https://github.com/osquery/osquery logo
Powered by
#ebpf
Title
# ebpf
z

zwass

07/26/2022, 6:15 PM
Are the pids returned by 
bpf_(process|socket)_events
the global pid or in-container pid?
a

alessandrogario

07/26/2022, 6:43 PM
They are global PIDs, from the host perspective
Compared to audit, I've implemented something that translates the return value for fork/vfork/clone to the host PID
z

zwass

07/26/2022, 6:48 PM
Nice.
3 Views
Powered by