Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Nomad exec/fork calls during job setup
$ sudo bpftrace ./execsnoop.bt
Attaching 3 probes...
TIME(ms) PID ARGS
1892 9766 /sbin/iptables --version
1893 9767 /sbin/iptables -t filter -S --wait
1895 9768 /sbin/iptables -t filter -C NOMAD-ADMIN -o nomad -d 172.26.64.0/20 -j ACCEPT --wait
1896 9769 /opt/cni/bin/bridge
2413 9803 /lib/udev/bridge-network-interface
2414 9805 /bin/networkctl list --no-pager --no-legend
2416 9806 /lib/open-iscsi/net-interface-handler start
2417 9807 /lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/veth75073c71 --prefix=/net/ipv4/neigh/veth75073c71 --prefix=/net/ipv6/conf/veth75073c71 --prefix=/net/ipv6/neigh/veth75073c71
2418 9810 /opt/cni/bin/host-local
2444 9821 /sbin/iptables --version
2445 9822 /sbin/iptables -t nat -S --wait
2446 9823 /sbin/iptables -t nat -N CNI-cc8bc311df037a44c0c6ef9e --wait
2448 9824 /sbin/iptables -t nat -C CNI-cc8bc311df037a44c0c6ef9e -d 172.26.64.214/20 -j ACCEPT -m comment --comment name: "nomad" id: "b137da6d-0445-6327-c96e-c4c88b26e49a" --wait
2449 9825 /sbin/iptables -t nat -A CNI-cc8bc311df037a44c0c6ef9e -d 172.26.64.214/20 -j ACCEPT -m comment --comment name: "nomad" id: "b137da6d-0445-6327-c96e-c4c88b26e49a" --wait
2450 9826 /sbin/iptables -t nat -C CNI-cc8bc311df037a44c0c6ef9e ! -d 224.0.0.0/4 -j MASQUERADE -m comment --comment name: "nomad" id: "b137da6d-0445-6327-c96e-c4c88b26e49a" --wait
2451 9827 /sbin/iptables -t nat -A CNI-cc8bc311df037a44c0c6ef9e ! -d 224.0.0.0/4 -j MASQUERADE -m comment --comment name: "nomad" id: "b137da6d-0445-6327-c96e-c4c88b26e49a" --wait
2452 9828 /sbin/iptables -t nat -C POSTROUTING -s 172.26.64.214 -j CNI-cc8bc311df037a44c0c6ef9e -m comment --comment name: "nomad" id: "b137da6d-0445-6327-c96e-c4c88b26e49a" --wait
2453 9829 /sbin/iptables -t nat -A POSTROUTING -s 172.26.64.214 -j CNI-cc8bc311df037a44c0c6ef9e -m comment --comment name: "nomad" id: "b137da6d-0445-6327-c96e-c4c88b26e49a" --wait
2455 9830 /opt/cni/bin/firewall
2457 9835 /sbin/iptables --version
2458 9836 /sbin/ip6tables --version
2459 9837 /sbin/iptables -t filter -S --wait
2461 9838 /sbin/iptables -t filter -S --wait
2462 9840 /sbin/iptables -t filter -C FORWARD -m comment --comment CNI firewall plugin rules -j CNI-FORWARD --wait
2463 9841 /sbin/iptables -t filter -C CNI-FORWARD -m comment --comment CNI firewall plugin rules -j NOMAD-ADMIN --wait
2464 9842 /sbin/iptables -t filter -C CNI-FORWARD -d 172.26.64.214/32 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT --wait
2465 9843 /sbin/iptables -t filter -A CNI-FORWARD -d 172.26.64.214/32 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT --wait
2466 9844 /sbin/iptables -t filter -C CNI-FORWARD -s 172.26.64.214/32 -j ACCEPT --wait
