Merge pull request #440 from kubescape/feature/support-fork-exec

Adding support for fork exec to get real process details
kubescape · Dec 19, 2024 · c31c78d · c31c78d
2 parents 9926c89 + ecd15b7
commit c31c78d
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/pkg/processmanager/v1/process_manager.go b/pkg/processmanager/v1/process_manager.go
@@ -20,6 +20,7 @@ import (
 const (
 	cleanupInterval = 1 * time.Minute
 	maxTreeDepth    = 50
+	runCCommPrefix  = "runc:["
 )
 
 type ProcessManager struct {
@@ -275,6 +276,20 @@ func (p *ProcessManager) GetProcessTreeForPID(containerID string, pid int) (apit
 		}
 	}
 
+	// If the process is runc, try to fetch the real process info.
+	// Intentionally we are doing this only once the process is asked for to avoid unnecessary calls to /proc and give time for the process to be created.
+	if strings.HasPrefix(result.Comm, runCCommPrefix) {
+		if process, err := p.getProcessFromProc(int(result.PID)); err == nil {
+			childerns := result.Children
+			upperLayer := result.UpperLayer
+			result = process
+			result.Children = childerns
+			result.UpperLayer = upperLayer
+			// Update the process in the tree
+			p.processTree.Set(result.PID, result)
+		}
+	}
+
 	return result, nil
 }