Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
github.com/containers/psgo
A ps(1) AIX-format compatible golang library extended with various descriptors useful for displaying container-related data.
The idea behind the library is to provide an easy to use way of extracting process-related data, just as ps(1) does. The problem when using ps(1) is that the ps format strings split columns with whitespaces, making the output nearly impossible to parse. It also adds some jitter as we have to fork and execute ps either in the container or filter the output afterwards, further limiting applicability.
This library aims to make things a bit more comfortable, especially for container runtimes, as the API allows to join the mount namespace of a given process and will parse /proc
and /dev/
from there. The API consists of the following functions:
psgo.ProcessInfo(descriptors []string) ([][]string, error)
psgo.DefaultDescriptors
are used. The return value contains the string slice of process data, one per process.psgo.ProcessInfoByPids(pids []string, descriptors []string) ([][]string, error)
psgo.ProcessInfo
, but limits the return value to a list of specified pids. The pids input must be a slice of PIDs for which process information should be returned. If the input descriptor slice is empty, only the format descriptor headers are returned.psgo.JoinNamespaceAndProcessInfo(pid string, descriptors []string) ([][]string, error)
/proc
data from a container without executing any command inside the container.psgo.JoinNamespaceAndProcessInfoByPids(pids []string, descriptors []string) ([][]string, error)
psgo.JoinNamespaceAndProcessInfo
but takes a slice of pids as an argument. To avoid duplicate entries (e.g., when two or more containers share the same PID namespace), a given PID namespace will be joined only once.psgo.ListDescriptors() []string
We can use the psgo sample tool from this project to test the core components of this library. First, let's build psgo
via make build
. The binary is now located under ./bin/psgo
. By default psgo
displays data about all running processes in the current mount namespace, similar to the output of ps -ef
.
$ ./bin/psgo | head -n5
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.064 6h3m27.677997443s ? 13.98s systemd
root 2 0 0.000 6h3m27.678380128s ? 20ms [kthreadd]
root 4 2 0.000 6h3m27.678701852s ? 0s [kworker/0:0H]
root 6 2 0.000 6h3m27.678999508s ? 0s [mm_percpu_wq]
You can use the --pids
flag to restrict psgo
output to a subset of processes. This option accepts a list of comma separate process IDs and will return exactly the same kind of information per process as the default output.
$ ./bin/psgo --pids 1,$(pgrep bash | tr "\n" ",")
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.009 128h52m44.193475932s ? 40s systemd
root 20830 20827 0.000 105h2m44.19579679s pts/5 0s bash
root 25843 25840 0.000 102h56m4.196072027s pts/6 0s bash
Let's have a look at how we can use this library in the context of containers. As a simple show case, we'll start a Docker container, extract the process ID via docker-inspect
and run the psgo
binary to extract the data of running processes within that container.
$ docker run -d alpine sleep 100
473c9a05d4223b88ef7f5a9ac11e3d21e9914e012338425cc1cef853fc6c32a2
$ docker inspect --format '{{.State.Pid}}' 473c9
5572
$ sudo ./bin/psgo -pids 5572 -join
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
root 1 0 0.000 17.249905587s ? 0s sleep
The ps library is compatible with all AIX format descriptors of the ps command-line utility (see man 1 ps
for details) but it also supports some additional descriptors that can be useful when seeking specific process-related information.
We can try out different format descriptors with the psgo binary:
$ ./bin/psgo -format "pid, user, group, seccomp" | head -n5
PID USER GROUP SECCOMP
1 root root disabled
2 root root disabled
4 root root disabled
6 root root disabled
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.