opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-21 17:16:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #23557 from deepskyblue86/crun-comm-3

Browse Source 
chore(podmansnoop): explain why crun comm is 3
This commit is contained in:
openshift-merge-bot[bot]
2024-08-09 13:09:09 +00:00
committed by GitHub
parent d305a34b11 ec59508d4c
commit dd1d2c136f
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hack/podmansnoop
View File

@ -125,7 +125,12 @@ def _print_event(cpu, data, size): # callback
comm = e.comm.decode() comm = e.comm.decode()
if comm == "3": if comm == "3":
# For absolutely unknown reasons, 'crun' appears as '3'. # Because of CVE-2019-5736, crun copies itself on a memfd or temp file, add seals,
# then goes fexecve. The linux kernel will then set comm as the basename of
# /dev/fd/<fdnum>, which happens to be 3 being the first available file descriptor.
# runc implementation is slightly different, with multiple processes, and they also
# set the process name to make them intelligible (i.e. "runc:[0:PARENT]", "runc:[1:CHILD]")
# so it doesn't fall into this case.
comm = "crun" comm = "crun"
if e.isArgv: if e.isArgv: