aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWe-unite <3205135446@qq.com>2024-09-02 16:45:07 +0800
committerWe-unite <3205135446@qq.com>2024-09-02 16:45:07 +0800
commit08207d77be79afc6f75d1611726b92bdf622717f (patch)
tree918991217807ff18025b998407b87bcd31d4ddc3
parentf9f8f35ccd8b505a827d40f95c52ed039512b79d (diff)
downloadgodo-master.tar.gz
godo-master.zip
Show filt result in tree&json, fix sth in listenerHEADmasterdev
In the listener, I change the order coroutines are started to avoid 'send on a closed channel'. Besides, the method to get syscall names and numbers are not so universial, so let's go back to check unistd.h. In the filter, the output is set to be written to ./log dir. Pid tree are shown in logs/tree.log, and detail info in pids.log, while file info in the logs/files.log. tree.log shows a tree just like `tree` command, the other two files are written in json. What's more, the flags while opening files are also checked ans showed in files.log.
Diffstat
-rw-r--r--filter/files.go102
-rw-r--r--filter/filter.go328
-rw-r--r--filter/global.go73
-rw-r--r--filter/logs/files.log202
-rw-r--r--filter/logs/pid.log3702
-rw-r--r--filter/logs/tree.log26
-rw-r--r--filter/pids.go301
-rw-r--r--listener/basefunc.go54
-rw-r--r--listener/godo.go4
9 files changed, 4445 insertions, 347 deletions
diff --git a/filter/files.go b/filter/files.go
new file mode 100644
index 0000000..e8c0cd3
--- /dev/null
+++ b/filter/files.go
@@ -0,0 +1,102 @@
+package main
+
+import (
+ "fmt"
+ "path"
+ "sort"
+ "syscall"
+)
+
+type FileFlag struct {
+ Value uint64
+ Name string
+}
+
+var FileFlags = []FileFlag{
+ {Value: syscall.O_APPEND, Name: "O_APPEND"},
+ {Value: syscall.O_ASYNC, Name: "O_ASYNC"},
+ {Value: syscall.O_CLOEXEC, Name: "O_CLOEXEC"},
+ {Value: syscall.O_CREAT, Name: "O_CREAT"},
+ {Value: syscall.O_DIRECT, Name: "O_DIRECT"},
+ {Value: syscall.O_DIRECTORY, Name: "O_DIRECTORY"},
+ {Value: syscall.O_DSYNC, Name: "O_DSYNC"},
+ {Value: syscall.O_EXCL, Name: "O_EXCL"},
+ {Value: syscall.O_FSYNC, Name: "O_FSYNC"},
+ {Value: syscall.O_NDELAY, Name: "O_NDELAY"},
+ {Value: syscall.O_NOATIME, Name: "O_NOATIME"},
+ {Value: syscall.O_NOCTTY, Name: "O_NOCTTY"},
+ {Value: syscall.O_NOFOLLOW, Name: "O_NOFOLLOW"},
+ {Value: syscall.O_NONBLOCK, Name: "O_NONBLOCK"},
+ {Value: syscall.O_RDONLY, Name: "O_RDONLY"},
+ {Value: syscall.O_RDWR, Name: "O_RDWR"},
+ {Value: syscall.O_RSYNC, Name: "O_RSYNC"},
+ {Value: syscall.O_SYNC, Name: "O_SYNC"},
+ {Value: syscall.O_TRUNC, Name: "O_TRUNC"},
+ {Value: syscall.O_WRONLY, Name: "O_WRONLY"},
+}
+
+func filtFiles(pRawFileData *[]File) {
+ rawFileData := *pRawFileData
+ files = make([]File, 0)
+
+ // 所有文件按照特定顺序排
+ sort.Slice(rawFileData, func(i, j int) bool {
+ pi := &rawFileData[i]
+ pj := &rawFileData[j]
+
+ if pi.FileName < pj.FileName {
+ return true
+ } else if pi.FileName > pj.FileName {
+ return false
+ }
+ if pi.Pid < pj.Pid {
+ return true
+ } else if pi.Pid > pj.Pid {
+ return false
+ }
+ if pi.Fd < pj.Fd {
+ return true
+ } else if pi.Fd > pj.Fd {
+ return false
+ }
+ if pi.OpenTimestamp.Before(pj.OpenTimestamp) {
+ return true
+ } else {
+ return false
+ }
+ })
+
+ for _, file := range rawFileData {
+ tgid := findTgid[file.Pid]
+ pTgidNode, exists := helloTree[tgid]
+ if !exists {
+ continue
+ }
+ if file.CloseTimestamp.IsZero() {
+ index, exists := pTgidNode.FindPid[file.Pid]
+ if !exists || index < 0 || index >= len(pTgidNode.Threads) {
+ continue
+ }
+ file.CloseTimestamp = pTgidNode.Threads[index].ExitTimestamp
+ }
+ file.FileName = path.Clean(file.FileName)
+ files = append(files, file)
+ }
+}
+
+// 解析 Flags[1] 的值为描述性字符串
+func parseFlags(flag uint64) string {
+ var result string
+ for _, fileFlag := range FileFlags {
+ if flag&fileFlag.Value == fileFlag.Value {
+ if result != "" {
+ result += " | "
+ }
+ result += fileFlag.Name
+ }
+ }
+ if result == "" {
+ return fmt.Sprintf("0x%x", flag) // 返回原始十六进制值
+ }
+ return result
+}
diff --git a/filter/filter.go b/filter/filter.go
index 98c326c..6391afc 100644
--- a/filter/filter.go
+++ b/filter/filter.go
@@ -2,11 +2,10 @@ package main
import (
"context"
+ "encoding/json"
"fmt"
"log"
"os"
- "path"
- "sort"
"go.mongodb.org/mongo-driver/bson"
"go.mongodb.org/mongo-driver/mongo"
@@ -33,7 +32,7 @@ var files []File
func main() {
// 连接到MongoDB
- client, err := mongo.Connect(context.TODO(), options.Client().ApplyURI("mongodb://localhost:27017"))
+ client, err := mongo.Connect(context.TODO(), options.Client().ApplyURI("mongodb://192.168.192.136:27017"))
if err != nil {
log.Fatal(err)
}
@@ -114,303 +113,48 @@ func main() {
for _, file := range files {
newFileCol.InsertOne(context.Background(), file)
}
-}
-
-func ProMerge(a, b Process) (res Process) {
- // 合并过程中会遇到什么问题?
- res.Star = false
-
- if a.StartTimestamp.IsZero() {
- res.StartTimestamp = b.StartTimestamp
- } else if b.StartTimestamp.IsZero() {
- res.StartTimestamp = a.StartTimestamp
- } else if a.StartTimestamp.Before(b.StartTimestamp) {
- res.StartTimestamp = a.StartTimestamp
- } else {
- res.StartTimestamp = b.StartTimestamp
- }
-
- res.Ppid = a.Ppid
- if a.ParentTgid == 0 {
- res.ParentTgid = b.ParentTgid
- } else {
- res.ParentTgid = a.ParentTgid
- }
-
- res.Pid = a.Pid
- if a.Tgid == 0 {
- res.Tgid = b.Tgid
- } else {
- res.Tgid = a.Tgid
- }
-
- if len(a.Args) == 0 {
- res.Args = b.Args
- } else {
- res.Args = a.Args
- }
-
- if a.Comm == "" {
- res.Comm = b.Comm
- } else {
- res.Comm = a.Comm
- }
-
- if a.RootFS == "" {
- res.RootFS = b.RootFS
- } else {
- res.RootFS = a.RootFS
- }
-
- if a.Cwd == "" {
- res.Cwd = b.Cwd
- } else {
- res.Cwd = a.Cwd
- }
-
- res.Execve = append(a.Execve, b.Execve...)
- res.Children = append(a.Children, b.Children...)
