From 315b88f2eddb30b2776a8ee917ae0974003d3ff3 Mon Sep 17 00:00:00 2001
From: Oleh Neichev <oleg.neichev@gmail.com>
Date: Sat, 23 Mar 2024 12:54:06 +0200
Subject: [PATCH] tetragon-oci-hook: container name from annotations

We cannot use arg.Watcher.FindContainer() because it uses k8s API where
the container is still not available.

Instead, we extract the name of the container from arg.Req.ContainerName.
If the name is not found, we do not abort the hook because we can do
other types of filtering, e.g. by pod labels.

Fixes: #1879

Signed-off-by: Oleh Neichev <oleg.neichev@gmail.com>
---
 pkg/policyfilter/rthooks/rthooks.go | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/pkg/policyfilter/rthooks/rthooks.go b/pkg/policyfilter/rthooks/rthooks.go
index daeb51e4d4c..325d2d6c970 100644
--- a/pkg/policyfilter/rthooks/rthooks.go
+++ b/pkg/policyfilter/rthooks/rthooks.go
@@ -92,15 +92,12 @@ func createContainerHook(_ context.Context, arg *rthooks.CreateContainerArg) err
 		return err
 	}
 
-	var containerFound bool
-	var container *corev1.ContainerStatus
 	namespace := pod.ObjectMeta.Namespace
-	pod, container, containerFound = arg.Watcher.FindContainer(containerID)
-	if !containerFound {
-		log.WithError(err).Warnf("failed to find container information %s, aborting hook.", containerID)
-	}
 
-	containerName := container.Name
+	containerName := arg.Req.ContainerName
+	if containerName == "" {
+		log.Warnf("failed to find container information for %s, but will continue", containerID)
+	}
 
 	log.WithFields(logrus.Fields{
 		"pod-id":         podID,