Merge pull request #1628 from Aryan-sharma11/processname

fix : Missing process name in bpflsm alerts
kubearmor · Feb 14, 2024 · 291c2b6 · 291c2b6
2 parents d12c30f + 1c6facf
commit 291c2b6
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/KubeArmor/enforcer/bpflsm/enforcer.go b/KubeArmor/enforcer/bpflsm/enforcer.go
@@ -300,6 +300,10 @@ func (be *BPFEnforcer) TraceEvents() {
 			continue
 		}
 
+		readLink := false
+		if len(string(bytes.Trim(event.Data.Source[:], "\x00"))) == 0 {
+			readLink = true
+		}
 		containerID := ""
 
 		if event.PidID != 0 && event.MntID != 0 {
@@ -316,7 +320,7 @@ func (be *BPFEnforcer) TraceEvents() {
 				HostPID:  event.HostPID,
 				HostPPID: event.HostPPID,
 			},
-		}, false)
+		}, readLink)
 
 		switch event.EventID {
 
@@ -352,6 +356,7 @@ func (be *BPFEnforcer) TraceEvents() {
 		// fallback logic if we don't receive source from BuildLogBase()
 		if len(log.Source) == 0 {
 			log.Source = string(bytes.Trim(event.Data.Source[:], "\x00"))
+			log.ProcessName = log.Source
 		}
 		if event.Retval >= 0 {
 			log.Result = "Passed"