- var flag bool // 真a假b
- if a.ExitTimestamp.IsZero() {
- flag = false
- } else if b.ExitTimestamp.IsZero() {
- flag = true
- } else if a.ExitTimestamp.Before(b.ExitTimestamp) {
- flag = true
- } else {
- flag = false
- }
-
- if flag {
- res.ExitCode = a.ExitCode
- res.ExitSignal = a.ExitSignal
- res.ExitTimestamp = a.ExitTimestamp
- } else {
- res.ExitCode = b.ExitCode
- res.ExitSignal = b.ExitSignal
- res.ExitTimestamp = b.ExitTimestamp
- }
-
- return res
-}
-
-func mergeProcess(pRawPidData *[]Process) (merged []Process) {
- rawPidData := *pRawPidData
- // 合并由多线程导致的重复记录,顺便按照pid升序
- index := make(map[int]int)
- for _, process := range rawPidData {
- i, exists := index[process.Pid]
- if exists {
- // 已存在,合并
- merged[i] = ProMerge(merged[i], process)
- } else {
- // 不存在,直接添加
- merged = append(merged, process)
- index[process.Pid] = len(merged) - 1
- }
- }
- sort.Slice(merged, func(i, j int) bool {
- return merged[i].Pid < merged[j].Pid
- })
- return merged
-}
-
-func getTgidNodes(merged []Process) (tgidMap map[int]*tgidNode, starTgid int, rootfsPids []int) {
- // 合并出来的进程整理为tgidNode
- tgidMap = make(map[int]*tgidNode)
- findTgid = make(map[int]int) // pid --> tgid
- // var starTgid, rootFsPid int
- starTgid = -1
- // rootfsPid = -1
- rootfsPids = make([]int, 0)
- for _, val := range merged {
- if val.Star {
- starTgid = val.Tgid
- } else if val.RootFS != "" {
- rootfsPids = append(rootfsPids, val.Pid)
- }
- // 登记tgid
- findTgid[val.Pid] = val.Tgid
- nodeval, exists := tgidMap[val.Tgid]
- if exists {
- // 直接记录
- nodeval.Threads = append(nodeval.Threads, val)
- nodeval.FindPid[val.Pid] = len(nodeval.Threads) - 1
- } else {
- node := tgidNode{
- Tgid: val.Tgid,
- FindPid: make(map[int]int),
- Threads: make([]Process, 0),
- ChildTgid: make([]int, 0),
- }
- node.Threads = append(node.Threads, val)
- node.FindPid[val.Pid] = 0
- tgidMap[val.Tgid] = &node
- }
+ /* Step 3: 输出到文件
+ * - 所有内容输出到logs目录,所有文本存在则覆盖,不存在则创建
+ * - 进程树输出到logs/tree.log
+ * - 每个进程以json格式输出到logs/pids.log
+ * - 文件信息输出到logs/files.log
+ */
+ stat, err := os.Stat("logs")
+ if err != nil || !stat.IsDir() {
+ os.Mkdir("logs", 0755)
}
- return tgidMap, starTgid, rootfsPids
-}
-func buildTree(tgidMap map[int]*tgidNode, starTgid int) {
- // 从tgid==starTgid开始,构建树
- helloTree = make(map[int]*tgidNode) // 在树上的tgid节点,tgid --> *tgidNode
- var q Queue // 记录每一个整理好的结构体,bfs
- visited := make(map[int]bool) // 哪些tgid已经访问过
-
- tmp, exists := tgidMap[starTgid]
- if !exists {
+ // 进程树
+ treeFile, err := os.OpenFile("logs/tree.log", os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644)
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Err: %v\n", err)
return
}
-
- // helloTree负责在遍历到该节点时记录
- // 队列仅负责搞明白哪些节点在树上
- // 因而所有添加子代tgid的行为只针对helloTree
- // q不添加,直接把新的tgid对应的tgidNode入队就是了
- q.Enqueue(tmp)
- visited[starTgid] = true
- for !q.IsEmpty() {
- tmp, ok := q.Dequeue()
- if !ok {
- continue
- }
- node := tmp.(*tgidNode) // 队列里的一个节点,这里必须重新申请node
- helloTree[node.Tgid] = node
- for i := 0; i < len(node.Threads); i++ {
- for j := 0; j < len(node.Threads[i].Children); j++ {
- tgid := findTgid[node.Threads[i].Children[j]]
- _, exists := visited[tgid]
- if !exists {
- // 子代里有没见过的tgid
- tgidNode, exists := tgidMap[tgid]
- if !exists {
- continue
- }
- helloTree[node.Tgid].ChildTgid = append(helloTree[node.Tgid].ChildTgid, tgid)
- q.Enqueue(tgidNode)
- visited[tgid] = true
- }
- }
- }
- }
-}
-
-func optimazePid(starTgid int, rootfsPids []int) {
- getDockerRootFs := make(map[string]string) // dockerId --> rootfs
- // 首先处理一下记录有pivot_root信息的进程,防止pivot先于fork
- for _, rootfsPid := range rootfsPids {
- rootfsTgid := findTgid[rootfsPid]
- i := helloTree[rootfsTgid].FindPid[rootfsPid]
- rootfsProcess := &(helloTree[rootfsTgid].Threads[i])
- if rootfsProcess.RootFS == "cwd" {
- rootfsProcess.RootFS = rootfsProcess.Cwd
- }
- getDockerRootFs[rootfsProcess.DockerId] = rootfsProcess.RootFS
+ defer treeFile.Close()
+ pidFile, err := os.OpenFile("logs/pid.log", os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644)
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Err: %v\n", err)
+ return
}
+ defer pidFile.Close()
+ // 从starTgid开始,按照树的形状输出
+ drawTree(treeFile, pidFile, helloTree[starTgid], "", true)
- count := 0
- for _, val := range helloTree {
- // 处理一下pid结束时间,顺便找找爹
- // 结束时间是因为很多线程结束时间没获取到,默认按照进程退出时间处理
- // Ppid是因为进程产生之初收到的信息写的爹一定是亲爹
- // 但是产生线程时候该进程很可能已作为孤儿被收养,导致线程里关于爹的记录是继父
- for i := 0; i < len(val.Threads); i++ {
- if i != 0 {
- if val.Threads[i].Tgid < val.Threads[0].Tgid {
- val.Threads[i].ParentTgid = val.Threads[0].ParentTgid
- val.Threads[i].Ppid = val.Threads[0].Ppid
- }
- if val.Threads[i].ExitTimestamp.IsZero() {
- val.Threads[i].ExitCode = val.Threads[0].ExitCode
- val.Threads[i].ExitTimestamp = val.Threads[0].ExitTimestamp
- val.Threads[i].ExitSignal = val.Threads[0].ExitSignal
- }
- }
-
- dockerId := val.Threads[i].DockerId
- if dockerId != "" {
- rootfs, exists := getDockerRootFs[dockerId]
- if !exists {
- fmt.Fprintf(os.Stderr, "Err: the docker rootfs of pid %d is not known!\n", val.Threads[i].Pid)
- continue
- }
- val.Threads[i].RootFS = rootfs
- }
- }
-
- count++
- fmt.Printf("%v\n", *val)
+ // 文件信息,json格式
+ fileFile, err := os.OpenFile("logs/files.log", os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644)
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Err: %v\n", err)
+ return
}
- fmt.Printf("Star: %d, res: %d\n", starTgid, count)
-}
-
-func filtPids(pRawPidData *[]Process) {
- /* ATTENTION: 把map/slice直接传参是危险的
- * 传递的是指针,不会引起大的复制开销,
- * 但是map/slice在callee func内被修改**可能**导致内存更改
- * 而这样的内存更改对caller function来说是不可见的,看到的还是原来的东西
- * 这里由于参数几乎都是只读不写,因而用一下
- */
-
- // 合并由多线程导致的重复记录,顺便按照pid升序
- // 多线程已经取消了,但保险起见还是留着
- merged := mergeProcess(pRawPidData)
- // 将Process按照tgid合并
- tgidMap, starTgid, rootfsPids := getTgidNodes(merged)
- // 建树,helloTree
- buildTree(tgidMap, starTgid)
- // 对树上的进程做一些优化处理
- optimazePid(starTgid, rootfsPids)
-}
-
-func filtFiles(pRawFileData *[]File) {
- rawFileData := *pRawFileData
- files = make([]File, 0)
-
- // 所有文件按照特定顺序排
- sort.Slice(rawFileData, func(i, j int) bool {
- pi := &rawFileData[i]
- pj := &rawFileData[j]
-
- if pi.FileName < pj.FileName {
- return true
- } else if pi.FileName > pj.FileName {
- return false
- }
- if pi.Pid < pj.Pid {
- return true
- } else if pi.Pid > pj.Pid {
- return false
- }
- if pi.Fd < pj.Fd {
- return true
- } else if pi.Fd > pj.Fd {
- return false
- }
- if pi.OpenTimestamp.Before(pj.OpenTimestamp) {
- return true
- } else {
- return false
- }
- })
-
- for _, file := range rawFileData {
- if file.FileName == "/root/test/1/../.hello.c.swp" {
- fmt.Printf("Test\n")
- }
- tgid := findTgid[file.Pid]
- pTgidNode, exists := helloTree[tgid]
- if !exists {
- continue
- }
- if file.CloseTimestamp.IsZero() {
- index, exists := pTgidNode.FindPid[file.Pid]
- if !exists || index < 0 || index >= len(pTgidNode.Threads) {
- continue
- }
- file.CloseTimestamp = pTgidNode.Threads[index].ExitTimestamp
+ defer fileFile.Close()
+ for _, file := range files {
+ jsonData, err := json.MarshalIndent(file, "", " ")
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Err: %v\n", err)
+ return
}
- file.FileName = path.Clean(file.FileName)
- files = append(files, file)
+ fileFile.Write(jsonData)
+ fileFile.WriteString("\n\n")
}
}
diff --git a/filter/global.go b/filter/global.go
index bade895..7ba3fc1 100644
--- a/filter/global.go
+++ b/filter/global.go
@@ -1,39 +1,40 @@
package main
import (
+ "encoding/json"
"fmt"
"time"
)
type Exec struct {
- Timestamp time.Time `bson:"timestamp"`
- ExecArgs []string `bson:"execArgs"`
+ Timestamp time.Time `bson:"timestamp" json:"timestamp"`
+ ExecArgs []string `bson:"execArgs" json:"execArgs"`
}
type Process struct {
- Star bool `bson:"star"`
- StartTimestamp time.Time `bson:"start_timestamp"`
- Ppid int `bson:"ppid"`
- ParentTgid int `bson:"parentTgid"`
- Pid int `bson:"pid"`
- Tgid int `bson:"tgid"`
- Args []string `bson:"args"`
- Comm string `bson:"comm"`
- RootFS string `bson:"rootfs"`
- Cwd string `bson:"cwd"`
- Children []int `bson:"children"`
- DockerId string `bson:"docker_id"`
- Execve []Exec `bson:"execve"`
- ExitCode int `bson:"exit_code"`
- ExitSignal int `bson:"exit_signal"`
- ExitTimestamp time.Time `bson:"exit_timestamp"`
+ Star bool `bson:"star" json:"star"`
+ StartTimestamp time.Time `bson:"start_timestamp" json:"start_timestamp"`
+ Ppid int `bson:"ppid" json:"ppid"`
+ ParentTgid int `bson:"parentTgid" json:"parentTgid"`
+ Pid int `bson:"pid" json:"pid"`
+ Tgid int `bson:"tgid" json:"tgid"`
+ Args []string `bson:"args" json:"args"`
+ Comm string `bson:"comm" json:"comm"`
+ RootFS string `bson:"rootfs" json:"rootfs"`
+ Cwd string `bson:"cwd" json:"cwd"`
+ Children []int `bson:"children" json:"children"`
+ DockerId string `bson:"docker_id" json:"docker_id"`
+ Execve []Exec `bson:"execve" json:"execve"`
+ ExitCode int `bson:"exit_code" json:"exit_code"`
+ ExitSignal int `bson:"exit_signal" json:"exit_signal"`
+ ExitTimestamp time.Time `bson:"exit_timestamp" json:"exit_timestamp"`
}
type tgidNode struct {
- Tgid int `bson:"tgid"`
- FindPid map[int]int `bson:"findPid"`
- Threads []Process `bson:"threads"`
- ChildTgid []int `bson:"child_tgid"`
+ Tgid int `bson:"tgid" json:"tgid"`
+ FindPid map[int]int `bson:"findPid" json:"findPid"`
+ Threads []Process `bson:"threads" json:"threads"`
+ ChildTgid []int `bson:"child_tgid" json:"child_tgid"`
}
func (p Process) String() string {
@@ -80,13 +81,27 @@ func (node tgidNode) String() string {
}
type File struct {
- OpenTimestamp time.Time `bson:"timestamp"`
- FileName string `bson:"fileName"`
- Pid int `bson:"pid"`
- Fd int `bson:"fd"`
- Flags [4]uint64 `bson:"flags"`
- Written []time.Time `bson:"written"`
- CloseTimestamp time.Time `bson:"close_timestamp"`
+ OpenTimestamp time.Time `bson:"timestamp" json:"timestamp"`
+ FileName string `bson:"fileName" json:"fileName"`