2468 9845 /sbin/iptables -t filter -A CNI-FORWARD -s 172.26.64.214/32 -j ACCEPT --wait
2470 9846 /opt/cni/bin/portmap
2472 9851 /sbin/iptables --version
2473 9852 /sbin/iptables -t nat -S --wait
2474 9853 /sbin/iptables -t nat -C CNI-HOSTPORT-SETMARK -m comment --comment CNI portfwd masquerade mark -j MARK --set-xmark 0x2000/0x2000 --wait
2476 9854 /sbin/iptables -t nat -S --wait
2477 9855 /sbin/iptables -t nat -C CNI-HOSTPORT-MASQ -m mark --mark 0x2000/0x2000 -j MASQUERADE --wait
2479 9856 /sbin/iptables -t nat -C POSTROUTING -m comment --comment CNI portfwd requiring masquerade -j CNI-HOSTPORT-MASQ --wait
2480 9857 /sbin/iptables -t nat -S --wait
2481 9858 /sbin/iptables -t nat -C PREROUTING -m addrtype --dst-type LOCAL -j CNI-HOSTPORT-DNAT --wait
2483 9859 /sbin/iptables -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j CNI-HOSTPORT-DNAT --wait
2484 9860 /sbin/iptables -t nat -S --wait
2485 9861 /sbin/iptables -t nat -N CNI-DN-cc8bc311df037a44c0c6e --wait
2486 9862 /sbin/iptables -t nat -C CNI-DN-cc8bc311df037a44c0c6e -p tcp --dport 20733 -d 10.0.2.15 -s 172.26.64.214/20 -j CNI-HOSTPORT-SETMARK --wait
2487 9863 /sbin/iptables -t nat -A CNI-DN-cc8bc311df037a44c0c6e -p tcp --dport 20733 -d 10.0.2.15 -s 172.26.64.214/20 -j CNI-HOSTPORT-SETMARK --wait
2488 9864 /sbin/iptables -t nat -C CNI-DN-cc8bc311df037a44c0c6e -p tcp --dport 20733 -d 10.0.2.15 -s 127.0.0.1 -j CNI-HOSTPORT-SETMARK --wait
2489 9865 /sbin/iptables -t nat -A CNI-DN-cc8bc311df037a44c0c6e -p tcp --dport 20733 -d 10.0.2.15 -s 127.0.0.1 -j CNI-HOSTPORT-SETMARK --wait
2491 9866 /sbin/iptables -t nat -C CNI-DN-cc8bc311df037a44c0c6e -p tcp --dport 20733 -d 10.0.2.15 -j DNAT --to-destination 172.26.64.214:6379 --wait
2492 9867 /sbin/iptables -t nat -A CNI-DN-cc8bc311df037a44c0c6e -p tcp --dport 20733 -d 10.0.2.15 -j DNAT --to-destination 172.26.64.214:6379 --wait
2494 9868 /sbin/iptables -t nat -C CNI-DN-cc8bc311df037a44c0c6e -p udp --dport 20733 -d 10.0.2.15 -s 172.26.64.214/20 -j CNI-HOSTPORT-SETMARK --wait
2496 9869 /sbin/iptables -t nat -A CNI-DN-cc8bc311df037a44c0c6e -p udp --dport 20733 -d 10.0.2.15 -s 172.26.64.214/20 -j CNI-HOSTPORT-SETMARK --wait
2498 9870 /sbin/iptables -t nat -C CNI-DN-cc8bc311df037a44c0c6e -p udp --dport 20733 -d 10.0.2.15 -s 127.0.0.1 -j CNI-HOSTPORT-SETMARK --wait
2499 9871 /sbin/iptables -t nat -A CNI-DN-cc8bc311df037a44c0c6e -p udp --dport 20733 -d 10.0.2.15 -s 127.0.0.1 -j CNI-HOSTPORT-SETMARK --wait
2501 9872 /sbin/iptables -t nat -C CNI-DN-cc8bc311df037a44c0c6e -p udp --dport 20733 -d 10.0.2.15 -j DNAT --to-destination 172.26.64.214:6379 --wait
2502 9873 /sbin/iptables -t nat -A CNI-DN-cc8bc311df037a44c0c6e -p udp --dport 20733 -d 10.0.2.15 -j DNAT --to-destination 172.26.64.214:6379 --wait
