From 9514906206851274173c1c50e018611a03cf28e6 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 24 Oct 2025 11:24:51 +0200 Subject: [PATCH 1/3] ROX-30630: run BPF bootstrap test in CI With this change, we will start running our integration tests on GCP hosted VMs, allowing us to have better visibility into what is the compatibility of our code with different kernel versions. This is achieved by running a small bootstrap unit test that load our code into the kernel, exercising the verifier on it. --- .github/workflows/ci.yml | 4 + .github/workflows/unit-tests.yml | 107 ++++++++++++++++++ ansible/group_vars/all.yml | 2 + .../group_vars/container_engine_podman.yml | 2 + ansible/group_vars/platform_rhcos.yml | 2 + ansible/group_vars/platform_rhcos_arm64.yml | 2 + ansible/roles/unit-tests/tasks/docker.yml | 63 +++++++++++ .../roles/unit-tests/tasks/dump-result.yml | 23 ++++ ansible/roles/unit-tests/tasks/main.yml | 8 ++ ansible/roles/unit-tests/tasks/podman.yml | 70 ++++++++++++ ansible/run-unit-tests.yml | 6 + 11 files changed, 289 insertions(+) create mode 100644 .github/workflows/unit-tests.yml create mode 100644 ansible/group_vars/all.yml create mode 100644 ansible/group_vars/container_engine_podman.yml create mode 100644 ansible/group_vars/platform_rhcos.yml create mode 100644 ansible/group_vars/platform_rhcos_arm64.yml create mode 100644 ansible/roles/unit-tests/tasks/docker.yml create mode 100644 ansible/roles/unit-tests/tasks/dump-result.yml create mode 100644 ansible/roles/unit-tests/tasks/main.yml create mode 100644 ansible/roles/unit-tests/tasks/podman.yml create mode 100644 ansible/run-unit-tests.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c3f87b81..09326a1b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -150,6 +150,10 @@ jobs: base-image: ${{ needs.vars.outputs.image-name }} archs: ${{ env.ARCHS }} + unit-tests: + uses: ./.github/workflows/unit-tests.yml + secrets: inherit + integration-tests: needs: - vars diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml new file mode 100644 index 00000000..2df2428c --- /dev/null +++ b/.github/workflows/unit-tests.yml @@ -0,0 +1,107 @@ +name: Run unit tests +on: + workflow_call: + inputs: + version: + description: The version of fact to be tested (commit SHA or tag) + default: ${{ github.head_ref || github.ref_name }} + type: string + job-tag: + description: Additional tag to prevent collision on GCP VM naming + type: string + default: '-ut' + +jobs: + unit-tests: + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + matrix: + vm: + - rhel + - rhel-arm64 + - rhcos + + steps: + - uses: actions/checkout@v4 + with: + path: fact + - uses: actions/checkout@v4 + with: + repository: stackrox/collector + path: collector + ref: master + - uses: actions/setup-python@v5 + with: + python-version: "3.10" + + - name: Authenticate with GCP + uses: 'google-github-actions/auth@v2' + with: + credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_COLLECTOR_CI_VM_SVC_ACCT }}' + + - name: Setup GCP + uses: 'google-github-actions/setup-gcloud@v2' + + - uses: ./collector/.github/actions/setup-vm-creds + with: + gcp-ssh-key: ${{ secrets.GCP_SSH_KEY }} + gcp-ssh-key-pub: ${{ secrets.GCP_SSH_KEY_PUB }} + s390x-ssh-key: ${{ secrets.IBM_CLOUD_S390X_SSH_PRIVATE_KEY }} + ppc64le-ssh-key: ${{ secrets.IBM_CLOUD_POWER_SSH_PRIVATE_KEY }} + ppc64le-ssh-key-pub: ${{ secrets.IBM_CLOUD_POWER_SSH_PUBLIC_KEY }} + s390x-key: ${{ secrets.IBM_CLOUD_S390x_API_KEY }} + ppc64le-key: ${{ secrets.IBM_CLOUD_POWER_API_KEY }} + redhat-username: ${{ secrets.REDHAT_USERNAME }} + redhat-password: ${{ secrets.REDHAT_PASSWORD }} + vm-type: ${{ matrix.vm }} + job-tag: ${{ inputs.job-tag }} + workspace: ${{ github.workspace }}/collector + + - name: Create vars.yml + run: | + cat << EOF > vars.yml + --- + job_id: ${JOB_ID} + fact: + version: ${{ inputs.version }} + workdir: ${{ github.workspace }} + excluded_vms: + # RHEL 8 doesn't handle file creation properly, + # need more investigation + - rhel-8 + - rhcos-412-86-202402272018-0-gcp-x86-64 + # BPF trampolines are only implemented starting with RHEL 10 + - rhel-9-arm64 + EOF + + - name: Create Test VMs + env: + ANSIBLE_CONFIG: "${{ github.workspace }}/collector/ansible/ansible.cfg" + run: | + ansible-playbook \ + -i "${GITHUB_WORKSPACE}/collector/ansible/ci" \ + -e @vars.yml \ + --tags setup,provision \ + "${GITHUB_WORKSPACE}/collector/ansible/integration-tests.yml" + + - name: Run the tests + run: | + ansible-playbook \ + -i "${GITHUB_WORKSPACE}/collector/ansible/ci" \ + -e @vars.yml \ + "${GITHUB_WORKSPACE}/fact/ansible/run-unit-tests.yml" + + - name: Teardown VMs + if: always() + run: | + make -C "./collector/ansible" destroy-vms + + - name: Store artifacts + if: always() + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.vm }}-unit-test-logs + path: | + ${{ github.workspace }}/unit-test-*.log + if-no-files-found: ignore diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml new file mode 100644 index 00000000..cfc86685 --- /dev/null +++ b/ansible/group_vars/all.yml @@ -0,0 +1,2 @@ +--- +runtime_command: docker diff --git a/ansible/group_vars/container_engine_podman.yml b/ansible/group_vars/container_engine_podman.yml new file mode 100644 index 00000000..44bb1fd5 --- /dev/null +++ b/ansible/group_vars/container_engine_podman.yml @@ -0,0 +1,2 @@ +--- +runtime_command: podman diff --git a/ansible/group_vars/platform_rhcos.yml b/ansible/group_vars/platform_rhcos.yml new file mode 100644 index 00000000..792d9227 --- /dev/null +++ b/ansible/group_vars/platform_rhcos.yml @@ -0,0 +1,2 @@ +--- +ansible_user: core diff --git a/ansible/group_vars/platform_rhcos_arm64.yml b/ansible/group_vars/platform_rhcos_arm64.yml new file mode 100644 index 00000000..792d9227 --- /dev/null +++ b/ansible/group_vars/platform_rhcos_arm64.yml @@ -0,0 +1,2 @@ +--- +ansible_user: core diff --git a/ansible/roles/unit-tests/tasks/docker.yml b/ansible/roles/unit-tests/tasks/docker.yml new file mode 100644 index 00000000..9729c66d --- /dev/null +++ b/ansible/roles/unit-tests/tasks/docker.yml @@ -0,0 +1,63 @@ +--- +- name: Start test-runner + community.docker.docker_container: + name: test-runner + image: quay.io/centos/centos:stream9 + interactive: true + cgroupns_mode: host + pid_mode: host + privileged: true + register: + test_result + +- name: Install dependencies + community.docker.docker_container_exec: + container: test-runner + command: > + dnf install --enablerepo=crb -y + clang-19.1.7 + libbpf-devel + protobuf-compiler + protobuf-devel + git + +- name: Download rustup + community.docker.docker_container_exec: + container: test-runner + command: curl --tlsv1.2 -sSf https://sh.rustup.rs -o rustup.sh + +- name: Make rustup executable + community.docker.docker_container_exec: + container: test-runner + command: chmod +x rustup.sh + +- name: Install rust toolchain + community.docker.docker_container_exec: + container: test-runner + command: ./rustup.sh -y --default-toolchain 1.84 --profile minimal + +- name: Clone fact repo + community.docker.docker_container_exec: + container: test-runner + command: > + git clone -b "{{ fact.version }}" + --recurse-submodules + https://github.com/stackrox/fact + register: clone_res + +- name: Run unit tests + block: + - name: Run unit tests + community.docker.docker_container_exec: + container: test-runner + env: + PATH: /root/.cargo/bin:${PATH} + FACT_LOGLEVEL: debug + chdir: /fact + command: cargo test --all-features + register: test_result + + always: + - name: Dump logs + ansible.builtin.include_tasks: + file: dump-result.yml diff --git a/ansible/roles/unit-tests/tasks/dump-result.yml b/ansible/roles/unit-tests/tasks/dump-result.yml new file mode 100644 index 00000000..722ca451 --- /dev/null +++ b/ansible/roles/unit-tests/tasks/dump-result.yml @@ -0,0 +1,23 @@ +--- +- name: stderr dump + ansible.builtin.debug: + var: test_result.stderr_lines + when: test_result.rc != 0 + +- name: Test result + ansible.builtin.debug: + var: test_result.stdout_lines + when: test_result.rc != 0 + +- name: Write stdout to log + copy: + content: "{{ test_result.stdout }}" + dest: "unit-test-{{ vm_config }}-stdout.log" + delegate_to: localhost + +- name: Write stderr to log + copy: + content: "{{ test_result.stderr }}" + dest: "unit-test-{{ vm_config }}-stderr.log" + delegate_to: localhost + diff --git a/ansible/roles/unit-tests/tasks/main.yml b/ansible/roles/unit-tests/tasks/main.yml new file mode 100644 index 00000000..bd683019 --- /dev/null +++ b/ansible/roles/unit-tests/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Run unit tests with docker + include_tasks: docker.yml + when: runtime_command == 'docker' + +- name: Run unit tests with podman + include_tasks: podman.yml + when: runtime_command == 'podman' diff --git a/ansible/roles/unit-tests/tasks/podman.yml b/ansible/roles/unit-tests/tasks/podman.yml new file mode 100644 index 00000000..4da54a0c --- /dev/null +++ b/ansible/roles/unit-tests/tasks/podman.yml @@ -0,0 +1,70 @@ +--- +- name: Start test-runner + become: true + containers.podman.podman_container: + name: test-runner + image: quay.io/centos/centos:stream9 + interactive: true + cgroupns: host + pid_mode: host + privileged: true + register: + test_result + +- name: Install dependencies + become: true + containers.podman.podman_container_exec: + name: test-runner + command: > + dnf install --enablerepo=crb -y + clang-19.1.7 + libbpf-devel + protobuf-compiler + protobuf-devel + git + +- name: Download rustup + become: true + containers.podman.podman_container_exec: + name: test-runner + command: curl --tlsv1.2 -sSf https://sh.rustup.rs -o rustup.sh + +- name: Make rustup executable + become: true + containers.podman.podman_container_exec: + name: test-runner + command: chmod +x rustup.sh + +- name: Install rust toolchain + become: true + containers.podman.podman_container_exec: + name: test-runner + command: ./rustup.sh -y --default-toolchain 1.84 --profile minimal + +- name: Clone fact repo + become: true + containers.podman.podman_container_exec: + name: test-runner + command: > + git clone -b "{{ fact.version }}" + --recurse-submodules + https://github.com/stackrox/fact + register: clone_res + +- name: Run unit tests + become: true + block: + - name: Run unit tests + containers.podman.podman_container_exec: + name: test-runner + env: + PATH: /root/.cargo/bin:${PATH} + FACT_LOGLEVEL: debug + workdir: /fact + command: cargo test --all-features + register: test_result + + always: + - name: Dump logs + ansible.builtin.include_tasks: + file: dump-result.yml diff --git a/ansible/run-unit-tests.yml b/ansible/run-unit-tests.yml new file mode 100644 index 00000000..ecbbc1a8 --- /dev/null +++ b/ansible/run-unit-tests.yml @@ -0,0 +1,6 @@ +--- +- name: Run unit tests + hosts: "platform_*:&job_id_{{ job_id }}" + + roles: + - unit-tests From 