diff --git a/docs/docs/install/config/index.md b/docs/docs/install/config/index.md index ddeb3b6bbaf4..318d1fdf7b0b 100644 --- a/docs/docs/install/config/index.md +++ b/docs/docs/install/config/index.md @@ -16,9 +16,6 @@ proctree: cache: process: 8192 thread: 4096 - cache-ttl: - process: 60 - thread: 60 capabilities: bypass: false diff --git a/docs/docs/policies/usage/cli.md b/docs/docs/policies/usage/cli.md index 7e098746caf6..5ca4f1afff1d 100644 --- a/docs/docs/policies/usage/cli.md +++ b/docs/docs/policies/usage/cli.md @@ -67,9 +67,6 @@ proctree: cache: process: 8192 thread: 8192 - cache-ttl: - process: 120 - thread: 120 # cri: # - runtime: # name: docker diff --git a/examples/config/global_config.yaml b/examples/config/global_config.yaml index 23ca96602bd7..cdcdc6de0b71 100644 --- a/examples/config/global_config.yaml +++ b/examples/config/global_config.yaml @@ -8,9 +8,6 @@ proctree: # cache: # process: 8192 # thread: 4096 - # cache-ttl: - # process: 120 - # thread: 120 capabilities: bypass: false diff --git a/pkg/cmd/cobra/config.go b/pkg/cmd/cobra/config.go index 4e8d5628e5af..9f2cc27d4b84 100644 --- a/pkg/cmd/cobra/config.go +++ b/pkg/cmd/cobra/config.go @@ -173,9 +173,8 @@ func (c *RegoConfig) flags() []string { // type ProcTreeConfig struct { - Source string `mapstructure:"source"` - Cache ProcTreeCacheConfig `mapstructure:"cache"` - CacheTTL ProcTreeCacheTTLConfig `mapstructure:"cache-ttl"` + Source string `mapstructure:"source"` + Cache ProcTreeCacheConfig `mapstructure:"cache"` } type ProcTreeCacheConfig struct { @@ -183,11 +182,6 @@ type ProcTreeCacheConfig struct { Thread int `mapstructure:"thread"` } -type ProcTreeCacheTTLConfig struct { - Process int `mapstructure:"process"` - Thread int `mapstructure:"thread"` -} - func (c *ProcTreeConfig) flags() []string { flags := make([]string, 0) @@ -204,12 +198,6 @@ func (c *ProcTreeConfig) flags() []string { if c.Cache.Thread != 0 { flags = append(flags, fmt.Sprintf("thread-cache=%d", c.Cache.Thread)) } - if c.CacheTTL.Process != 0 { - flags = append(flags, fmt.Sprintf("process-cache-ttl=%d", c.CacheTTL.Process)) - } - if c.CacheTTL.Thread != 0 { - flags = append(flags, fmt.Sprintf("thread-cache-ttl=%d", c.CacheTTL.Thread)) - } return flags } diff --git a/pkg/cmd/cobra/config_test.go b/pkg/cmd/cobra/config_test.go index e09079a5d79b..c4c35cea4f1a 100644 --- a/pkg/cmd/cobra/config_test.go +++ b/pkg/cmd/cobra/config_test.go @@ -97,17 +97,12 @@ proctree: cache: process: 8192 thread: 4096 - cache-ttl: - process: 5 - thread: 10 `, key: "proctree", expectedFlags: []string{ "source=events", "process-cache=8192", "thread-cache=4096", - "process-cache-ttl=5", - "thread-cache-ttl=10", }, }, { @@ -596,20 +591,6 @@ func TestProcTreeConfigFlags(t *testing.T) { "thread-cache=4096", }, }, - { - name: "process cache ttl set", - config: ProcTreeConfig{ - Source: "", - CacheTTL: ProcTreeCacheTTLConfig{ - Process: 5, - Thread: 10, - }, - }, - expected: []string{ - "process-cache-ttl=5", - "thread-cache-ttl=10", - }, - }, { name: "all fields set", config: ProcTreeConfig{ diff --git a/pkg/cmd/flags/proctree.go b/pkg/cmd/flags/proctree.go index 7d63b359ee15..020c86f369e6 100644 --- a/pkg/cmd/flags/proctree.go +++ b/pkg/cmd/flags/proctree.go @@ -4,7 +4,6 @@ import ( "fmt" "strconv" "strings" - "time" "github.com/aquasecurity/tracee/pkg/logger" "github.com/aquasecurity/tracee/pkg/proctree" @@ -21,8 +20,6 @@ Example: both | process tree is built from both events and signals. --proctree process-cache=8192 | will cache up to 8192 processes in the tree (LRU cache). --proctree thread-cache=4096 | will cache up to 4096 threads in the tree (LRU cache). - --proctree process-cache-ttl=60 | will set the process cache element TTL to 60 