2504 9874 /sbin/iptables -t nat -C CNI-HOSTPORT-DNAT -m comment --comment dnat name: "nomad" id: "b137da6d-0445-6327-c96e-c4c88b26e49a" -m multiport -p tcp --destination-ports 20733 -j
2505 9875 /sbin/iptables -t nat -A CNI-HOSTPORT-DNAT -m comment --comment dnat name: "nomad" id: "b137da6d-0445-6327-c96e-c4c88b26e49a" -m multiport -p tcp --destination-ports 20733 -j
2506 9876 /sbin/iptables -t nat -C CNI-HOSTPORT-DNAT -m comment --comment dnat name: "nomad" id: "b137da6d-0445-6327-c96e-c4c88b26e49a" -m multiport -p udp --destination-ports 20733 -j
2508 9877 /sbin/iptables -t nat -A CNI-HOSTPORT-DNAT -m comment --comment dnat name: "nomad" id: "b137da6d-0445-6327-c96e-c4c88b26e49a" -m multiport -p udp --destination-ports 20733 -j
2517 9878 /opt/gopath/bin/nomad logmon
4533 9892 /usr/bin/unpigz -d -c
4681 9897 /usr/bin/unpigz -d -c
4692 9901 /usr/bin/unpigz -d -c
4836 9905 /usr/bin/unpigz -d -c
6756 9909 /usr/bin/unpigz -d -c
6769 9913 /usr/bin/unpigz -d -c
7977 9919 /usr/bin/containerd-shim-runc-v2 -namespace nomad -address /run/containerd/containerd.sock -publish-binary /usr/bin/containerd -id redis-b137da6d-0445-6327-c96e-c4c88b26e49a start
7980 9926 /usr/bin/containerd-shim-runc-v2 -namespace nomad -id redis-b137da6d-0445-6327-c96e-c4c88b26e49a -address /run/containerd/containerd.sock
7984 9939 runc --root /run/containerd/runc/nomad --log /run/containerd/io.containerd.runtime.v2.task/nomad/redis-b137da6d-0445-6327-c96e-c4c88b26e49a/log.json --log-format json create --bundle /run/containerd/io.containerd.runtime.v2.task/nomad/redis-b137da6d-0445-6327-c96e-c4c88b26e49a --pid-file /run/containerd/io.containerd.runtime.v2.task/nomad/redis-b137da6d-0445-6327-c96e-c4c88b26e49a/init.pid redis-b137da6d-0445-6327-c96e-c4c88b26e49a
8001 9948 runc init
8023 9948 runc init
13131 9974 runc --root /run/containerd/runc/nomad --log /run/containerd/io.containerd.runtime.v2.task/nomad/redis-b137da6d-0445-6327-c96e-c4c88b26e49a/log.json --log-format json start redis-b137da6d-0445-6327-c96e-c4c88b26e49a
13148 9954 docker-entrypoint.sh redis-server
13149 9981 id -u
13150 9982 find . ! -user redis -exec chown redis {} +
13151 9954 su-exec redis /usr/local/bin/docker-entrypoint.sh redis-server
13151 9954 su-exec redis /usr/local/bin/docker-entrypoint.sh redis-server
13151 9954 su-exec redis /usr/local/bin/docker-entrypoint.sh redis-server
13151 9954 su-exec redis /usr/local/bin/docker-entrypoint.sh redis-server
13151 9954 su-exec redis /usr/local/bin/docker-entrypoint.sh redis-server
13151 9954 /usr/local/bin/docker-entrypoint.sh redis-server
13152 9984 id -u
13153 9954 redis-server
13153 9954 redis-server
sudo bpftrace ./execsnoop.bt
Attaching 3 probes...
