tetragon: Cleanup policy/sensor/progs directories

We did not properly cleanup the directory hierarchy we create for policy/sensor/program. Adding the missing cleanup and adding error check when creating the directories. Signed-off-by: Jiri Olsa <jolsa@kernel.org>
cilium · Oct 3, 2024 · 320f2aa · 320f2aa
1 parent b845af4
commit 320f2aa
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 3 deletions.
diff --git a/pkg/sensors/load.go b/pkg/sensors/load.go
@@ -63,13 +63,43 @@ func LoadConfig(bpfDir string, sens []*Sensor) error {
 	return nil
 }
 
-func (s *Sensor) setupProgsPinPath(bpfDir string) {
+func (s *Sensor) createDirs(bpfDir string) {
 	for _, p := range s.Progs {
 		// setup sensor based program pin path
 		p.PinPath = filepath.Join(sanitize(s.Policy), s.Name, p.PinName)
 		// and make the path
-		os.MkdirAll(filepath.Join(bpfDir, p.PinPath), os.ModeDir)
+		if err := os.MkdirAll(filepath.Join(bpfDir, p.PinPath), os.ModeDir); err != nil {
+			logger.GetLogger().WithError(err).
+				WithField("prog", p.PinName).
+				WithField("dir", p.PinPath).
+				Warn("Failed to create program dir")
+		}
 	}
+	s.BpfDir = bpfDir
+}
+
+func (s *Sensor) removeDirs() {
+	// Remove all the program dirs
+	for _, p := range s.Progs {
+		if err := os.Remove(filepath.Join(s.BpfDir, p.PinPath)); err != nil {
+			logger.GetLogger().WithError(err).
+				WithField("prog", p.PinName).
+				WithField("dir", p.PinPath).
+				Warn("Failed to remove program dir")
+		}
+	}
+	// Remove sensor dir
+	if err := os.Remove(filepath.Join(s.BpfDir, sanitize(s.Policy), s.Name)); err != nil {
+		logger.GetLogger().WithError(err).
+			WithField("sensor", s.Name).
+			WithField("dir", filepath.Join(sanitize(s.Policy), s.Name)).
+			Warn("Failed to remove sensor dir")
+	}
+
+	// For policy dir the last one switches off the light.. there still
+	// might be other sensors in the policy, so the last sensors removed
+	// will succeed in removal policy dir.
+	os.Remove(filepath.Join(s.BpfDir, sanitize(s.Policy)))
 }
 
 // Load loads the sensor, by loading all the BPF programs and maps.
@@ -87,7 +117,7 @@ func (s *Sensor) Load(bpfDir string) error {
 		return fmt.Errorf("tetragon, aborting minimum requirements not met: %w", err)
 	}
 
-	s.setupProgsPinPath(bpfDir)
+	s.createDirs(bpfDir)
 
 	l := logger.GetLogger()
 
@@ -155,6 +185,8 @@ func (s *Sensor) Unload() error {
 		}
 	}
 
+	s.removeDirs()
+
 	s.Loaded = false
 
 	if s.PostUnloadHook != nil {

diff --git a/pkg/sensors/sensors.go b/pkg/sensors/sensors.go
@@ -42,6 +42,8 @@ type Sensor struct {
 	Name string
 	// Policy name the sensor is part of.
 	Policy string
+	// When loaded this contains bpffs root directory
+	BpfDir string
 	// Progs are all the BPF programs that exist on the filesystem.
 	Progs []*program.Program
 	// Maps are all the BPF Maps that the progs use.