-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix resource leak bug in auditbeat/socket #41080
Fix resource leak bug in auditbeat/socket #41080
Conversation
This pull request does not have a backport label.
To fixup this pull request, you need to add the backport labels for the needed
|
|
Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for fixing this!
* fix resource leak bug in auditbeat/socket * linter.. * linter... (cherry picked from commit 12e846b)
Proposed commit message
This appears to be a long-running resource leak in auditbeat that happens under the following conditions:
fork
kretprobe eventpid == tid
for the given exiting process, it will clean up the process hashmap entrypid != tid
never gets cleaned upThis slightly alters the logic so
if pid != tid && s.processExists(tid)
, we also clean up the entry for the TID on exit.Checklist
CHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.