TIME(ms) PID ARGS
3159 8101 /usr/bin/containerd-shim-runc-v2 -namespace moby -address /run/containerd/containerd.sock -publish-binary /usr/bin/containerd -id c9c246a0b6d0a8c9010fbdfd5e388efc3057f79175a4a50150a9964512c8aabf start
3162 8108 /usr/bin/containerd-shim-runc-v2 -namespace moby -id c9c246a0b6d0a8c9010fbdfd5e388efc3057f79175a4a50150a9964512c8aabf -address /run/containerd/containerd.sock
3664 8118 runc --root /var/run/docker/runtime-runc/moby --log /run/containerd/io.containerd.runtime.v2.task/moby/c9c246a0b6d0a8c9010fbdfd5e388efc3057f79175a4a50150a9964512c8aabf/log.json --log-format json create --bundle /run/containerd/io.containerd.runtime.v2.task/moby/c9c246a0b6d0a8c9010fbdfd5e388efc3057f79175a4a50150a9964512c8aabf --pid-file /run/containerd/io.containerd.runtime.v2.task/moby/c9c246a0b6d0a8c9010fbdfd5e388efc3057f79175a4a50150a9964512c8aabf/init.pid c9c246a0b6d0a8c9010fbdfd5e388efc3057f79175a4a50150a9964512c8aabf
3679 8127 runc init
3716 8127 runc init
4189 8146 libnetwork-setkey -exec-root=/var/run/docker c9c246a0b6d0a8c9010fbdfd5e388efc3057f79175a4a50150a9964512c8aabf f32609d9d238
4246 8155 set-ipv6 /var/run/docker/netns/1a5dc6cb862a all false
4576 8174 runc --root /var/run/docker/runtime-runc/moby --log /run/containerd/io.containerd.runtime.v2.task/moby/c9c246a0b6d0a8c9010fbdfd5e388efc3057f79175a4a50150a9964512c8aabf/log.json --log-format json start c9c246a0b6d0a8c9010fbdfd5e388efc3057f79175a4a50150a9964512c8aabf
4588 8134 /pause
4608 8182 /sbin/iptables --version
4612 8183 /sbin/iptables -t filter -S --wait
4616 8184 /sbin/iptables -t filter -N NOMAD-ADMIN --wait
4617 8185 /sbin/iptables -t filter -C NOMAD-ADMIN -o nomad -d 172.26.64.0/20 -j ACCEPT --wait
4618 8186 /sbin/iptables -t filter -A NOMAD-ADMIN -o nomad -d 172.26.64.0/20 -j ACCEPT --wait
4620 8187 /opt/cni/bin/bridge
4649 8195 /bin/networkctl list --no-pager --no-legend
4649 8194 /lib/udev/bridge-network-interface
4651 8198 /lib/open-iscsi/net-interface-handler start
4653 8199 /lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/nomad --prefix=/net/ipv4/neigh/nomad --prefix=/net/ipv6/conf/nomad --prefix=/net/ipv6/neigh/nomad
4670 8202 /lib/udev/bridge-network-interface
4671 8204 /lib/open-iscsi/net-interface-handler start
4672 8206 /opt/cni/bin/host-local
4673 8207 /lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/veth325c9ba5 --prefix=/net/ipv4/neigh/veth325c9ba5 --prefix=/net/ipv6/conf/veth325c9ba5 --prefix=/net/ipv6/neigh/veth325c9ba5
4748 8213 /sbin/iptables --version
4749 8214 /sbin/iptables -t nat -S --wait
4751 8215 /sbin/iptables -t nat -N CNI-59efe19544405083450d448e --wait