+ Pid int `bson:"pid" json:"pid"`
+ Fd int `bson:"fd" json:"fd"`
+ Flags [4]uint64 `bson:"flags" json:"flags"`
+ Written []time.Time `bson:"written" json:"written"`
+ CloseTimestamp time.Time `bson:"close_timestamp" json:"close_timestamp"`
+}
+
+func (f File) MarshalJSON() ([]byte, error) {
+ type Alias File // 使用别名避免递归调用
+
+ return json.Marshal(&struct {
+ Alias
+ Flags0 string `json:"FileNamePointer"`
+ Flags1 string `json:"FileFlags"`
+ }{
+ Alias: Alias(f),
+ Flags0: fmt.Sprintf("%#012x", f.Flags[0]), // flags[0] 转换为小写16进制
+ Flags1: parseFlags(f.Flags[1]), // flags[1] 解析为字符串
+ })
}
// Queue 定义一个队列结构体
diff --git a/filter/logs/files.log b/filter/logs/files.log
new file mode 100644
index 0000000..a1cff08
--- /dev/null
+++ b/filter/logs/files.log
@@ -0,0 +1,202 @@
+{
+ "timestamp": "2024-08-31T08:14:08.325Z",
+ "fileName": "/proc/self/oom_score_adj",
+ "pid": 29662,
+ "fd": 7,
+ "flags": [
+ 140727329818688,
+ 2,
+ 140727329818712,
+ 140727329815648
+ ],
+ "written": [
+ "2024-08-31T08:14:08.325Z"
+ ],
+ "close_timestamp": "2024-08-31T08:14:08.325Z",
+ "FileNamePointer": "0x7ffda2810840",
+ "FileFlags": "O_RDONLY | O_RDWR"
+}
+
+{
+ "timestamp": "2024-08-31T08:14:10.789Z",
+ "fileName": "/proc/self/oom_score_adj",
+ "pid": 29705,
+ "fd": 6,
+ "flags": [
+ 140737394046768,
+ 2,
+ 140737394046792,
+ 140737394043680
+ ],
+ "written": [
+ "2024-08-31T08:14:10.789Z"
+ ],
+ "close_timestamp": "2024-08-31T08:14:10.789Z",
+ "FileNamePointer": "0x7ffffa60f730",
+ "FileFlags": "O_RDONLY | O_RDWR"
+}
+
+{
+ "timestamp": "2024-08-31T08:14:23.917Z",
+ "fileName": "/root/.bash_history",
+ "pid": 29709,
+ "fd": 3,
+ "flags": [
+ 10822472,
+ 1025,
+ 384,
+ 8
+ ],
+ "written": [
+ "2024-08-31T08:14:23.917Z"
+ ],
+ "close_timestamp": "2024-08-31T08:14:23.917Z",
+ "FileNamePointer": "0x000000a52348",
+ "FileFlags": "O_APPEND | O_RDONLY | O_WRONLY"
+}
+
+{
+ "timestamp": "2024-08-31T08:14:15.361Z",
+ "fileName": "/root/.hello.c.swp",
+ "pid": 29723,
+ "fd": 4,
+ "flags": [
+ 93986886181648,
+ 131266,
+ 384,
+ 140283278240632
+ ],
+ "written": [
+ "2024-08-31T08:14:15.361Z",
+ "2024-08-31T08:14:17.782Z",
+ "2024-08-31T08:14:21.953Z"
+ ],
+ "close_timestamp": "2024-08-31T08:14:21.953Z",
+ "FileNamePointer": "0x557b06f6e310",
+ "FileFlags": "O_CREAT | O_EXCL | O_NOFOLLOW | O_RDONLY | O_RDWR"
+}
+
+{
+ "timestamp": "2024-08-31T08:14:15.361Z",
+ "fileName": "/root/.hello.c.swp",
+ "pid": 29723,
+ "fd": 4,
+ "flags": [
+ 93986886181648,
+ 194,
+ 384,
+ 17
+ ],
+ "written": [],
+ "close_timestamp": "2024-08-31T08:14:15.361Z",
+ "FileNamePointer": "0x557b06f6e310",
+ "FileFlags": "O_CREAT | O_EXCL | O_RDONLY | O_RDWR"
+}
+
+{
+ "timestamp": "2024-08-31T08:14:15.361Z",
+ "fileName": "/root/.hello.c.swx",
+ "pid": 29723,
+ "fd": 5,
+ "flags": [
+ 93986884210448,
+ 194,
+ 384,
+ 17
+ ],
+ "written": [],
+ "close_timestamp": "2024-08-31T08:14:15.361Z",
+ "FileNamePointer": "0x557b06d8cf10",
+ "FileFlags": "O_CREAT | O_EXCL | O_RDONLY | O_RDWR"
+}
+
+{
+ "timestamp": "2024-08-31T08:14:21.953Z",
+ "fileName": "/root/.viminfo.tmp",
+ "pid": 29723,
+ "fd": 5,
+ "flags": [
+ 93986886181872,
+ 131265,
+ 384,
+ 0
+ ],
+ "written": [
+ "2024-08-31T08:14:21.953Z"
+ ],
+ "close_timestamp": "2024-08-31T08:14:21.953Z",
+ "FileNamePointer": "0x557b06f6e3f0",
+ "FileFlags": "O_CREAT | O_EXCL | O_NOFOLLOW | O_RDONLY | O_WRONLY"
+}
+
+{
+ "timestamp": "2024-08-31T08:14:21.95Z",
+ "fileName": "/root/4913",
+ "pid": 29723,
+ "fd": 3,
+ "flags": [
+ 93986884186640,
+ 131265,
+ 33188,
+ 0
+ ],
+ "written": [],
+ "close_timestamp": "2024-08-31T08:14:21.95Z",
+ "FileNamePointer": "0x557b06d87210",
+ "FileFlags": "O_CREAT | O_EXCL | O_NOFOLLOW | O_RDONLY | O_WRONLY"
+}
+
+{
+ "timestamp": "2024-08-31T08:14:21.95Z",
+ "fileName": "/root/hello.c",
+ "pid": 29723,
+ "fd": 3,
+ "flags": [
+ 93986884214912,
+ 577,
+ 420,
+ 0
+ ],
+ "written": [
+ "2024-08-31T08:14:21.95Z",
+ "2024-08-31T08:14:21.95Z"
+ ],
+ "close_timestamp": "2024-08-31T08:14:21.953Z",
+ "FileNamePointer": "0x557b06d8e080",
+ "FileFlags": "O_CREAT | O_RDONLY | O_TRUNC | O_WRONLY"
+}
+
+{
+ "timestamp": "2024-08-31T08:14:08.283Z",
+ "fileName": "/var/run/docker/runtime-runc/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/runc.Avdn7E",
+ "pid": 29662,
+ "fd": 7,
+ "flags": [
+ 140730884269360,
+ 194,
+ 384,
+ 1725092048
+ ],
+ "written": [],
+ "close_timestamp": "2024-08-31T08:14:08.283Z",
+ "FileNamePointer": "0x7ffe765da530",
+ "FileFlags": "O_CREAT | O_EXCL | O_RDONLY | O_RDWR"
+}
+
+{
+ "timestamp": "2024-08-31T08:14:10.776Z",
+ "fileName": "/var/run/docker/runtime-runc/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/runc.jV9mvl",
+ "pid": 29705,
+ "fd": 6,
+ "flags": [
+ 140727845211728,
+ 194,
+ 384,
+ 1725092050
+ ],
+ "written": [],
+ "close_timestamp": "2024-08-31T08:14:10.776Z",
+ "FileNamePointer": "0x7ffdc1394e50",
+ "FileFlags": "O_CREAT | O_EXCL | O_RDONLY | O_RDWR"
+}
+
diff --git a/filter/logs/pid.log b/filter/logs/pid.log
new file mode 100644
index 0000000..4486906
--- /dev/null
+++ b/filter/logs/pid.log
@@ -0,0 +1,3702 @@
+{
+ "tgid": 18009,
+ "findPid": {
+ "18009": 0,
+ "18011": 1,
+ "18012": 2,
+ "18013": 3,
+ "18014": 4,
+ "18015": 5,
+ "18016": 6,
+ "18017": 7,
+ "18018": 8,
+ "19408": 9
+ },
+ "threads": [
+ {
+ "star": true,
+ "start_timestamp": "0001-01-01T00:00:00Z",
+ "ppid": 1,
+ "parentTgid": 1,
+ "pid": 18009,
+ "tgid": 18009,
+ "args": [],
+ "comm": "",
+ "rootfs": "",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 0,
+ "exit_timestamp": "0001-01-01T00:00:00Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "0001-01-01T00:00:00Z",
+ "ppid": 1,
+ "parentTgid": 1,
+ "pid": 18011,
+ "tgid": 18009,
+ "args": [],
+ "comm": "",
+ "rootfs": "",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 0,
+ "exit_timestamp": "0001-01-01T00:00:00Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "0001-01-01T00:00:00Z",
+ "ppid": 1,
+ "parentTgid": 1,
+ "pid": 18012,
+ "tgid": 18009,
+ "args": [],
+ "comm": "",
+ "rootfs": "",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 0,
+ "exit_timestamp": "0001-01-01T00:00:00Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "0001-01-01T00:00:00Z",
+ "ppid": 1,
+ "parentTgid": 1,
+ "pid": 18013,
+ "tgid": 18009,
+ "args": [],
+ "comm": "",
+ "rootfs": "",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 0,
+ "exit_timestamp": "0001-01-01T00:00:00Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "0001-01-01T00:00:00Z",
+ "ppid": 1,
+ "parentTgid": 1,
+ "pid": 18014,
+ "tgid": 18009,
+ "args": [],
+ "comm": "",
+ "rootfs": "",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 0,
+ "exit_timestamp": "0001-01-01T00:00:00Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "0001-01-01T00:00:00Z",
+ "ppid": 1,
+ "parentTgid": 1,
+ "pid": 18015,
+ "tgid": 18009,
+ "args": [],
+ "comm": "",
+ "rootfs": "",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 0,
+ "exit_timestamp": "0001-01-01T00:00:00Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "0001-01-01T00:00:00Z",
+ "ppid": 1,
+ "parentTgid": 1,
+ "pid": 18016,
+ "tgid": 18009,
+ "args": [],
+ "comm": "",
+ "rootfs": "",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 0,
+ "exit_timestamp": "0001-01-01T00:00:00Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "0001-01-01T00:00:00Z",
+ "ppid": 1,
+ "parentTgid": 1,
+ "pid": 18017,
+ "tgid": 18009,
+ "args": [],
+ "comm": "",
+ "rootfs": "",
+ "cwd": "/",
+ "children": [
+ 29634,
+ 29636,
+ 29637,
+ 29638,
+ 29639,
+ 29640,
+ 29641,
+ 29642
+ ],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 0,
+ "exit_timestamp": "0001-01-01T00:00:00Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "0001-01-01T00:00:00Z",
+ "ppid": 1,
+ "parentTgid": 1,
+ "pid": 18018,
+ "tgid": 18009,
+ "args": [],
+ "comm": "",
+ "rootfs": "",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 0,
+ "exit_timestamp": "0001-01-01T00:00:00Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "0001-01-01T00:00:00Z",
+ "ppid": 1,
+ "parentTgid": 1,
+ "pid": 19408,
+ "tgid": 18009,
+ "args": [],
+ "comm": "",
+ "rootfs": "",
+ "cwd": "/",
+ "children": [
+ 29758,
+ 29759,
+ 29760,
+ 29761,
+ 29762,
+ 29763,
+ 29764
+ ],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 0,
+ "exit_timestamp": "0001-01-01T00:00:00Z"
+ }
+ ],
+ "child_tgid": [
+ 29634,
+ 29758
+ ]
+}
+
+{
+ "tgid": 29634,
+ "findPid": {
+ "29634": 0,
+ "29636": 1,
+ "29637": 2,
+ "29638": 3,
+ "29639": 4,
+ "29640": 5,
+ "29641": 6,
+ "29642": 7
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.236Z",
+ "ppid": 18017,
+ "parentTgid": 18009,
+ "pid": 29634,
+ "tgid": 29634,
+ "args": [
+ "/usr/bin/containerd",
+ ""
+ ],
+ "comm": "containerd",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:08.234Z",
+ "execArgs": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "start"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:08.264Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.242Z",
+ "ppid": 18017,
+ "parentTgid": 18009,
+ "pid": 29636,
+ "tgid": 29634,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "start",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.265Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.242Z",
+ "ppid": 18017,
+ "parentTgid": 18009,
+ "pid": 29637,
+ "tgid": 29634,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "start",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.265Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.245Z",
+ "ppid": 18017,
+ "parentTgid": 18009,
+ "pid": 29638,
+ "tgid": 29634,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "start",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [
+ 29643,
+ 29645,
+ 29646,
+ 29647,
+ 29648,
+ 29649,
+ 29650,
+ 29651,
+ 29652
+ ],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.262Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.245Z",
