Skip to content

Commit

Permalink
Don't bother fetching capabilities of kernel processes
Browse files Browse the repository at this point in the history
  • Loading branch information
@haesbaert
haesbaert committed Jan 29, 2024
1 parent 1271f79 commit 7b717d8
Showing 1 changed file with 14 additions and 11 deletions.
25 changes: 14 additions & 11 deletions x-pack/auditbeat/module/system/process/process.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ package process

import (
"encoding/binary"
"errors"
"fmt"
"os"
"os/user"
Expand Down Expand Up @@ -499,17 +498,21 @@ func (ms *MetricSet) getProcesses() ([]*Process, error) {
process.UserInfo = &userInfo
}

process.CapEffective, err = capabilities.FromPid(capabilities.Effective, pInfo.PID)
if err != nil && !errors.Is(err, errors.ErrUnsupported) && process.Error == nil {
process.Error = err
}
process.CapPermitted, err = capabilities.FromPid(capabilities.Permitted, pInfo.PID)
if err != nil && !errors.Is(err, errors.ErrUnsupported) && process.Error == nil {
process.Error = err
}
// Exclude Linux kernel processes, they are not very interesting.
if runtime.GOOS == "linux" && userInfo.UID == "0" && process.Info.Exe == "" {
continue
if runtime.GOOS == "linux" {
if userInfo.UID == "0" && process.Info.Exe == "" {
continue
}

// Fetch Effective and Permitted capabilities
process.CapEffective, err = capabilities.FromPid(capabilities.Effective, pInfo.PID)
if err != nil && process.Error == nil {
process.Error = err
}
process.CapPermitted, err = capabilities.FromPid(capabilities.Permitted, pInfo.PID)
if err != nil && process.Error == nil {
process.Error = err
}
}

processes = append(processes, process)
Expand Down

0 comments on commit 7b717d8

Please sign in to comment.