4752 8216 /sbin/iptables -t nat -C CNI-59efe19544405083450d448e -d 172.26.64.213/20 -j ACCEPT -m comment --comment name: "nomad" id: "f253f813-0ac3-19b7-2d18-a9d72bf6e54d" --wait
4754 8217 /sbin/iptables -t nat -A CNI-59efe19544405083450d448e -d 172.26.64.213/20 -j ACCEPT -m comment --comment name: "nomad" id: "f253f813-0ac3-19b7-2d18-a9d72bf6e54d" --wait
4761 8220 /sbin/iptables -t nat -C CNI-59efe19544405083450d448e ! -d 224.0.0.0/4 -j MASQUERADE -m comment --comment name: "nomad" id: "f253f813-0ac3-19b7-2d18-a9d72bf6e54d" --wait
4763 8221 /sbin/iptables -t nat -A CNI-59efe19544405083450d448e ! -d 224.0.0.0/4 -j MASQUERADE -m comment --comment name: "nomad" id: "f253f813-0ac3-19b7-2d18-a9d72bf6e54d" --wait
4764 8222 /sbin/iptables -t nat -C POSTROUTING -s 172.26.64.213 -j CNI-59efe19544405083450d448e -m comment --comment name: "nomad" id: "f253f813-0ac3-19b7-2d18-a9d72bf6e54d" --wait
4765 8223 /sbin/iptables -t nat -A POSTROUTING -s 172.26.64.213 -j CNI-59efe19544405083450d448e -m comment --comment name: "nomad" id: "f253f813-0ac3-19b7-2d18-a9d72bf6e54d" --wait
4766 8224 /opt/cni/bin/firewall
4788 8229 /sbin/iptables --version
4789 8230 /sbin/ip6tables --version
4790 8231 /sbin/iptables -t filter -S --wait
4791 8232 /sbin/iptables -t filter -N CNI-FORWARD --wait
4792 8233 /sbin/iptables -t filter -S --wait
4792 8234 /sbin/iptables -t filter -C FORWARD -m comment --comment CNI firewall plugin rules -j CNI-FORWARD --wait
4793 8235 /sbin/iptables -t filter -I FORWARD 1 -m comment --comment CNI firewall plugin rules -j CNI-FORWARD --wait
4794 8236 /sbin/iptables -t filter -C CNI-FORWARD -m comment --comment CNI firewall plugin rules -j NOMAD-ADMIN --wait
4795 8237 /sbin/iptables -t filter -I CNI-FORWARD 1 -m comment --comment CNI firewall plugin rules -j NOMAD-ADMIN --wait
4796 8238 /sbin/iptables -t filter -C CNI-FORWARD -d 172.26.64.213/32 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT --wait
4797 8239 /sbin/iptables -t filter -A CNI-FORWARD -d 172.26.64.213/32 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT --wait
4798 8240 /sbin/iptables -t filter -C CNI-FORWARD -s 172.26.64.213/32 -j ACCEPT --wait
4799 8241 /sbin/iptables -t filter -A CNI-FORWARD -s 172.26.64.213/32 -j ACCEPT --wait
4800 8242 /opt/cni/bin/portmap
4817 8247 /sbin/iptables --version
4819 8248 /sbin/iptables -t nat -S --wait
4821 8249 /sbin/iptables -t nat -N CNI-HOSTPORT-SETMARK --wait
4822 8250 /sbin/iptables -t nat -C CNI-HOSTPORT-SETMARK -m comment --comment CNI portfwd masquerade mark -j MARK --set-xmark 0x2000/0x2000 --wait