+ "ppid": 18017,
+ "parentTgid": 18009,
+ "pid": 29639,
+ "tgid": 29634,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "start",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.263Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.246Z",
+ "ppid": 18017,
+ "parentTgid": 18009,
+ "pid": 29640,
+ "tgid": 29634,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "start",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.263Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.246Z",
+ "ppid": 18017,
+ "parentTgid": 18009,
+ "pid": 29641,
+ "tgid": 29634,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "start",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.265Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.246Z",
+ "ppid": 18017,
+ "parentTgid": 18009,
+ "pid": 29642,
+ "tgid": 29634,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "start",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.265Z"
+ }
+ ],
+ "child_tgid": [
+ 29643
+ ]
+}
+
+{
+ "tgid": 29643,
+ "findPid": {
+ "29643": 0,
+ "29645": 1,
+ "29646": 2,
+ "29647": 3,
+ "29648": 4,
+ "29649": 5,
+ "29650": 6,
+ "29651": 7,
+ "29652": 8,
+ "29653": 9,
+ "29654": 10
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.247Z",
+ "ppid": 29638,
+ "parentTgid": 29634,
+ "pid": 29643,
+ "tgid": 29643,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:08.243Z",
+ "execArgs": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:26.683Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.248Z",
+ "ppid": 29638,
+ "parentTgid": 29634,
+ "pid": 29645,
+ "tgid": 29643,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.682Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.248Z",
+ "ppid": 29638,
+ "parentTgid": 29634,
+ "pid": 29646,
+ "tgid": 29643,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.683Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.248Z",
+ "ppid": 29638,
+ "parentTgid": 29634,
+ "pid": 29647,
+ "tgid": 29643,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [
+ 29680,
+ 29681,
+ 29682,
+ 29683,
+ 29684,
+ 29685
+ ],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.684Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.249Z",
+ "ppid": 29638,
+ "parentTgid": 29634,
+ "pid": 29648,
+ "tgid": 29643,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.684Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.25Z",
+ "ppid": 29638,
+ "parentTgid": 29634,
+ "pid": 29649,
+ "tgid": 29643,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.682Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.25Z",
+ "ppid": 29638,
+ "parentTgid": 29634,
+ "pid": 29650,
+ "tgid": 29643,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.683Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.25Z",
+ "ppid": 29638,
+ "parentTgid": 29634,
+ "pid": 29651,
+ "tgid": 29643,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [
+ 29742,
+ 29743,
+ 29744,
+ 29745,
+ 29746,
+ 29747
+ ],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.683Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.251Z",
+ "ppid": 29638,
+ "parentTgid": 29634,
+ "pid": 29652,
+ "tgid": 29643,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.683Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.266Z",
+ "ppid": 1,
+ "parentTgid": 1,
+ "pid": 29653,
+ "tgid": 29643,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [
+ 29655,
+ 29656,
+ 29657,
+ 29658,
+ 29659,
+ 29660,
+ 29661,
+ 29671,
+ 29672,
+ 29698,
+ 29699,
+ 29700,
+ 29701,
+ 29702,
+ 29703,
+ 29704,
+ 29706,
+ 29708
+ ],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.684Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.266Z",
+ "ppid": 1,
+ "parentTgid": 1,
+ "pid": 29654,
+ "tgid": 29643,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [
+ 29749,
+ 29750,
+ 29751,
+ 29752,
+ 29753,
+ 29754
+ ],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.682Z"
+ }
+ ],
+ "child_tgid": [
+ 29680,
+ 29742,
+ 29655,
+ 29698,
+ 29749
+ ]
+}
+
+{
+ "tgid": 29680,
+ "findPid": {
+ "29680": 0,
+ "29681": 1,
+ "29682": 2,
+ "29683": 3,
+ "29684": 4,
+ "29685": 5
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.531Z",
+ "ppid": 29647,
+ "parentTgid": 29643,
+ "pid": 29680,
+ "tgid": 29680,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:08.53Z",
+ "execArgs": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "start",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:08.54Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.535Z",
+ "ppid": 29647,
+ "parentTgid": 29643,
+ "pid": 29681,
+ "tgid": 29680,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "start",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.54Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.536Z",
+ "ppid": 29647,
+ "parentTgid": 29643,
+ "pid": 29682,
+ "tgid": 29680,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "start",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.54Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.536Z",
+ "ppid": 29647,
+ "parentTgid": 29643,
+ "pid": 29683,
+ "tgid": 29680,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "start",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.54Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.536Z",
+ "ppid": 29647,
+ "parentTgid": 29643,
+ "pid": 29684,
+ "tgid": 29680,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "start",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.54Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.537Z",
+ "ppid": 29647,
+ "parentTgid": 29643,
+ "pid": 29685,
+ "tgid": 29680,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "start",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.541Z"
+ }
+ ],
+ "child_tgid": []
+}
+
+{
+ "tgid": 29742,
+ "findPid": {
+ "29742": 0,
+ "29743": 1,
+ "29744": 2,
+ "29745": 3,
+ "29746": 4,
+ "29747": 5
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.616Z",
+ "ppid": 29651,
+ "parentTgid": 29643,
+ "pid": 29742,
+ "tgid": 29742,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:26.615Z",
+ "execArgs": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "kill",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "15"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:26.629Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.621Z",
+ "ppid": 29651,
+ "parentTgid": 29643,
+ "pid": 29743,
+ "tgid": 29742,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "kill",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "15",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.635Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.622Z",
+ "ppid": 29651,
+ "parentTgid": 29643,
+ "pid": 29744,
+ "tgid": 29742,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "kill",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "15",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.63Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.623Z",
+ "ppid": 29651,
+ "parentTgid": 29643,
+ "pid": 29745,
+ "tgid": 29742,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "kill",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "15",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.631Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.623Z",
+ "ppid": 29651,
+ "parentTgid": 29643,
+ "pid": 29746,
+ "tgid": 29742,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "kill",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "15",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.631Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.626Z",
+ "ppid": 29651,
+ "parentTgid": 29643,
+ "pid": 29747,
+ "tgid": 29742,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "kill",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "15",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.631Z"
+ }
+ ],
+ "child_tgid": []
+}
+
+{
+ "tgid": 29655,
+ "findPid": {
+ "29655": 0,
+ "29656": 1,
+ "29657": 2,
+ "29658": 3,
+ "29659": 4,
+ "29660": 5,
+ "29661": 6,
+ "29671": 7,
+ "29672": 8
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.267Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29655,
+ "tgid": 29655,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:08.266Z",
+ "execArgs": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "create",
+ "--bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
+ "--console-socket",
+ "/tmp/pty347635701/pty.sock",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:08.525Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.272Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29656,
+ "tgid": 29655,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "create",
+ "--bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
+ "--console-socket",
+ "/tmp/pty347635701/pty.sock",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.524Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.273Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29657,
+ "tgid": 29655,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "create",
+ "--bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
+ "--console-socket",
+ "/tmp/pty347635701/pty.sock",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.525Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.273Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29658,
+ "tgid": 29655,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "create",
+ "--bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
+ "--console-socket",
+ "/tmp/pty347635701/pty.sock",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.525Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.274Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29659,
+ "tgid": 29655,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "create",
+ "--bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
+ "--console-socket",
