[CWS] move cgroup context in linux specific serializer

docs/cloud-workload-security/backend_linux.md

@@ -1718,9 +1718,6 @@ CSM Threats event for Linux systems have the following JSON schema:
         "container": {
             "$ref": "#/$defs/ContainerContext"
         },
-        "cgroup": {
-            "$ref": "#/$defs/CGroupContext"
-        },
         "network": {
             "$ref": "#/$defs/NetworkContext"
         },
@@ -1730,6 +1727,9 @@ CSM Threats event for Linux systems have the following JSON schema:
         "security_profile": {
             "$ref": "#/$defs/SecurityProfileContext"
         },
+        "cgroup": {
+            "$ref": "#/$defs/CGroupContext"
+        },
         "selinux": {
             "$ref": "#/$defs/SELinuxEvent"
         },
@@ -1802,10 +1802,10 @@ CSM Threats event for Linux systems have the following JSON schema:
 | `exit` | $ref | Please see [ExitEvent](#exitevent) |
 | `process` | $ref | Please see [ProcessContext](#processcontext) |
 | `container` | $ref | Please see [ContainerContext](#containercontext) |
-| `cgroup` | $ref | Please see [CGroupContext](#cgroupcontext) |
 | `network` | $ref | Please see [NetworkContext](#networkcontext) |
 | `dd` | $ref | Please see [DDContext](#ddcontext) |
 | `security_profile` | $ref | Please see [SecurityProfileContext](#securityprofilecontext) |
+| `cgroup` | $ref | Please see [CGroupContext](#cgroupcontext) |
 | `selinux` | $ref | Please see [SELinuxEvent](#selinuxevent) |
 | `bpf` | $ref | Please see [BPFEvent](#bpfevent) |
 | `mmap` | $ref | Please see [MMapEvent](#mmapevent) |

docs/cloud-workload-security/backend_linux.schema.json

@@ -1707,9 +1707,6 @@
     "container": {
       "$ref": "#/$defs/ContainerContext"
     },
-    "cgroup": {
-      "$ref": "#/$defs/CGroupContext"
-    },
     "network": {
       "$ref": "#/$defs/NetworkContext"
     },
@@ -1719,6 +1716,9 @@
     "security_profile": {
       "$ref": "#/$defs/SecurityProfileContext"
     },
+    "cgroup": {
+      "$ref": "#/$defs/CGroupContext"
+    },
     "selinux": {
       "$ref": "#/$defs/SELinuxEvent"
     },

pkg/security/serializers/serializers_base.go

@@ -18,15 +18,6 @@ import (
 	"github.com/DataDog/datadog-agent/pkg/util/scrubber"
 )
 
-// CGroupContextSerializer serializes a cgroup context to JSON
-// easyjson:json
-type CGroupContextSerializer struct {
-	// CGroup ID
-	ID string `json:"id,omitempty"`
-	// CGroup manager
-	Manager string `json:"manager,omitempty"`
-}
-
 // ContainerContextSerializer serializes a container context to JSON
 // easyjson:json
 type ContainerContextSerializer struct {
@@ -213,7 +204,6 @@ type BaseEventSerializer struct {
 	*ExitEventSerializer        `json:"exit,omitempty"`
 	*ProcessContextSerializer   `json:"process,omitempty"`
 	*ContainerContextSerializer `json:"container,omitempty"`
-	*CGroupContextSerializer    `json:"cgroup,omitempty"`
 }
 
 // TLSContextSerializer defines a tls context serializer

pkg/security/serializers/serializers_linux.go

@@ -81,6 +81,15 @@ type FileSerializer struct {
 	MountOrigin string `json:"mount_origin,omitempty"`
 }
 
+// CGroupContextSerializer serializes a cgroup context to JSON
+// easyjson:json
+type CGroupContextSerializer struct {
+	// CGroup ID
+	ID string `json:"id,omitempty"`
+	// CGroup manager
+	Manager string `json:"manager,omitempty"`
+}
+
 // UserContextSerializer serializes a user context to JSON
 // easyjson:json
 type UserContextSerializer struct {
@@ -622,6 +631,7 @@ type EventSerializer struct {
 	*NetworkContextSerializer         `json:"network,omitempty"`
 	*DDContextSerializer              `json:"dd,omitempty"`
 	*SecurityProfileContextSerializer `json:"security_profile,omitempty"`
+	*CGroupContextSerializer          `json:"cgroup,omitempty"`
 
 	*SELinuxEventSerializer   `json:"selinux,omitempty"`
 	*BPFEventSerializer       `json:"bpf,omitempty"`