[BUG] container folder is not getting created under /tmp/tracee

[OriGlassman]

Prerequisites

• [x] This affects latest released version.
• [x] This affects current development tree (origin/HEAD).
• [ x There isn't an issue describing the bug.

Select one OR another:

• [ ] I'm going to create a PR to solve this (assign to yourself).
• [x] Someone else should solve this.

Bug description

This is how I'm executing tracee (cmdline): tracee-ebpf -t c -c net=docker0 -c pcap:per-container -c mem -c write=memfd:* -c write=/* -o option:exec-env -o option:exec-hash -o option:parse-arguments -o format:json

This is the error I'm getting: For a specific container, the container folder (and thus the pcap) is not getting created /tmp/tracee/out/<cont_id>. The folder is getting created after a write inside the container (but even then no pcap is generated afterwards). By looking at the network_map, there is a value corresponding to the container: "key": { "address": { "in6_u": { "u6_addr8": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ], "u6_addr16": [0,0,0,0,0,0,0,0 ], "u6_addr32": [0,0,0,0 ] } }, "port": 34835, "protocol": 6 }, "value": { "host_tid": 43028, "comm": "registry" }

Context

Relevant information about my setup:

• Linux version: Ubuntu 20.04.4
• Linux kernel version: 5.15.0-1017-aws
• Tracee version (or commit id of your tree): v0.8.1
• LLVM version:
• Golang version:

Additional Information (files, logs, etc)