+ "/tmp/pty347635701/pty.sock",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [
+ 29662,
+ 29663,
+ 29664,
+ 29665,
+ 29666,
+ 29667,
+ 29668,
+ 29669
+ ],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.524Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.275Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29660,
+ "tgid": 29655,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "create",
+ "--bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
+ "--console-socket",
+ "/tmp/pty347635701/pty.sock",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.524Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.28Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29661,
+ "tgid": 29655,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "create",
+ "--bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
+ "--console-socket",
+ "/tmp/pty347635701/pty.sock",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [
+ 29670,
+ 29673,
+ 29674,
+ 29675,
+ 29676,
+ 29677,
+ 29678,
+ 29679
+ ],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.523Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.366Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29671,
+ "tgid": 29655,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "create",
+ "--bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
+ "--console-socket",
+ "/tmp/pty347635701/pty.sock",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.525Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.367Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29672,
+ "tgid": 29655,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "create",
+ "--bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
+ "--console-socket",
+ "/tmp/pty347635701/pty.sock",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.524Z"
+ }
+ ],
+ "child_tgid": [
+ 29662,
+ 29663,
+ 29664,
+ 29670
+ ]
+}
+
+{
+ "tgid": 29662,
+ "findPid": {
+ "29662": 0
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.28Z",
+ "ppid": 29659,
+ "parentTgid": 29655,
+ "pid": 29662,
+ "tgid": 29662,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "create",
+ "--bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
+ "--console-socket",
+ "/tmp/pty347635701/pty.sock",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "children": [],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:08.279Z",
+ "execArgs": [
+ "runc",
+ "init"
+ ]
+ },
+ {
+ "timestamp": "2024-08-31T08:14:08.322Z",
+ "execArgs": [
+ "runc",
+ "init"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:08.34Z"
+ }
+ ],
+ "child_tgid": []
+}
+
+{
+ "tgid": 29663,
+ "findPid": {
+ "29663": 0
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.326Z",
+ "ppid": 29659,
+ "parentTgid": 29655,
+ "pid": 29663,
+ "tgid": 29663,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[0:PARENT]",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:08.335Z"
+ }
+ ],
+ "child_tgid": []
+}
+
+{
+ "tgid": 29664,
+ "findPid": {
+ "29664": 0,
+ "29665": 1,
+ "29666": 2,
+ "29667": 3,
+ "29668": 4,
+ "29669": 5
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.335Z",
+ "ppid": 29659,
+ "parentTgid": 29655,
+ "pid": 29664,
+ "tgid": 29664,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[1:CHILD]",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "children": [
+ 29686,
+ 29688
+ ],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:08.539Z",
+ "execArgs": [
+ "/bin/bash"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:26.655Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.339Z",
+ "ppid": 29659,
+ "parentTgid": 29655,
+ "pid": 29665,
+ "tgid": 29664,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[2:INIT]",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.541Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.339Z",
+ "ppid": 29659,
+ "parentTgid": 29655,
+ "pid": 29666,
+ "tgid": 29664,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[2:INIT]",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.542Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.339Z",
+ "ppid": 29659,
+ "parentTgid": 29655,
+ "pid": 29667,
+ "tgid": 29664,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[2:INIT]",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.541Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.34Z",
+ "ppid": 29659,
+ "parentTgid": 29655,
+ "pid": 29668,
+ "tgid": 29664,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[2:INIT]",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.541Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.347Z",
+ "ppid": 29659,
+ "parentTgid": 29655,
+ "pid": 29669,
+ "tgid": 29664,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[2:INIT]",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.541Z"
+ }
+ ],
+ "child_tgid": [
+ 29686,
+ 29688
+ ]
+}
+
+{
+ "tgid": 29686,
+ "findPid": {
+ "29686": 0
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.546Z",
+ "ppid": 29664,
+ "parentTgid": 29664,
+ "pid": 29686,
+ "tgid": 29686,
+ "args": [
+ "/bin/bash",
+ ""
+ ],
+ "comm": "bash",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/",
+ "children": [
+ 29687
+ ],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:08.549Z"
+ }
+ ],
+ "child_tgid": [
+ 29687
+ ]
+}
+
+{
+ "tgid": 29687,
+ "findPid": {
+ "29687": 0
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.548Z",
+ "ppid": 29686,
+ "parentTgid": 29686,
+ "pid": 29687,
+ "tgid": 29687,
+ "args": null,
+ "comm": "groups",
+ "rootfs": "",
+ "cwd": "",
+ "children": [],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:08.546Z",
+ "execArgs": [
+ "groups"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:08.549Z"
+ }
+ ],
+ "child_tgid": []
+}
+
+{
+ "tgid": 29688,
+ "findPid": {
+ "29688": 0
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.551Z",
+ "ppid": 29664,
+ "parentTgid": 29664,
+ "pid": 29688,
+ "tgid": 29688,
+ "args": [
+ "/bin/bash",
+ ""
+ ],
+ "comm": "bash",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/",
+ "children": [
+ 29689
+ ],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:08.552Z"
+ }
+ ],
+ "child_tgid": [
+ 29689
+ ]
+}
+
+{
+ "tgid": 29689,
+ "findPid": {
+ "29689": 0
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.551Z",
+ "ppid": 29688,
+ "parentTgid": 29688,
+ "pid": 29689,
+ "tgid": 29689,
+ "args": [
+ "dircolors",
+ "-b",
+ ""
+ ],
+ "comm": "dircolors",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:08.549Z",
+ "execArgs": [
+ "dircolors",
+ "-b"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:08.552Z"
+ }
+ ],
+ "child_tgid": []
+}
+
+{
+ "tgid": 29670,
+ "findPid": {
+ "29670": 0,
+ "29673": 1,
+ "29674": 2,
+ "29675": 3,
+ "29676": 4,
+ "29677": 5,
+ "29678": 6,
+ "29679": 7
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.36Z",
+ "ppid": 29661,
+ "parentTgid": 29655,
+ "pid": 29670,
+ "tgid": 29670,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "create",
+ "--bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
+ "--console-socket",
+ "/tmp/pty347635701/pty.sock",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:08.361Z",
+ "execArgs": [
+ "libnetwork-setkey",
+ "-exec-root=/var/run/docker",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "bfa4cdf55fe4"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:08.447Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.376Z",
+ "ppid": 29661,
+ "parentTgid": 29655,
+ "pid": 29673,
+ "tgid": 29670,
+ "args": [
+ "libnetwork-setkey",
+ "-exec-root=/var/run/docker",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "bfa4cdf55fe4",
+ ""
+ ],
+ "comm": "exe",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.457Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.376Z",
+ "ppid": 29661,
+ "parentTgid": 29655,
+ "pid": 29674,
+ "tgid": 29670,
+ "args": [
+ "libnetwork-setkey",
+ "-exec-root=/var/run/docker",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "bfa4cdf55fe4",
+ ""
+ ],
+ "comm": "exe",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.447Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.377Z",
+ "ppid": 29661,
+ "parentTgid": 29655,
+ "pid": 29675,
+ "tgid": 29670,
+ "args": [
+ "libnetwork-setkey",
+ "-exec-root=/var/run/docker",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "bfa4cdf55fe4",
+ ""
+ ],
+ "comm": "exe",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.447Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.377Z",
+ "ppid": 29661,
+ "parentTgid": 29655,
+ "pid": 29676,
+ "tgid": 29670,
+ "args": [
+ "libnetwork-setkey",
+ "-exec-root=/var/run/docker",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "bfa4cdf55fe4",
+ ""
+ ],
+ "comm": "exe",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.447Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.377Z",
+ "ppid": 29661,
+ "parentTgid": 29655,
+ "pid": 29677,
+ "tgid": 29670,
+ "args": [
+ "libnetwork-setkey",
+ "-exec-root=/var/run/docker",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "bfa4cdf55fe4",
+ ""
+ ],
+ "comm": "exe",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.446Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.409Z",
+ "ppid": 29661,
+ "parentTgid": 29655,
+ "pid": 29678,
+ "tgid": 29670,
+ "args": [
+ "libnetwork-setkey",
+ "-exec-root=/var/run/docker",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "bfa4cdf55fe4",
+ ""
+ ],
+ "comm": "exe",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.447Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:08.411Z",
+ "ppid": 29661,
+ "parentTgid": 29655,
+ "pid": 29679,
+ "tgid": 29670,
+ "args": [
+ "libnetwork-setkey",
+ "-exec-root=/var/run/docker",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "bfa4cdf55fe4",
+ ""
+ ],
+ "comm": "exe",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:08.447Z"
+ }
+ ],
+ "child_tgid": []
+}
+
+{
+ "tgid": 29698,
+ "findPid": {
+ "29698": 0,
+ "29699": 1,
+ "29700": 2,
+ "29701": 3,
+ "29702": 4,
+ "29703": 5,
+ "29704": 6,
+ "29706": 7,
+ "29708": 8
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.761Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29698,
+ "tgid": 29698,
+ "args": null,
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:10.759Z",
+ "execArgs": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "exec",
+ "--process",
+ "/tmp/runc-process1902905867",
+ "--console-socket",
+ "/tmp/pty1898144877/pty.sock",
+ "--detach",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:10.814Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.765Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29699,
+ "tgid": 29698,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "exec",
+ "--process",
+ "/tmp/runc-process1902905867",
+ "--console-socket",
+ "/tmp/pty1898144877/pty.sock",
+ "--detach",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:10.815Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.765Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29700,
+ "tgid": 29698,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "exec",
+ "--process",
+ "/tmp/runc-process1902905867",
+ "--console-socket",
+ "/tmp/pty1898144877/pty.sock",
+ "--detach",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:10.815Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.766Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29701,
+ "tgid": 29698,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "exec",
+ "--process",
+ "/tmp/runc-process1902905867",
+ "--console-socket",
+ "/tmp/pty1898144877/pty.sock",
+ "--detach",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:10.814Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.766Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29702,
+ "tgid": 29698,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "exec",
+ "--process",
+ "/tmp/runc-process1902905867",
+ "--console-socket",
+ "/tmp/pty1898144877/pty.sock",
+ "--detach",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:10.814Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.771Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29703,
+ "tgid": 29698,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "exec",
+ "--process",
+ "/tmp/runc-process1902905867",
+ "--console-socket",
+ "/tmp/pty1898144877/pty.sock",
+ "--detach",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [
+ 29705,
+ 29707,
+ 29709,
+ 29710,
+ 29711,
+ 29712,
+ 29713,
+ 29714
+ ],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:10.813Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.773Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29704,
+ "tgid": 29698,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "exec",
+ "--process",
+ "/tmp/runc-process1902905867",
+ "--console-socket",
+ "/tmp/pty1898144877/pty.sock",
+ "--detach",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:10.814Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.791Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29706,
+ "tgid": 29698,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "exec",
+ "--process",
+ "/tmp/runc-process1902905867",
+ "--console-socket",
+ "/tmp/pty1898144877/pty.sock",
+ "--detach",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:10.815Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.792Z",
+ "ppid": 29653,
+ "parentTgid": 29643,
+ "pid": 29708,
+ "tgid": 29698,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "exec",
+ "--process",
+ "/tmp/runc-process1902905867",
+ "--console-socket",
+ "/tmp/pty1898144877/pty.sock",
+ "--detach",
+ "--pid-file",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:10.816Z"
+ }
+ ],
+ "child_tgid": [
+ 29705,
+ 29707,
+ 29709
+ ]
+}
+
+{
+ "tgid": 29705,
+ "findPid": {
+ "29705": 0
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "0001-01-01T00:00:00Z",
+ "ppid": 29703,
+ "parentTgid": 29698,
+ "pid": 29705,
+ "tgid": 29705,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "exe",
+ "rootfs": "",
+ "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "children": [],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:10.773Z",
+ "execArgs": [
+ "runc",
+ "init"
+ ]
+ },
+ {
+ "timestamp": "2024-08-31T08:14:10.788Z",
+ "execArgs": [
+ "runc",
+ "init"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:10.795Z"
+ }
+ ],
+ "child_tgid": []
+}
+
+{
+ "tgid": 29707,
+ "findPid": {
+ "29707": 0
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.792Z",
+ "ppid": 29703,
+ "parentTgid": 29698,
+ "pid": 29707,
+ "tgid": 29707,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[1:CHILD]",
+ "rootfs": "",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:10.793Z"
+ }
+ ],
+ "child_tgid": []
+}
+
+{
+ "tgid": 29709,
+ "findPid": {
+ "29709": 0,
+ "29710": 1,
+ "29711": 2,
+ "29712": 3,
+ "29713": 4,
+ "29714": 5
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.793Z",
+ "ppid": 29703,
+ "parentTgid": 29698,
+ "pid": 29709,
+ "tgid": 29709,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[2:INIT]",
+ "rootfs": "",
+ "cwd": "/",
+ "children": [
+ 29715,
+ 29717,
+ 29723
+ ],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:10.812Z",
+ "execArgs": [
+ "bash"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:23.918Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.795Z",
+ "ppid": 29703,
+ "parentTgid": 29698,
+ "pid": 29710,
+ "tgid": 29709,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[2:INIT]",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:10.816Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.795Z",
+ "ppid": 29703,
+ "parentTgid": 29698,
+ "pid": 29711,
+ "tgid": 29709,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[2:INIT]",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:10.813Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.796Z",
+ "ppid": 29703,
+ "parentTgid": 29698,
+ "pid": 29712,
+ "tgid": 29709,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[2:INIT]",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:10.813Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.796Z",
+ "ppid": 29703,
+ "parentTgid": 29698,
+ "pid": 29713,
+ "tgid": 29709,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[2:INIT]",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:10.816Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.797Z",
+ "ppid": 29703,
+ "parentTgid": 29698,
+ "pid": 29714,
+ "tgid": 29709,
+ "args": [
+ "runc",
+ "init",
+ ""
+ ],
+ "comm": "runc:[2:INIT]",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:10.816Z"
+ }
+ ],
+ "child_tgid": [
+ 29715,
+ 29717,
+ 29723
+ ]
+}
+
+{
+ "tgid": 29715,
+ "findPid": {
+ "29715": 0
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.817Z",
+ "ppid": 29709,
+ "parentTgid": 29709,
+ "pid": 29715,
+ "tgid": 29715,
+ "args": [
+ "bash",
+ ""
+ ],
+ "comm": "bash",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/",
+ "children": [
+ 29716
+ ],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:10.82Z"
+ }
+ ],
+ "child_tgid": [
+ 29716
+ ]
+}
+
+{
+ "tgid": 29716,
+ "findPid": {
+ "29716": 0
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.817Z",
+ "ppid": 29715,
+ "parentTgid": 29715,
+ "pid": 29716,
+ "tgid": 29716,
+ "args": [
+ "bash",
+ ""
+ ],
+ "comm": "bash",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:10.816Z",
+ "execArgs": [
+ "groups"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:10.82Z"
+ }
+ ],
+ "child_tgid": []
+}
+
+{
+ "tgid": 29717,
+ "findPid": {
+ "29717": 0
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.821Z",
+ "ppid": 29709,
+ "parentTgid": 29709,
+ "pid": 29717,
+ "tgid": 29717,
+ "args": [
+ "bash",
+ ""
+ ],
+ "comm": "bash",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/",
+ "children": [
+ 29718
+ ],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:10.825Z"
+ }
+ ],
+ "child_tgid": [
+ 29718
+ ]
+}
+
+{
+ "tgid": 29718,
+ "findPid": {
+ "29718": 0
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:10.822Z",
+ "ppid": 29717,
+ "parentTgid": 29717,
+ "pid": 29718,
+ "tgid": 29718,
+ "args": [
+ "bash",
+ ""
+ ],
+ "comm": "bash",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:10.822Z",
+ "execArgs": [
+ "dircolors",
+ "-b"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:10.823Z"
+ }
+ ],
+ "child_tgid": []
+}
+
+{
+ "tgid": 29723,
+ "findPid": {
+ "29723": 0
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:15.335Z",
+ "ppid": 29709,
+ "parentTgid": 29709,
+ "pid": 29723,
+ "tgid": 29723,
+ "args": [
+ "bash",
+ ""
+ ],
+ "comm": "bash",
+ "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
+ "cwd": "/",
+ "children": [],
+ "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:15.334Z",
+ "execArgs": [
+ "vim",
+ "/root/hello.c"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:21.954Z"
+ }
+ ],
+ "child_tgid": []
+}
+
+{
+ "tgid": 29749,
+ "findPid": {
+ "29749": 0,
+ "29750": 1,
+ "29751": 2,
+ "29752": 3,
+ "29753": 4,
+ "29754": 5
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.658Z",
+ "ppid": 29654,
+ "parentTgid": 29643,
+ "pid": 29749,
+ "tgid": 29749,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-address",
+ "/run/containerd/containerd.sock",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:26.66Z",
+ "execArgs": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "delete",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:26.675Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.665Z",
+ "ppid": 29654,
+ "parentTgid": 29643,
+ "pid": 29750,
+ "tgid": 29749,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "delete",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.675Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.665Z",
+ "ppid": 29654,
+ "parentTgid": 29643,
+ "pid": 29751,
