Djalal Harouni

This PR was split into multiple issues and PRs to get it merged: Tasks: - [ ] Merge basic BPF cgroups tracking functionality is here: https://github.com/cilium/tetragon/issues/477 - [ ] Merge...

> @tixxdz do you plan to work in this PR or should we close it? Will fix the comments and push, I just hit this over the cred object, need...

Hey @mtardy sorry for late reply missed this... yes as you point out and by @kkourt map[string]string is better this way we can keep out any other part of the...

Added lockdown context on top, as Tetragon was failing for some users running in confidentiality mode that blocks kprobes.

Hi @carloshdezbueno much appreciated for the contributions! Could you please provide more information on how you deploy the tracing policies and why did you endup using it like this? Also...

@kkourt so I guess we need to align with: https://github.com/cilium/tetragon/blob/main/pkg/sensors/exec/procevents/proc.go#L131 as "pods" simply is more robust, and the uuid match can happen on the subdirs to assert on it.

> Why does my machine have two pod cgroup directories? @chinazj that's good question ;-) ! the path with slice is created by systemd, as it manages resources inside slices....

Kornilios my take from this is: 1. First round is lookup for kubepods.slice if that returns true 2. Second round lookup for kubepods or simply pods but assert it does...

> I guess it's tricky if you have two directories, both matching the pod. I think the best thing to do here is actually contact the run-time system to get...

Yes we need to write something like: "The loginuid is used to track user accounts on the system, it is set during user authentication and inheritted by child processes which...