4847 8253 /sbin/iptables -t nat -A CNI-HOSTPORT-SETMARK -m comment --comment CNI portfwd masquerade mark -j MARK --set-xmark 0x2000/0x2000 --wait
4849 8254 /sbin/iptables -t nat -S --wait
4850 8255 /sbin/iptables -t nat -N CNI-HOSTPORT-MASQ --wait
4851 8256 /sbin/iptables -t nat -C CNI-HOSTPORT-MASQ -m mark --mark 0x2000/0x2000 -j MASQUERADE --wait
4853 8257 /sbin/iptables -t nat -A CNI-HOSTPORT-MASQ -m mark --mark 0x2000/0x2000 -j MASQUERADE --wait
4855 8258 /sbin/iptables -t nat -C POSTROUTING -m comment --comment CNI portfwd requiring masquerade -j CNI-HOSTPORT-MASQ --wait
4856 8259 /sbin/iptables -t nat -I POSTROUTING 1 -m comment --comment CNI portfwd requiring masquerade -j CNI-HOSTPORT-MASQ --wait
4857 8260 /sbin/iptables -t nat -S --wait
4859 8261 /sbin/iptables -t nat -N CNI-HOSTPORT-DNAT --wait
4860 8262 /sbin/iptables -t nat -C PREROUTING -m addrtype --dst-type LOCAL -j CNI-HOSTPORT-DNAT --wait
4861 8263 /sbin/iptables -t nat -A PREROUTING -m addrtype --dst-type LOCAL -j CNI-HOSTPORT-DNAT --wait
4862 8264 /sbin/iptables -t nat -C OUTPUT -m addrtype --dst-type LOCAL -j CNI-HOSTPORT-DNAT --wait
4863 8265 /sbin/iptables -t nat -A OUTPUT -m addrtype --dst-type LOCAL -j CNI-HOSTPORT-DNAT --wait
4865 8266 /sbin/iptables -t nat -S --wait
4866 8267 /sbin/iptables -t nat -N CNI-DN-59efe19544405083450d4 --wait
4867 8268 /sbin/iptables -t nat -C CNI-DN-59efe19544405083450d4 -p tcp --dport 24681 -d 10.0.2.15 -s 172.26.64.213/20 -j CNI-HOSTPORT-SETMARK --wait
4869 8269 /sbin/iptables -t nat -A CNI-DN-59efe19544405083450d4 -p tcp --dport 24681 -d 10.0.2.15 -s 172.26.64.213/20 -j CNI-HOSTPORT-SETMARK --wait
4874 8272 /sbin/iptables -t nat -C CNI-DN-59efe19544405083450d4 -p tcp --dport 24681 -d 10.0.2.15 -s 127.0.0.1 -j CNI-HOSTPORT-SETMARK --wait
4875 8273 /sbin/iptables -t nat -A CNI-DN-59efe19544405083450d4 -p tcp --dport 24681 -d 10.0.2.15 -s 127.0.0.1 -j CNI-HOSTPORT-SETMARK --wait
4876 8274 /sbin/iptables -t nat -C CNI-DN-59efe19544405083450d4 -p tcp --dport 24681 -d 10.0.2.15 -j DNAT --to-destination 172.26.64.213:8001 --wait
4879 8275 /sbin/iptables -t nat -A CNI-DN-59efe19544405083450d4 -p tcp --dport 24681 -d 10.0.2.15 -j DNAT --to-destination 172.26.64.213:8001 --wait
4887 8278 /sbin/iptables -t nat -C CNI-DN-59efe19544405083450d4 -p udp --dport 24681 -d 10.0.2.15 -s 172.26.64.213/20 -j CNI-HOSTPORT-SETMARK --wait
4888 8279 /sbin/iptables -t nat -A CNI-DN-59efe19544405083450d4 -p udp --dport 24681 -d 10.0.2.15 -s 172.26.64.213/20 -j CNI-HOSTPORT-SETMARK --wait
4890 8280 /sbin/iptables -t nat -C CNI-DN-59efe19544405083450d4 -p udp --dport 24681 -d 10.0.2.15 -s 127.0.0.1 -j CNI-HOSTPORT-SETMARK --wait