+ "tgid": 29749,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "delete",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.675Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.666Z",
+ "ppid": 29654,
+ "parentTgid": 29643,
+ "pid": 29752,
+ "tgid": 29749,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "delete",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.676Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.666Z",
+ "ppid": 29654,
+ "parentTgid": 29643,
+ "pid": 29753,
+ "tgid": 29749,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "delete",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.675Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.666Z",
+ "ppid": 29654,
+ "parentTgid": 29643,
+ "pid": 29754,
+ "tgid": 29749,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "delete",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.676Z"
+ }
+ ],
+ "child_tgid": []
+}
+
+{
+ "tgid": 29758,
+ "findPid": {
+ "29758": 0,
+ "29759": 1,
+ "29760": 2,
+ "29761": 3,
+ "29762": 4,
+ "29763": 5,
+ "29764": 6
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.679Z",
+ "ppid": 19408,
+ "parentTgid": 18009,
+ "pid": 29758,
+ "tgid": 29758,
+ "args": [
+ "/usr/bin/containerd",
+ ""
+ ],
+ "comm": "containerd",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:26.678Z",
+ "execArgs": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "delete"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:26.71Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.681Z",
+ "ppid": 19408,
+ "parentTgid": 18009,
+ "pid": 29759,
+ "tgid": 29758,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "delete",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.719Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.682Z",
+ "ppid": 19408,
+ "parentTgid": 18009,
+ "pid": 29760,
+ "tgid": 29758,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "delete",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.71Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.682Z",
+ "ppid": 19408,
+ "parentTgid": 18009,
+ "pid": 29761,
+ "tgid": 29758,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "delete",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.709Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.694Z",
+ "ppid": 19408,
+ "parentTgid": 18009,
+ "pid": 29762,
+ "tgid": 29758,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "delete",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.71Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.694Z",
+ "ppid": 19408,
+ "parentTgid": 18009,
+ "pid": 29763,
+ "tgid": 29758,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "delete",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.709Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.694Z",
+ "ppid": 19408,
+ "parentTgid": 18009,
+ "pid": 29764,
+ "tgid": 29758,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "delete",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [
+ 29765,
+ 29766,
+ 29767,
+ 29768,
+ 29769
+ ],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.709Z"
+ }
+ ],
+ "child_tgid": [
+ 29765
+ ]
+}
+
+{
+ "tgid": 29765,
+ "findPid": {
+ "29765": 0,
+ "29766": 1,
+ "29767": 2,
+ "29768": 3,
+ "29769": 4
+ },
+ "threads": [
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.695Z",
+ "ppid": 29764,
+ "parentTgid": 29758,
+ "pid": 29765,
+ "tgid": 29765,
+ "args": [
+ "/usr/bin/containerd-shim-runc-v2",
+ "-namespace",
+ "moby",
+ "-address",
+ "/run/containerd/containerd.sock",
+ "-publish-binary",
+ "/usr/bin/containerd",
+ "-id",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "-bundle",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "delete",
+ ""
+ ],
+ "comm": "containerd-shim",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [
+ {
+ "timestamp": "2024-08-31T08:14:26.694Z",
+ "execArgs": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "delete",
+ "--force",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19"
+ ]
+ }
+ ],
+ "exit_code": 0,
+ "exit_signal": 17,
+ "exit_timestamp": "2024-08-31T08:14:26.706Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.7Z",
+ "ppid": 29764,
+ "parentTgid": 29758,
+ "pid": 29766,
+ "tgid": 29765,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "delete",
+ "--force",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.707Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.701Z",
+ "ppid": 29764,
+ "parentTgid": 29758,
+ "pid": 29767,
+ "tgid": 29765,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "delete",
+ "--force",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.706Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.701Z",
+ "ppid": 29764,
+ "parentTgid": 29758,
+ "pid": 29768,
+ "tgid": 29765,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "delete",
+ "--force",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.707Z"
+ },
+ {
+ "star": false,
+ "start_timestamp": "2024-08-31T08:14:26.703Z",
+ "ppid": 29764,
+ "parentTgid": 29758,
+ "pid": 29769,
+ "tgid": 29765,
+ "args": [
+ "runc",
+ "--root",
+ "/var/run/docker/runtime-runc/moby",
+ "--log",
+ "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
+ "--log-format",
+ "json",
+ "delete",
+ "--force",
+ "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ ""
+ ],
+ "comm": "runc",
+ "rootfs": "",
+ "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
+ "children": [],
+ "docker_id": "",
+ "execve": [],
+ "exit_code": 0,
+ "exit_signal": 4294967295,
+ "exit_timestamp": "2024-08-31T08:14:26.708Z"
+ }
+ ],
+ "child_tgid": []
+}
+
diff --git a/filter/logs/tree.log b/filter/logs/tree.log
new file mode 100644
index 0000000..c9d7e34
--- /dev/null
+++ b/filter/logs/tree.log
@@ -0,0 +1,26 @@
+└── 18009:
+ ├── 29634: /usr/bin/containerd
+ │ └── 29643: /usr/bin/containerd-shim-runc-v2 -namespace moby -id 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 -address /run/containerd/containerd.sock
+ │ ├── 29680: /usr/bin/containerd-shim-runc-v2 -namespace moby -id 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 -address /run/containerd/containerd.sock
+ │ ├── 29742: /usr/bin/containerd-shim-runc-v2 -namespace moby -id 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 -address /run/containerd/containerd.sock
+ │ ├── 29655: /usr/bin/containerd-shim-runc-v2 -namespace moby -id 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 -address /run/containerd/containerd.sock
+ │ │ ├── 29662: runc --root /var/run/docker/runtime-runc/moby --log /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json --log-format json create --bundle /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 --pid-file /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid --console-socket /tmp/pty347635701/pty.sock 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19
+ │ │ ├── 29663: runc init
+ │ │ ├── 29664: runc init
+ │ │ │ ├── 29686: /bin/bash
+ │ │ │ │ └── 29687:
+ │ │ │ └── 29688: /bin/bash
+ │ │ │ └── 29689: dircolors -b
+ │ │ └── 29670: runc --root /var/run/docker/runtime-runc/moby --log /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json --log-format json create --bundle /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 --pid-file /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid --console-socket /tmp/pty347635701/pty.sock 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19
+ │ ├── 29698:
+ │ │ ├── 29705: runc init
+ │ │ ├── 29707: runc init
+ │ │ └── 29709: runc init
+ │ │ ├── 29715: bash
+ │ │ │ └── 29716: bash
+ │ │ ├── 29717: bash
+ │ │ │ └── 29718: bash
+ │ │ └── 29723: bash
+ │ └── 29749: /usr/bin/containerd-shim-runc-v2 -namespace moby -id 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 -address /run/containerd/containerd.sock
+ └── 29758: /usr/bin/containerd
+ └── 29765: /usr/bin/containerd-shim-runc-v2 -namespace moby -address /run/containerd/containerd.sock -publish-binary /usr/bin/containerd -id 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 -bundle /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 delete
diff --git a/filter/pids.go b/filter/pids.go
new file mode 100644
index 0000000..bd4b095
--- /dev/null
+++ b/filter/pids.go
@@ -0,0 +1,301 @@
+package main
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "sort"
+)
+
+var count int
+var starTgid int
+
+func filtPids(pRawPidData *[]Process) {
+ /* ATTENTION: 把map/slice直接传参是危险的
+ * 传递的是指针,不会引起大的复制开销,
+ * 但是map/slice在callee func内被修改**可能**导致内存更改
+ * 而这样的内存更改对caller function来说是不可见的,看到的还是原来的东西
+ * 这里由于参数几乎都是只读不写,因而用一下
+ */
+
+ // 合并由多线程导致的重复记录,顺便按照pid升序
+ // 多线程已经取消了,但保险起见还是留着
+ merged := mergeProcess(pRawPidData)
+ // 将Process按照tgid合并
+ var tgidMap map[int]*tgidNode
+ var rootfsPids []int
+ tgidMap, starTgid, rootfsPids = getTgidNodes(merged)
+ // 建树,helloTree
+ buildTree(tgidMap, starTgid)
+ // 对树上的进程做一些优化处理
+ optimazePid(starTgid, rootfsPids)
+}
+
+func ProMerge(a, b Process) (res Process) {
+ // 合并过程中会遇到什么问题?
+ res.Star = false
+
+ if a.StartTimestamp.IsZero() {
+ res.StartTimestamp = b.StartTimestamp
+ } else if b.StartTimestamp.IsZero() {
+ res.StartTimestamp = a.StartTimestamp
+ } else if a.StartTimestamp.Before(b.StartTimestamp) {
+ res.StartTimestamp = a.StartTimestamp
+ } else {
+ res.StartTimestamp = b.StartTimestamp
+ }
+
+ res.Ppid = a.Ppid
+ if a.ParentTgid == 0 {
+ res.ParentTgid = b.ParentTgid
+ } else {
+ res.ParentTgid = a.ParentTgid
+ }
+
+ res.Pid = a.Pid
+ if a.Tgid == 0 {
+ res.Tgid = b.Tgid
+ } else {
+ res.Tgid = a.Tgid
+ }
+
+ if len(a.Args) == 0 {
+ res.Args = b.Args
+ } else {
+ res.Args = a.Args
+ }
+
+ if a.Comm == "" {
+ res.Comm = b.Comm
+ } else {
+ res.Comm = a.Comm
+ }
+
+ if a.RootFS == "" {
+ res.RootFS = b.RootFS
+ } else {
+ res.RootFS = a.RootFS
+ }
+
+ if a.Cwd == "" {
+ res.Cwd = b.Cwd
+ } else {
+ res.Cwd = a.Cwd
+ }
+
+ res.Execve = append(a.Execve, b.Execve...)
+ res.Children = append(a.Children, b.Children...)
