mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 08:34:40 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

resolve absolute path of a process if it's relative

Browse source 
We may receive relative paths from kernel (eBPF), so we need to resolve
the absolute path of the process in order to create valid rules.
This commit is contained in:
Gustavo Iñiguez Goia 2022-10-01 22:27:07 +02:00
parent 814ed52331
commit 8f70af47e2
Failed to generate hash of commit
2 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
daemon/core/core.go
View file

@ -58,6 +58,11 @@ func ExpandPath(path string) (string, error) {
return "", nil
}
// IsAbsPath verifies if a path is absolute or not
func IsAbsPath(path string) bool {
return path[0] == 47 // 47 == '/'
}
// GetFileModTime checks if a file has been modified.
func GetFileModTime(filepath string) (time.Time, error) {
fi, err := os.Stat(filepath)

11
daemon/procmon/details.go
View file

@ -111,7 +111,7 @@ func (p *Process) ReadEnv() {
// - /proc/<pid>/exe can't be read
func (p *Process) ReadPath() error {
// avoid rereading the path
if p.Path != "" {
if p.Path != "" && core.IsAbsPath(p.Path) {
return nil
}
defer func() {
@ -296,4 +296,13 @@ func (p *Process) CleanPath() {
if pathLen >= 10 && p.Path[pathLen-10:] == " (deleted)" {
p.Path = p.Path[:len(p.Path)-10]
}
// We may receive relative paths from kernel, but the path of a process must be absolute
if core.IsAbsPath(p.Path) == false {
if err := p.ReadPath(); err != nil {
log.Debug("ClenPath() error reading process path%s", err)
return
}
}
}