-
Notifications
You must be signed in to change notification settings - Fork 728
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing activity from spy_users chisel #1631
Comments
I have the same problem, with a modified version of the chisel but even with the original. @jbarszcz: Your reproduction steps show that it is not depending on time (what I thought first), but on what is happening. Your report alone saved me some gray hairs and made it possible to try to hunt this thing down. When running Same sysdig version (0.28.7), full updated ubuntu 18.04.
|
when shortening the filter to |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
I noticed a strange behaviour of the spy_users chisel. After
cd
commandit stops showing commands executed inside the container. Sometimes two iterations of this process are required to reproduce this behaviour, but I noticed that it happenes every time.
Terminal 1:
sudo sysdig -w output.scap
Terminal 2:
Terminal 1
output:
The
cat /etc/passwd
andls -ltr
commands did not appear as the result of spy_users chisel. However, events of executing this commands are visibile in theoutput.scap
.The
cd
directory does not matter, it is/home
in the example but any other directory should cause the same problem. In my proof of concept the spy_users chisel stopped working after one "iteration" of docker exec/cd/exit commands, but sometimes it stopps after two iterations. Moreover, the container image should not matter as well, since I have encountered this issue using multiple different container images.System: Ubuntu 18.4. Tested on two separate environments (AWS and local VM).
The text was updated successfully, but these errors were encountered: