all_darwin.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

//go:build darwin

//nolint:revive // TODO(EBPF) Fix revive linter
package modules

import (
"github.com/DataDog/datadog-agent/cmd/system-probe/api/module"
)

// All System Probe modules should register their factories here
var All = []module.Factory{
EventMonitor,
}
2 changes: 1 addition & 1 deletion cmd/system-probe/modules/all_unsupported.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

//go:build !linux && !windows
//go:build !(linux || windows || darwin)

// Package modules is all the module definitions for system-probe
package modules
Expand Down
2 changes: 1 addition & 1 deletion cmd/system-probe/modules/eventmonitor.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

//go:build linux || windows
//go:build linux || windows || darwin

package modules

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

//go:build windows
//go:build windows || darwin

package modules

Expand Down
2 changes: 1 addition & 1 deletion pkg/eventmonitor/eventmonitor.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

//go:build linux || windows
//go:build linux || windows || darwin

// Package eventmonitor holds eventmonitor related files
package eventmonitor
Expand Down
35 changes: 35 additions & 0 deletions pkg/eventmonitor/eventmonitor_darwin.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

//go:build darwin

package eventmonitor

import (
"net"
"os"
)

func (m *EventMonitor) getListener() (net.Listener, error) {
ln, err := net.Listen("unix", m.Config.SocketPath)
if err != nil {
return nil, err
}

if err = os.Chmod(m.Config.SocketPath, 0700); err != nil {
return nil, err
}
return ln, nil
}

func (m *EventMonitor) init() error {
// force socket cleanup of previous socket not cleanup
os.Remove(m.Config.SocketPath)
return nil
}

func (m *EventMonitor) cleanup() {
os.Remove(m.Config.SocketPath)
}
2 changes: 1 addition & 1 deletion pkg/eventmonitor/eventmonitor_other.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

//go:build !linux && !windows
//go:build !(linux || windows || darwin)

// Package eventmonitor holds eventmonitor related files
package eventmonitor
Expand Down
33 changes: 33 additions & 0 deletions pkg/process/events/consumer/event_copy_darwin.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

//go:build darwin

package consumer

import (
"github.com/DataDog/datadog-agent/pkg/process/events/model"
smodel "github.com/DataDog/datadog-agent/pkg/security/secl/model"
)

// Copy copies the necessary fields from the event received from the event monitor
func (p *ProcessConsumer) Copy(event *smodel.Event) any {
return &model.ProcessEvent{
EventType: model.NewEventType(event.GetEventType().String()),
CollectionTime: event.GetTimestamp(),
Pid: event.GetProcessPid(),
ContainerID: event.GetContainerId(),
Ppid: event.GetProcessPpid(),
UID: event.GetProcessUid(),
GID: event.GetProcessGid(),
Username: event.GetProcessUser(),
Group: event.GetProcessGroup(),
Exe: event.GetExecFilePath(),
Cmdline: event.GetProcessArgv(),
ExecTime: event.GetProcessExecTime(),
ExitTime: event.GetProcessExitTime(),
ExitCode: event.GetExitCode(),
}
}
2 changes: 1 addition & 1 deletion pkg/process/events/consumer/event_copy_other.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 18 additions & 0 deletions pkg/security/probe/field_handlers_darwin.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

// Package probe holds probe related files
package probe

import (
"github.com/DataDog/datadog-agent/pkg/security/secl/model"
)

// FieldHandlers defines a field handlers
type FieldHandlers struct {
// TODO(safchain) remove this when support for multiple platform with the same build tags is available
// keeping it can be dangerous as it can hide non implemented handlers
model.FakeFieldHandlers
}
37 changes: 37 additions & 0 deletions pkg/security/probe/model_darwin.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

// Package probe holds probe related files
package probe

import (
"fmt"
"strings"

"github.com/DataDog/datadog-agent/pkg/security/secl/compiler/eval"
"github.com/DataDog/datadog-agent/pkg/security/secl/model"
)

// NewDarwinModel returns a new model with some extra field validation
func NewDarwinModel() *model.Model {
return &model.Model{
ExtraValidateFieldFnc: func(field eval.Field, fieldValue eval.FieldValue) error {
// TODO(safchain) remove this check when multiple model per platform will be supported in the SECL package
if !strings.HasPrefix(field, "exec.") &&
!strings.HasPrefix(field, "exit.") &&
!strings.HasPrefix(field, "process.") {
return fmt.Errorf("%s is not available with the Windows version", field)
}
return nil
},
}
}

// NewDarwinEvent returns a new event
func NewDarwinEvent(fh *FieldHandlers) *model.Event {
event := model.NewFakeEvent()
event.FieldHandlers = fh
return event
}
25 changes: 25 additions & 0 deletions pkg/security/probe/opts_darwin.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

//go:build darwin

// Package probe holds probe related files
package probe

import (
"github.com/DataDog/datadog-go/v5/statsd"
)

// Opts defines some probe options
type Opts struct {
// StatsdClient to be used for probe stats
StatsdClient statsd.ClientInterface
}

func (o *Opts) normalize() {
if o.StatsdClient == nil {
o.StatsdClient = &statsd.NoOpClient{}
}
}
2 changes: 1 addition & 1 deletion pkg/security/probe/probe.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.

//go:build linux || windows
//go:build linux || windows || darwin

// Package probe holds probe related files
package probe
Expand Down
Loading

0 comments on commit ce8c55c

Please sign in to comment.