From 7dafb651e239cf2553b516fd2f6081a1fa02009b Mon Sep 17 00:00:00 2001
From: Djalal Harouni <tixxdz@gmail.com>
Date: Mon, 14 Oct 2024 17:09:37 +0100
Subject: [PATCH] bpf: track processes by cgrpid

Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
---
 bpf/lib/process.h                    | 1 +
 pkg/sensors/exec/execvemap/execve.go | 1 +
 2 files changed, 2 insertions(+)

diff --git a/bpf/lib/process.h b/bpf/lib/process.h
index 131ca97af8a..32087d30596 100644
--- a/bpf/lib/process.h
+++ b/bpf/lib/process.h
@@ -335,6 +335,7 @@ struct execve_map_value {
 	struct msg_execve_key pkey;
 	__u32 flags;
 	__u32 nspid;
+	__u64 cgrpid;
 	struct msg_ns ns;
 	struct msg_capabilities caps;
 	struct binary bin;
diff --git a/pkg/sensors/exec/execvemap/execve.go b/pkg/sensors/exec/execvemap/execve.go
index 8a970abfdb4..70cbf2eae53 100644
--- a/pkg/sensors/exec/execvemap/execve.go
+++ b/pkg/sensors/exec/execvemap/execve.go
@@ -16,6 +16,7 @@ type ExecveValue struct {
 	Parent       processapi.MsgExecveKey    `align:"pkey"`
 	Flags        uint32                     `align:"flags"`
 	Nspid        uint32                     `align:"nspid"`
+	CgrpId       uint64                     `align:"cgrpid"`
 	Namespaces   processapi.MsgNamespaces   `align:"ns"`
 	Capabilities processapi.MsgCapabilities `align:"caps"`
 	Binary       processapi.Binary          `align:"bin"`