4891 8281 /sbin/iptables -t nat -A CNI-DN-59efe19544405083450d4 -p udp --dport 24681 -d 10.0.2.15 -s 127.0.0.1 -j CNI-HOSTPORT-SETMARK --wait
4892 8282 /sbin/iptables -t nat -C CNI-DN-59efe19544405083450d4 -p udp --dport 24681 -d 10.0.2.15 -j DNAT --to-destination 172.26.64.213:8001 --wait
4894 8283 /sbin/iptables -t nat -A CNI-DN-59efe19544405083450d4 -p udp --dport 24681 -d 10.0.2.15 -j DNAT --to-destination 172.26.64.213:8001 --wait
4895 8284 /sbin/iptables -t nat -C CNI-HOSTPORT-DNAT -m comment --comment dnat name: "nomad" id: "f253f813-0ac3-19b7-2d18-a9d72bf6e54d" -m multiport -p tcp --destination-ports 24681 -j
4908 8287 /sbin/iptables -t nat -A CNI-HOSTPORT-DNAT -m comment --comment dnat name: "nomad" id: "f253f813-0ac3-19b7-2d18-a9d72bf6e54d" -m multiport -p tcp --destination-ports 24681 -j
4909 8288 /sbin/iptables -t nat -C CNI-HOSTPORT-DNAT -m comment --comment dnat name: "nomad" id: "f253f813-0ac3-19b7-2d18-a9d72bf6e54d" -m multiport -p udp --destination-ports 24681 -j
4911 8289 /sbin/iptables -t nat -A CNI-HOSTPORT-DNAT -m comment --comment dnat name: "nomad" id: "f253f813-0ac3-19b7-2d18-a9d72bf6e54d" -m multiport -p udp --destination-ports 24681 -j
4920 8290 /opt/gopath/bin/nomad logmon
5038 8301 /usr/bin/containerd-shim-runc-v2 -namespace moby -address /run/containerd/containerd.sock -publish-binary /usr/bin/containerd -id 727dec0650ec19e92110a5bbf48f6544a7158691772325f10c5fabd99e708912 start
5041 8308 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 727dec0650ec19e92110a5bbf48f6544a7158691772325f10c5fabd99e708912 -address /run/containerd/containerd.sock
5047 8319 runc --root /var/run/docker/runtime-runc/moby --log /run/containerd/io.containerd.runtime.v2.task/moby/727dec0650ec19e92110a5bbf48f6544a7158691772325f10c5fabd99e708912/log.json --log-format json create --bundle /run/containerd/io.containerd.runtime.v2.task/moby/727dec0650ec19e92110a5bbf48f6544a7158691772325f10c5fabd99e708912 --pid-file /run/containerd/io.containerd.runtime.v2.task/moby/727dec0650ec19e92110a5bbf48f6544a7158691772325f10c5fabd99e708912/init.pid 727dec0650ec19e92110a5bbf48f6544a7158691772325f10c5fabd99e708912
5066 8326 runc init
5098 8326 runc init
5219 8355 runc --root /var/run/docker/runtime-runc/moby --log /run/containerd/io.containerd.runtime.v2.task/moby/727dec0650ec19e92110a5bbf48f6544a7158691772325f10c5fabd99e708912/log.json --log-format json start 727dec0650ec19e92110a5bbf48f6544a7158691772325f10c5fabd99e708912
5230 8333 httpd -v -f -p 8001 -h /var/www
5235 8362 /opt/gopath/bin/nomad docker_logger
$ sudo apt sudo bpftrace ./execsnoop.bt
Attaching 3 probes...