seconds. - --proctree thread-cache-ttl=60 | will set the thread cache element TTL to 60 seconds. --proctree disable-procfs-query | Will disable procfs queries during runtime Use comma OR use the flag multiple times to choose multiple options: @@ -38,8 +35,6 @@ func PrepareProcTree(cacheSlice []string) (proctree.ProcTreeConfig, error) { Source: proctree.SourceNone, // disabled by default ProcessCacheSize: proctree.DefaultProcessCacheSize, ThreadCacheSize: proctree.DefaultThreadCacheSize, - ProcessCacheTTL: proctree.DefaultProcessCacheTTL, - ThreadCacheTTL: proctree.DefaultThreadCacheTTL, ProcfsInitialization: true, ProcfsQuerying: true, } @@ -98,24 +93,6 @@ func PrepareProcTree(cacheSlice []string) (proctree.ProcTreeConfig, error) { cacheSet = true continue } - if strings.HasPrefix(value, "process-cache-ttl=") { - num := strings.TrimPrefix(value, "process-cache-ttl=") - ttl, err := strconv.Atoi(num) - if err != nil { - return config, err - } - config.ProcessCacheTTL = time.Duration(ttl) * time.Second - continue - } - if strings.HasPrefix(value, "thread-cache-ttl=") { - num := strings.TrimPrefix(value, "thread-cache-ttl=") - ttl, err := strconv.Atoi(num) - if err != nil { - return config, err - } - config.ThreadCacheTTL = time.Duration(ttl) * time.Second - continue - } if strings.HasPrefix(value, "disable-procfs-query") { config.ProcfsQuerying = false continue diff --git a/pkg/proctree/proctree.go b/pkg/proctree/proctree.go index 55f275b1d5fa..6f743bfbd113 100644 --- a/pkg/proctree/proctree.go +++ b/pkg/proctree/proctree.go @@ -5,8 +5,9 @@ import ( "sync" "time" - "github.com/hashicorp/golang-lru/v2/expirable" + lru "github.com/hashicorp/golang-lru/v2" + "github.com/aquasecurity/tracee/pkg/errfmt" "github.com/aquasecurity/tracee/pkg/logger" traceetime "github.com/aquasecurity/tracee/pkg/time" ) @@ -68,19 +69,17 @@ type ProcTreeConfig struct { Source SourceType ProcessCacheSize int ThreadCacheSize int - ProcessCacheTTL time.Duration - ThreadCacheTTL time.Duration ProcfsInitialization bool // Determine whether to scan procfs data for process tree initialization ProcfsQuerying bool // Determine whether to query procfs for missing information during runtime } // ProcessTree is a tree of processes and threads. type ProcessTree struct { - processes *expirable.LRU[uint32, *Process] // hash -> process - threads *expirable.LRU[uint32, *Thread] // hash -> threads - procfsChan chan int // channel of pids to read from procfs - procfsOnce *sync.Once // busy loop debug message throttling - ctx context.Context // context for the process tree + processes *lru.Cache[uint32, *Process] // hash -> process + threads *lru.Cache[uint32, *Thread] // hash -> threads + procfsChan chan int // channel of pids to read from procfs + procfsOnce *sync.Once // busy loop debug message throttling + ctx context.Context // context for the process tree procfsQuery bool timeNormalizer traceetime.TimeNormalizer } @@ -91,22 +90,26 @@ func NewProcessTree(ctx context.Context, config ProcTreeConfig, timeNormalizer t thrEvicted := 0 // Create caches for processes. - processes := expirable.NewLRU[uint32, *Process]( + processes, err := lru.NewWithEvict[uint32, *Process]( config.ProcessCacheSize, - func(k uint32, v *Process) { + func(uint32, *Process) { procEvited++ }, - config.ProcessCacheTTL, ) + if err != nil { + return nil, errfmt.WrapError(err) + } // Create caches for threads. - threads := expirable.NewLRU[uint32, *Thread]( + threads, err := lru.NewWithEvict[uint32, *Thread]( config.ThreadCacheSize, - func(k uint32, v *Thread) { + func(uint32, *Thread) { thrEvicted++ }, - config.ThreadCacheTTL, ) + if err != nil { + return nil, errfmt.WrapError(err) + } // Report cache stats if debug is enabled. go func() {