tetragon-oci-hook: support container name

Signed-off-by: Kornilios Kourtis <[email protected]>
cilium · Mar 22, 2024 · f8c5e73 · f8c5e73
1 parent eea7db1
commit f8c5e73
Showing 1 changed file with 21 additions and 3 deletions.
diff --git a/contrib/rthooks/tetragon-oci-hook/cmd/hook/main.go b/contrib/rthooks/tetragon-oci-hook/cmd/hook/main.go
@@ -130,6 +130,20 @@ func getCgroupPath(spec *specs.Spec) (string, error) {
 	return "", fmt.Errorf("Unknown cgroup path: %s", cgroupPath)
 }
 
+func containerNameFromAnnotations(annotations map[string]string) string {
+	// containerd
+	if val, ok := annotations["io.kubernetes.cri.container-name"]; ok {
+		return val
+	}
+
+	// crio
+	if val, ok := annotations["io.kubernetes.container.name"]; ok {
+		return val
+	}
+
+	return ""
+}
+
 // NB: the second argument is only used in case of an error, so disable revive's complains
 // revive:disable:error-return
 func createContainerHook(log *slog.Logger) (error, map[string]string) {
@@ -176,19 +190,23 @@ func createContainerHook(log *slog.Logger) (error, map[string]string) {
 		return fmt.Errorf("unable to determine either RootDir or cgroupPath, bailing out"), nil
 	}
 
+	containerName := containerNameFromAnnotations(spec.Annotations)
+
 	req := &tetragon.RuntimeHookRequest{
 		Event: &tetragon.RuntimeHookRequest_CreateContainer{
 			CreateContainer: &tetragon.CreateContainer{
-				CgroupsPath: cgroupPath,
-				RootDir:     rootDir,
-				Annotations: spec.Annotations,
+				CgroupsPath:   cgroupPath,
+				RootDir:       rootDir,
+				Annotations:   spec.Annotations,
+				ContainerName: containerName,
 			},
 		},
 	}
 
 	log = log.With(
 		"req-cgroups", cgroupPath,
 		"req-rootdir", rootDir,
+		"req-containerName", containerName,
 	)
 	if log.Enabled(context.TODO(), slog.LevelDebug) {
 		// NB: only add annotations in debug level since they are too noisy