rootxrishabh/hook.go

## hook.go
package main

import (
	"encoding/json"
	"fmt"
	"io"
	"log"
	"os"
	"path/filepath"
	"strings"

	"github.com/kubearmor/KubeArmor/KubeArmor/types"
	"github.com/opencontainers/runtime-spec/specs-go"
)

var (
	kubeArmorSocket string
	runtimeSocket   string
	k8s             bool
	detached        bool
)


func main() {
	input, err := io.ReadAll(os.Stdin)
	if err != nil {
		log.Println(err)
		os.Exit(1)
	}

	flag, containerNS := kubearmorIdRetrieved(input)
	state := specs.State{}
	err = json.Unmarshal(input, &state)
	if err != nil {
		log.Println(err)
		os.Exit(1)
	}

	if err := run(state, flag, containerNS); err != nil {
		log.Println(err)
		os.Exit(1)
	}
}

func kubearmorIdRetrieved(input []byte) (bool, string) {
	var info map[string]interface{}

	if err := json.Unmarshal(input, &info); err != nil {
		log.Fatal(err)
	}

	dataMap, _ := info["annotations"].(map[string]interface{})
	containerName, _ := dataMap["io.kubernetes.cri.container-name"].(string)
	containerNS, _ := dataMap["io.kubernetes.cri.sandbox-namespace"].(string)
	if containerName == "kubearmor" {
		id := info["id"].(string)
		id = strings.Trim(id, `"`)
		os.WriteFile("/tmp/id.json", []byte(id), 0644)
		return true, containerNS
	} else if _, err := os.Stat("/tmp/id.json"); err == nil{
		return true, containerNS
	}
	return false, containerNS
}

func run(state specs.State, flag bool, containerNS string) error {
	var container types.Container
	container.ContainerID = state.ID
	container = types.Container{
		ContainerID: state.ID,
		NamespaceName: containerNS,
	}
	container.PidNS, container.MntNS = getNS(state.Pid)
	return sendContainer(container, flag)
}

func sendContainer(container types.Container, flag bool) error {
	dataJSON, err := json.Marshal(container)
	if err != nil {
		return err
	}

	srcFile, err := os.OpenFile("/tmp/output.json", os.O_CREATE|os.O_APPEND|os.O_RDWR, 0644)
	defer srcFile.Close()


	srcFile.Write(dataJSON)

	if _, err := srcFile.Seek(0, io.SeekStart); err != nil {
        return err
    }

	if flag {
		val, err := os.ReadFile("/tmp/id.json")
		if err != nil {
			log.Fatal(err)
		}
		id := string(val)

		dstFile, _ := os.OpenFile("/var/run/kata-containers/shared/containers/"+id+"/rootfs/output.json", os.O_CREATE|os.O_RDWR, 0777)
		defer dstFile.Close()

		io.Copy(dstFile, srcFile)
	}

	return nil
}

func getNS(pid int) (uint32, uint32) {
	var pidNS uint32
	var mntNS uint32

	nsPath := fmt.Sprintf("/proc/%d/ns", pid)

	pidLink, err := os.Readlink(filepath.Join(nsPath, "pid"))
	if err == nil {
		if _, err := fmt.Sscanf(pidLink, "pid:[%d]\n", &pidNS); err != nil {
			log.Println(err)
		}
	}

	mntLink, err := os.Readlink(filepath.Join(nsPath, "mnt"))
	if err == nil {
		if _, err := fmt.Sscanf(mntLink, "mnt:[%d]\n", &mntNS); err != nil {
			log.Println(err)
		}
	}
	return pidNS, mntNS
}
	package main

	import (
	"encoding/json"
	"fmt"
	"io"
	"log"
	"os"
	"path/filepath"
	"strings"

	"github.com/kubearmor/KubeArmor/KubeArmor/types"
	"github.com/opencontainers/runtime-spec/specs-go"
	)

	var (
	kubeArmorSocket string
	runtimeSocket string
	k8s bool
	detached bool
	)


	func main() {
	input, err := io.ReadAll(os.Stdin)
	if err != nil {
	log.Println(err)
	os.Exit(1)
	}

	flag, containerNS := kubearmorIdRetrieved(input)
	state := specs.State{}
	err = json.Unmarshal(input, &state)
	if err != nil {
	log.Println(err)
	os.Exit(1)
	}

	if err := run(state, flag, containerNS); err != nil {
	log.Println(err)
	os.Exit(1)
	}
	}

	func kubearmorIdRetrieved(input []byte) (bool, string) {
	var info map[string]interface{}

	if err := json.Unmarshal(input, &info); err != nil {
	log.Fatal(err)
	}

	dataMap, _ := info["annotations"].(map[string]interface{})
	containerName, _ := dataMap["io.kubernetes.cri.container-name"].(string)
	containerNS, _ := dataMap["io.kubernetes.cri.sandbox-namespace"].(string)
	if containerName == "kubearmor" {
	id := info["id"].(string)
	id = strings.Trim(id, `"`)
	os.WriteFile("/tmp/id.json", []byte(id), 0644)
	return true, containerNS
	} else if _, err := os.Stat("/tmp/id.json"); err == nil{
	return true, containerNS
	}
	return false, containerNS
	}

	func run(state specs.State, flag bool, containerNS string) error {
	var container types.Container
	container.ContainerID = state.ID
	container = types.Container{
	ContainerID: state.ID,
	NamespaceName: containerNS,
	}
	container.PidNS, container.MntNS = getNS(state.Pid)
	return sendContainer(container, flag)
	}

	func sendContainer(container types.Container, flag bool) error {
	dataJSON, err := json.Marshal(container)
	if err != nil {
	return err
	}

	srcFile, err := os.OpenFile("/tmp/output.json", os.O_CREATE\|os.O_APPEND\|os.O_RDWR, 0644)
	defer srcFile.Close()


	srcFile.Write(dataJSON)

	if _, err := srcFile.Seek(0, io.SeekStart); err != nil {
	return err
	}

	if flag {
	val, err := os.ReadFile("/tmp/id.json")
	if err != nil {
	log.Fatal(err)
	}
	id := string(val)

	dstFile, _ := os.OpenFile("/var/run/kata-containers/shared/containers/"+id+"/rootfs/output.json", os.O_CREATE\|os.O_RDWR, 0777)
	defer dstFile.Close()

	io.Copy(dstFile, srcFile)
	}

	return nil
	}

	func getNS(pid int) (uint32, uint32) {
	var pidNS uint32
	var mntNS uint32

	nsPath := fmt.Sprintf("/proc/%d/ns", pid)

	pidLink, err := os.Readlink(filepath.Join(nsPath, "pid"))
	if err == nil {
	if _, err := fmt.Sscanf(pidLink, "pid:[%d]\n", &pidNS); err != nil {
	log.Println(err)
	}
	}

	mntLink, err := os.Readlink(filepath.Join(nsPath, "mnt"))
	if err == nil {
	if _, err := fmt.Sscanf(mntLink, "mnt:[%d]\n", &mntNS); err != nil {
	log.Println(err)
	}
	}
	return pidNS, mntNS
	}