Our view of processes in execs.py exclusively works from various syscalls like execve, execveat, etc.
This is a limited view of executions in the system because the kernel can execute processes on its own.
I'm considering using kernel tracepoints for this sort of thing:
https://docs.kernel.org/core-api/tracepoint.html
using trace_sched_process_fork, sched_process_exec, and trace_sched_process_exit would help with this sort of thing.
Could also be helpful to detect hung tasks using sched_process_hang.
Our view of processes in execs.py exclusively works from various syscalls like execve, execveat, etc.
This is a limited view of executions in the system because the kernel can execute processes on its own.
I'm considering using kernel tracepoints for this sort of thing:
https://docs.kernel.org/core-api/tracepoint.html
using trace_sched_process_fork, sched_process_exec, and trace_sched_process_exit would help with this sort of thing.
Could also be helpful to detect hung tasks using sched_process_hang.