-
Notifications
You must be signed in to change notification settings - Fork 359
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tetragon: fix the process exit signal when core dumped #3039
base: main
Are you sure you want to change the base?
tetragon: fix the process exit signal when core dumped #3039
Conversation
The ProcessExit event returns a signal that the process received when it exited. However, core dumped signals (SIGSEGV, SIGILL, etc.) are not returned. This patch fixes the issue by checking if the process exit code has the core dump bit set (7th bit, 0x80), and returns the correct signal. Signed-off-by: Justin Chen <[email protected]>
Hey welcome to Tetragon 👋 , thanks for writing this patch! Since you are adding something that was missing maybe we could add a test for your change, you can take a look at tests in Please reach out if you need more pointers, that would be a pleasure. |
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Hi @mtardy, I've added a test to verify process exit signals from numbers 1 to 15. Since I couldn’t find a program in contrib/tester-progs that fits my use case, I added a simple pause program to achieve this. Please take a look when you can. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks that's great :) just a small git related change:
Signed-off-by: Justin Chen <[email protected]>
f244185
to
8666d38
Compare
Description
The ProcessExit event returns a signal that the process received when it exited. However, core dumped signals (SIGSEGV, SIGILL, etc.) are not returned.
This patch fixes the issue by checking if the process exit code has the core dump bit set (7th bit, 0x80), and returns the correct signal. I used the kernel code as a reference to fix it.
How to Verify
Launch the
tetra
CLI with the following command:tetra getevents --process "run" --output compact
Then launch a random program and terminate it using different signals:
Expected Behavior:
Before: the signal for core dumped processes is not displayed correctly.
After: the correct signal for core dumped processes is displayed.