+
+ var flag bool // 真a假b
+ if a.ExitTimestamp.IsZero() {
+ flag = false
+ } else if b.ExitTimestamp.IsZero() {
+ flag = true
+ } else if a.ExitTimestamp.Before(b.ExitTimestamp) {
+ flag = true
+ } else {
+ flag = false
+ }
+
+ if flag {
+ res.ExitCode = a.ExitCode
+ res.ExitSignal = a.ExitSignal
+ res.ExitTimestamp = a.ExitTimestamp
+ } else {
+ res.ExitCode = b.ExitCode
+ res.ExitSignal = b.ExitSignal
+ res.ExitTimestamp = b.ExitTimestamp
+ }
+
+ return res
+}
+
+func mergeProcess(pRawPidData *[]Process) (merged []Process) {
+ rawPidData := *pRawPidData
+ // 合并由多线程导致的重复记录,顺便按照pid升序
+ index := make(map[int]int)
+ for _, process := range rawPidData {
+ i, exists := index[process.Pid]
+ if exists {
+ // 已存在,合并
+ merged[i] = ProMerge(merged[i], process)
+ } else {
+ // 不存在,直接添加
+ merged = append(merged, process)
+ index[process.Pid] = len(merged) - 1
+ }
+ }
+ sort.Slice(merged, func(i, j int) bool {
+ return merged[i].Pid < merged[j].Pid
+ })
+ return merged
+}
+
+func getTgidNodes(merged []Process) (tgidMap map[int]*tgidNode, starTgid int, rootfsPids []int) {
+ // 合并出来的进程整理为tgidNode
+ tgidMap = make(map[int]*tgidNode)
+ findTgid = make(map[int]int) // pid --> tgid
+ // var starTgid, rootFsPid int
+ starTgid = -1
+ // rootfsPid = -1
+ rootfsPids = make([]int, 0)
+ for _, val := range merged {
+ if val.Star {
+ starTgid = val.Tgid
+ } else if val.RootFS != "" {
+ rootfsPids = append(rootfsPids, val.Pid)
+ }
+ // 登记tgid
+ findTgid[val.Pid] = val.Tgid
+ nodeval, exists := tgidMap[val.Tgid]
+ if exists {
+ // 直接记录
+ nodeval.Threads = append(nodeval.Threads, val)
+ nodeval.FindPid[val.Pid] = len(nodeval.Threads) - 1
+ } else {
+ node := tgidNode{
+ Tgid: val.Tgid,
+ FindPid: make(map[int]int),
+ Threads: make([]Process, 0),
+ ChildTgid: make([]int, 0),
+ }
+ node.Threads = append(node.Threads, val)
+ node.FindPid[val.Pid] = 0
+ tgidMap[val.Tgid] = &node
+ }
+ }
+ return tgidMap, starTgid, rootfsPids
+}
+
+func buildTree(tgidMap map[int]*tgidNode, starTgid int) {
+ // 从tgid==starTgid开始,构建树
+ helloTree = make(map[int]*tgidNode) // 在树上的tgid节点,tgid --> *tgidNode
+ var q Queue // 记录每一个整理好的结构体,bfs
+ visited := make(map[int]bool) // 哪些tgid已经访问过
+
+ tmp, exists := tgidMap[starTgid]
+ if !exists {
+ return
+ }
+
+ // helloTree负责在遍历到该节点时记录
+ // 队列仅负责搞明白哪些节点在树上
+ // 因而所有添加子代tgid的行为只针对helloTree
+ // q不添加,直接把新的tgid对应的tgidNode入队就是了
+ q.Enqueue(tmp)
+ visited[starTgid] = true
+ for !q.IsEmpty() {
+ tmp, ok := q.Dequeue()
+ if !ok {
+ continue
+ }
+ node := tmp.(*tgidNode) // 队列里的一个节点,这里必须重新申请node
+ helloTree[node.Tgid] = node
+ for i := 0; i < len(node.Threads); i++ {
+ for j := 0; j < len(node.Threads[i].Children); j++ {
+ tgid := findTgid[node.Threads[i].Children[j]]
+ _, exists := visited[tgid]
+ if !exists {
+ // 子代里有没见过的tgid
+ tgidNode, exists := tgidMap[tgid]
+ if !exists {
+ continue
+ }
+ helloTree[node.Tgid].ChildTgid = append(helloTree[node.Tgid].ChildTgid, tgid)
+ q.Enqueue(tgidNode)
+ visited[tgid] = true
+ }
+ }
+ }
+ }
+}
+
+func optimazePid(starTgid int, rootfsPids []int) {
+ getDockerRootFs := make(map[string]string) // dockerId --> rootfs
+ // 首先处理一下记录有pivot_root信息的进程,防止pivot先于fork
+ for _, rootfsPid := range rootfsPids {
+ rootfsTgid := findTgid[rootfsPid]
+ i := helloTree[rootfsTgid].FindPid[rootfsPid]
+ rootfsProcess := &(helloTree[rootfsTgid].Threads[i])
+ if rootfsProcess.RootFS == "cwd" {
+ rootfsProcess.RootFS = rootfsProcess.Cwd
+ }
+ getDockerRootFs[rootfsProcess.DockerId] = rootfsProcess.RootFS
+ }
+
+ count = 0
+ for _, val := range helloTree {
+ // 处理一下pid结束时间,顺便找找爹
+ // 结束时间是因为很多线程结束时间没获取到,默认按照进程退出时间处理
+ // Ppid是因为进程产生之初收到的信息写的爹一定是亲爹
+ // 但是产生线程时候该进程很可能已作为孤儿被收养,导致线程里关于爹的记录是继父
+ for i := 0; i < len(val.Threads); i++ {
+ if i != 0 {
+ if val.Threads[i].Tgid < val.Threads[0].Tgid {
+ val.Threads[i].ParentTgid = val.Threads[0].ParentTgid
+ val.Threads[i].Ppid = val.Threads[0].Ppid
+ }
+ if val.Threads[i].ExitTimestamp.IsZero() {
+ val.Threads[i].ExitCode = val.Threads[0].ExitCode
+ val.Threads[i].ExitTimestamp = val.Threads[0].ExitTimestamp
+ val.Threads[i].ExitSignal = val.Threads[0].ExitSignal
+ }
+ }
+
+ dockerId := val.Threads[i].DockerId
+ if dockerId != "" {
+ rootfs, exists := getDockerRootFs[dockerId]
+ if !exists {
+ fmt.Fprintf(os.Stderr, "Err: the docker rootfs of pid %d is not known!\n", val.Threads[i].Pid)
+ continue
+ }
+ val.Threads[i].RootFS = rootfs
+ }
+ }
+
+ count++
+ }
+}
+
+// 绘制进程树
+func drawTree(treeFile *os.File, pidFile *os.File, node *tgidNode, prefix string, isLast bool) {
+ if node == nil {
+ return
+ }
+
+ fmt.Fprintf(treeFile, "%s", prefix)
+ if isLast {
+ fmt.Fprintf(treeFile, "└── ")
+ prefix += " "
+ } else {
+ fmt.Fprintf(treeFile, "├── ")
+ prefix += "│ "
+ }
+ // 将当前进程的参数整理为一行命令
+ argv := ""
+ for i, arg := range node.Threads[0].Args {
+ if i == 0 {
+ argv = arg
+ } else {
+ argv += " " + arg
+ }
+ }
+ fmt.Fprintf(treeFile, "%d: %s\n", node.Tgid, argv)
+
+ // 当前节点信息以json格式写入pidFile
+ jsonData, err := json.MarshalIndent(node, "", " ")
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Err: %v\n", err)
+ return
+ }
+ pidFile.Write(jsonData)
+ pidFile.WriteString("\n\n")
+
+ // 递归打印子节点
+ for i, childTgid := range node.ChildTgid {
+ childNode, exists := helloTree[childTgid]
+ if exists {
+ drawTree(treeFile, pidFile, childNode, prefix, i == len(node.ChildTgid)-1)
+ }
+ }
+}
diff --git a/listener/basefunc.go b/listener/basefunc.go
index 2f39507..dcaf68a 100644
--- a/listener/basefunc.go
+++ b/listener/basefunc.go
@@ -4,46 +4,52 @@ import (
"bufio"
"fmt"
"os"
- "os/exec"
"path/filepath"
+ "regexp"
"strconv"
"strings"
"time"
)
func figureOutSyscalls() error {
- cmd := exec.Command("ausyscall", "--dump")
- stdout, err := cmd.StdoutPipe()
+ var targetFile string
+ err := filepath.Walk("/usr/include", func(path string, info os.FileInfo, err error) error {
+ if err != nil {
+ return err
+ }
+ if strings.HasSuffix(path, "asm/unistd_64.h") {
+ targetFile = path
+ return filepath.SkipDir // 找到后提前退出遍历
+ }
+ return nil
+ })
if err != nil {
return err
}
- if err := cmd.Start(); err != nil {
+ // 如果没有找到目标文件
+ if targetFile == "" {
+ return fmt.Errorf("file asm/unistd_64.h not found in /usr/include")
+ }
+
+ NRRegex := regexp.MustCompile(`#define __NR_(.*?) (\d+)$`)
+ file, err := os.Open("/usr/include/asm/unistd_64.h")
+ if err != nil {
return err
}
+ defer file.Close()
- scanner := bufio.NewScanner(stdout)
- for i := 0; scanner.Scan(); i++ {
- if i == 0 {
- continue
- }
+ scanner := bufio.NewScanner(file)
+ for scanner.Scan() {
line := scanner.Text()
- parts := strings.Split(line, "\t")
- if len(parts) != 2 {
- return fmt.Errorf("invalid ausyscall format")
+ if NRRegex.MatchString(line) {
+ match := NRRegex.FindStringSubmatch(line)
+ num, err := strconv.Atoi(match[2])
+ if err != nil {
+ return err
+ }
+ syscallTable[num] = match[1]
}
- num, err := strconv.Atoi(parts[0])
- if err != nil {
- return err
- }
- syscallTable[num] = parts[1]
- }
-
- if err := scanner.Err(); err != nil {
- return err
- }
- if err := cmd.Wait(); err != nil {
- return err
}
return nil
}
diff --git a/listener/godo.go b/listener/godo.go
index 0e1dc73..4f09b67 100644
--- a/listener/godo.go
+++ b/listener/godo.go
@@ -108,11 +108,11 @@ func coroutine(client *libaudit.AuditClient) error {
wg.Add(1)
go deal()
wg.Add(1)
- go procWatch()
- wg.Add(1)
go receive(client)
wg.Add(1)
go orgnaze()
+ wg.Add(1)
+ go procWatch()
wg.Wait()
time.Sleep(2 * time.Second)
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-12-17 13:30:55 +0000