TIME(ms) PID ARGS
6316 7617 /opt/gopath/bin/nomad logmon
6519 7629 runc --version
6531 7635 docker-init --version
6536 7638 /lib/udev/bridge-network-interface
6536 7639 /lib/udev/bridge-network-interface
6538 7642 /bin/networkctl list --no-pager --no-legend
6539 7643 /lib/open-iscsi/net-interface-handler start
6539 7644 /lib/open-iscsi/net-interface-handler start
6540 7645 /lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/vetha85cd1e --prefix=/net/ipv4/neigh/vetha85cd1e --prefix=/net/ipv6/conf/vetha85cd1e --prefix=/net/ipv6/neigh/vetha85cd1e
6542 7646 /lib/systemd/systemd-sysctl --prefix=/net/ipv4/conf/veth0366ea4 --prefix=/net/ipv4/neigh/veth0366ea4 --prefix=/net/ipv6/conf/veth0366ea4 --prefix=/net/ipv6/neigh/veth0366ea4
6567 7648 /usr/bin/containerd-shim-runc-v2 -namespace moby -address /run/containerd/containerd.sock -publish-binary /usr/bin/containerd -id 3b25905990380cd9adea4d9aa958d415a13477bea19b4eeab9ce9a90c893a66e start
6574 7656 /usr/bin/containerd-shim-runc-v2 -namespace moby -id 3b25905990380cd9adea4d9aa958d415a13477bea19b4eeab9ce9a90c893a66e -address /run/containerd/containerd.sock
6578 7667 runc --root /var/run/docker/runtime-runc/moby --log /run/containerd/io.containerd.runtime.v2.task/moby/3b25905990380cd9adea4d9aa958d415a13477bea19b4eeab9ce9a90c893a66e/log.json --log-format json create --bundle /run/containerd/io.containerd.runtime.v2.task/moby/3b25905990380cd9adea4d9aa958d415a13477bea19b4eeab9ce9a90c893a66e --pid-file /run/containerd/io.containerd.runtime.v2.task/moby/3b25905990380cd9adea4d9aa958d415a13477bea19b4eeab9ce9a90c893a66e/init.pid 3b25905990380cd9adea4d9aa958d415a13477bea19b4eeab9ce9a90c893a66e
6594 7674 runc init
6618 7674 runc init
6636 7699 libnetwork-setkey -exec-root=/var/run/docker 3b25905990380cd9adea4d9aa958d415a13477bea19b4eeab9ce9a90c893a66e f32609d9d238
6707 7709 set-ipv6 /var/run/docker/netns/1c1839f5e182 all false
6780 7722 /lib/open-iscsi/net-interface-handler stop
6908 7728 runc --root /var/run/docker/runtime-runc/moby --log /run/containerd/io.containerd.runtime.v2.task/moby/3b25905990380cd9adea4d9aa958d415a13477bea19b4eeab9ce9a90c893a66e/log.json --log-format json start 3b25905990380cd9adea4d9aa958d415a13477bea19b4eeab9ce9a90c893a66e
6918 7682 httpd -v -f -p 8001 -h /var/www
6943 7737 /opt/gopath/bin/nomad docker_logger
#!/usr/bin/env bpftrace
/*
* execsnoop.bt Trace new processes via exec() syscalls.
* For Linux, uses bpftrace and eBPF.
*
* This traces when processes call exec(). It is handy for identifying new
* processes created via the usual fork()->exec() sequence. Note that the
* return value is not currently traced, so the exec() may have failed.
*
* TODO: switch to tracepoints args. Support more args. Include retval.
*
* This is a bpftrace version of the bcc tool of the same name.
*
* 15-Nov-2017 Brendan Gregg Created this.
* 11-Sep-2018 " " Switched to use join().
*/
BEGIN
{
printf("%-10s %-5s %s\n", "TIME(ms)", "PID", "ARGS");
}
tracepoint:syscalls:sys_enter_exec*
{
printf("%-10u %-5d ", elapsed / 1e6, pid);
join(args->argv);
}
#!/usr/bin/env bash
# for installing bpftrace into our default Vagrant box
docker pull quay.io/iovisor/bpftrace:master-vanilla_llvm_clang_glibc2.23
docker run -v \
$(pwd):/output quay.io/iovisor/bpftrace:master-vanilla_llvm_clang_glibc2.23 \
/bin/bash -c "cp /usr/bin/bpftrace /output"
sudo apt install linux-headers-$(uname -r)
sudo mv bpftrace /usr/local/bin/
bpftrace -V
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment