Skip to content

Commit

Permalink
process: trace log when uid to username fails
Browse files Browse the repository at this point in the history 
Signed-off-by: Djalal Harouni <[email protected]>
  • Loading branch information
@tixxdz
tixxdz committed Jun 20, 2024
1 parent 663c282 commit a306aa4
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 2 deletions.
9 changes: 8 additions & 1 deletion pkg/sensors/exec/exec.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,14 @@ func handleExecve(r *bytes.Reader) ([]observer.Event, error) {
msgUnix.Unix.Process = nopMsgProcess()
}
if err == nil && !empty {
userinfo.MsgToExecveAccountUnix(msgUnix)
err = userinfo.MsgToExecveAccountUnix(msgUnix)
if err != nil {
logger.GetLogger().WithFields(logrus.Fields{
"process.pid": msgUnix.Unix.Process.PID,
"process.binary": msgUnix.Unix.Process.Filename,
"process.uid": msgUnix.Unix.Process.UID,
}).WithError(err).Trace("Resolving process uid to username record failed")
}
}
msgUnix.Unix.Kube = msgToExecveKubeUnix(&m, process.GetExecID(&msgUnix.Unix.Process), msgUnix.Unix.Process.Filename)
return []observer.Event{msgUnix}, nil
Expand Down
10 changes: 9 additions & 1 deletion pkg/sensors/exec/procevents/proc_reader.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import (
"github.com/cilium/tetragon/pkg/sensors/base"
"github.com/cilium/tetragon/pkg/sensors/exec/execvemap"
"github.com/cilium/tetragon/pkg/sensors/exec/userinfo"
"github.com/sirupsen/logrus"
)

const (
Expand Down Expand Up @@ -280,7 +281,14 @@ func pushExecveEvents(p procs) {
m.Unix.Process.Filename = filename
m.Unix.Process.Args = args

userinfo.MsgToExecveAccountUnix(&m)
err := userinfo.MsgToExecveAccountUnix(&m)
if err != nil {
logger.GetLogger().WithFields(logrus.Fields{
"process.pid": p.pid,
"process.binary": filename,
"process.uid": m.Unix.Process.UID,
}).WithError(err).Trace("Resolving process uid to username record failed")
}

observer.AllListeners(&m)
}
Expand Down

0 comments on commit a306aa4

Please sign in to comment.