Right now, the docker container tests (container_system_mon_test.go) just test monitoring specific processes by calling sleep 30. https://github.com/elastic/elastic-agent-system-metrics/pull/136 has reviled that it's really easy to break path traversal when fetching cgroup metrics. To test for this, we should come up with a test that does something kind of stupid, like create a process and add it to a new cgroup like /sys/fs/cgroup/testgroup/test.slice/test.service/test.scope/othertest.scope/. This will result in an equally dumb entry in /proc/pid/cgroups. If the code can properly handle that, it's probably fine. Making this a separate issue, since running this test across a variety of buildkite images will be a bit of a pain, since we need to support cgroups v1 and v2.
At least with v2 this is fairly easy, just mkdir /sys/fs/cgroup/whatever/path/we/want then move the PID to the cgroup via echo.
Right now, the docker container tests (
container_system_mon_test.go) just test monitoring specific processes by callingsleep 30. https://github.com/elastic/elastic-agent-system-metrics/pull/136 has reviled that it's really easy to break path traversal when fetching cgroup metrics. To test for this, we should come up with a test that does something kind of stupid, like create a process and add it to a new cgroup like/sys/fs/cgroup/testgroup/test.slice/test.service/test.scope/othertest.scope/. This will result in an equally dumb entry in/proc/pid/cgroups. If the code can properly handle that, it's probably fine. Making this a separate issue, since running this test across a variety of buildkite images will be a bit of a pain, since we need to support cgroups v1 and v2.At least with v2 this is fairly easy, just
mkdir /sys/fs/cgroup/whatever/path/we/wantthen move the PID to the cgroup viaecho.