Add socket_path to containerd tables

[rahultoppur]

Related issue: Resolves #48006.

Adds a new field socket_path in both containerd_containers and containerd_mounts. We keep the previous default when no socket_path is requested in the filter; otherwise, we honor the value passed from the incoming query.

Test case:

Ran a make fleetd-tables-linux, started some containers, then used osquery:

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  See Changes files for more information.

• Input data is properly validated, SELECT * is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters.

• Timeouts are implemented and retries are limited to avoid infinite loops

• If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes

Testing

• Added/updated automated tests

• Where appropriate, automated tests simulate multiple hosts and test for host isolation (updates to one hosts's records do not affect another)

• QA'd all new/changed functionality manually

For unreleased bug fixes in a release candidate, one of:

• Confirmed that the fix is not expected to adversely impact load test results
• Alerted the release DRI if additional load testing is needed

Database migrations

• Checked schema for all modified table for columns that will auto-update timestamps during migration.
• Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects.
• Ensured the correct collation is explicitly set for character columns (COLLATE utf8mb4_unicode_ci).

New Fleet configuration settings

• Setting(s) is/are explicitly excluded from GitOps

If you didn't check the box above, follow this checklist for GitOps-enabled settings:

• Verified that the setting is exported via fleetctl generate-gitops
• Verified the setting is documented in a separate PR to the GitOps documentation
• Verified that the setting is cleared on the server if it is not supplied in a YAML file (or that it is documented as being optional)
• Verified that any relevant UI is disabled when GitOps mode is enabled

fleetd/orbit/Fleet Desktop

• Verified compatibility with the latest released version of Fleet (see Must rule)
• If the change applies to only one platform, confirmed that runtime.GOOS is used as needed to isolate changes
• Verified that fleetd runs on macOS, Linux and Windows
• Verified auto-update works from the released version of component to the new version (see tools/tuf/test)

Summary by CodeRabbit

Summary by CodeRabbit

• New Features

  • Added an optional socket_path column to containerd_containers and containerd_mounts.
  • Containerd queries can now target a specific socket path, and results report the socket path used (defaulting to /run/containerd/containerd.sock when not provided).

• Documentation

  • Updated Fleet and table schemas with the new socket_path column and example queries (including common k3s socket paths).

• Tests

  • Added Linux-only coverage to verify default vs explicitly provided socket_path behavior.

[claude]

Claude Code Review

This pull request is from a fork — automated review is disabled. A repository maintainer can comment @claude review to run a one-time review.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

A new Linux-only helper file (containerd_linux.go) introduces resolveSocketPath, which reads a socket_path query constraint or falls back to the default containerd socket, and newClient, which wraps containerd.New and returns the client alongside the resolved path. Both GenerateContainers and GenerateMounts are updated to call newClient instead of constructing a client directly, and each now includes a socket_path column in their output rows. The containerd_containers and containerd_mounts table schemas in YAML and the compiled Fleet schema JSON are extended with the optional socket_path text column and example queries filtering by a k3s socket path. A test file validates the two resolution cases for resolveSocketPath.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add socket_path to containerd tables' clearly and concisely summarizes the main change: adding a socket_path column to containerd-related tables.
Linked Issues check	✅ Passed	The PR successfully implements all requirements from issue #48006: adds queryable socket_path column to both tables [#48006], maintains default socket path for backwards compatibility [#48006], honors specified socket_path in queries [#48006], includes socket_path in returned rows [#48006], and updates schemas with example queries [#48006].
Out of Scope Changes check	✅ Passed	All changes directly support the stated objectives: helper functions (resolveSocketPath, newClient) enable socket_path querying, tests verify behavior, containerd files add column support, schema files document the new column, and the changelog entry documents user-visible changes.
Docstring Coverage	✅ Passed	Docstring coverage is 85.71% which is sufficient. The required threshold is 80.00%.
Description check	✅ Passed	PR description is mostly complete with related issue reference and clear explanation of changes, but most required checklist items remain unchecked despite being applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[codecov]

Codecov Report

❌ Patch coverage is 20.00000% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 67.30%. Comparing base (47231cc) to head (932aaa8).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
orbit/pkg/table/containerd/containerd_linux.go	33.33%	5 Missing and 1 partial ⚠️
orbit/pkg/table/containerd/containers_linux.go	0.00%	3 Missing ⚠️
orbit/pkg/table/containerd/mounts_linux.go	0.00%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #47987      +/-   ##
==========================================
- Coverage   67.31%   67.30%   -0.01%     
==========================================
  Files        3655     3656       +1     
  Lines      231242   231256      +14     
  Branches    12076    12221     +145     
==========================================
- Hits       155658   155650       -8     
- Misses      61619    61637      +18     
- Partials    13965    13969       +4     

Flag	Coverage Δ
backend	68.93% <20.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[lucasmrod]

LGTM. Thanks for the contribution!

Please add a changes file under orbit/changes/.
Also left two nit doc comments.

[rahultoppur]

LGTM. Thanks for the contribution!

Please add a changes file under orbit/changes/. Also left two nit doc comments.

Thanks for the review @lucasmrod! Pushed the changelog and fixed the docs, should be good to go!

[lucasmrod]

Changes smoke tested in Linux.