2c6ec8fa9364b0f73e6575278840cb6d4a6f477d Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 31 Oct 2025 12:17:48 +0100 Subject: [PATCH 2/3] Reduce duplication by building image on remote --- Containerfile | 4 +- ansible/roles/unit-tests/tasks/docker.yml | 45 ++++---------------- ansible/roles/unit-tests/tasks/main.yml | 11 ++++- ansible/roles/unit-tests/tasks/podman.yml | 52 ++++------------------- 4 files changed, 29 insertions(+), 83 deletions(-) diff --git a/Containerfile b/Containerfile index 63c471f6..bcb784d2 100644 --- a/Containerfile +++ b/Containerfile @@ -14,6 +14,8 @@ WORKDIR /app COPY . . +FROM builder as build + ARG FACT_VERSION RUN --mount=type=cache,target=/root/.cargo/registry \ --mount=type=cache,target=/app/target \ @@ -22,6 +24,6 @@ RUN --mount=type=cache,target=/root/.cargo/registry \ FROM registry.access.redhat.com/ubi9/ubi-micro:latest -COPY --from=builder /app/fact /usr/local/bin +COPY --from=build /app/fact /usr/local/bin ENTRYPOINT ["fact"] diff --git a/ansible/roles/unit-tests/tasks/docker.yml b/ansible/roles/unit-tests/tasks/docker.yml index 9729c66d..1c1a2754 100644 --- a/ansible/roles/unit-tests/tasks/docker.yml +++ b/ansible/roles/unit-tests/tasks/docker.yml @@ -1,8 +1,15 @@ --- +- name: Build test-runner image + community.docker.docker_image_build: + dockerfile: Containerfile + path: fact/ + name: test-runner + target: builder + - name: Start test-runner community.docker.docker_container: name: test-runner - image: quay.io/centos/centos:stream9 + image: test-runner:latest interactive: true cgroupns_mode: host pid_mode: host @@ -10,41 +17,6 @@ register: test_result -- name: Install dependencies - community.docker.docker_container_exec: - container: test-runner - command: > - dnf install --enablerepo=crb -y - clang-19.1.7 - libbpf-devel - protobuf-compiler - protobuf-devel - git - -- name: Download rustup - community.docker.docker_container_exec: - container: test-runner - command: curl --tlsv1.2 -sSf https://sh.rustup.rs -o rustup.sh - -- name: Make rustup executable - community.docker.docker_container_exec: - container: test-runner - command: chmod +x rustup.sh - -- name: Install rust toolchain - community.docker.docker_container_exec: - container: test-runner - command: ./rustup.sh -y --default-toolchain 1.84 --profile minimal - -- name: Clone fact repo - community.docker.docker_container_exec: - container: test-runner - command: > - git clone -b "{{ fact.version }}" - --recurse-submodules - https://github.com/stackrox/fact - register: clone_res - - name: Run unit tests block: - name: Run unit tests @@ -53,7 +25,6 @@ env: PATH: /root/.cargo/bin:${PATH} FACT_LOGLEVEL: debug - chdir: /fact command: cargo test --all-features register: test_result diff --git a/ansible/roles/unit-tests/tasks/main.yml b/ansible/roles/unit-tests/tasks/main.yml index bd683019..afa25272 100644 --- a/ansible/roles/unit-tests/tasks/main.yml +++ b/ansible/roles/unit-tests/tasks/main.yml @@ -1,8 +1,15 @@ --- +- name: Clone the repo + ansible.builtin.git: + repo: https://github.com/stackrox/fact + dest: ./fact + version: "{{ fact.version }}" + update: false + - name: Run unit tests with docker - include_tasks: docker.yml + ansible.builtin.include_tasks: docker.yml when: runtime_command == 'docker' - name: Run unit tests with podman - include_tasks: podman.yml + ansible.builtin.include_tasks: podman.yml when: runtime_command == 'podman' diff --git a/ansible/roles/unit-tests/tasks/podman.yml b/ansible/roles/unit-tests/tasks/podman.yml index 4da54a0c..4d0685e0 100644 --- a/ansible/roles/unit-tests/tasks/podman.yml +++ b/ansible/roles/unit-tests/tasks/podman.yml @@ -1,9 +1,17 @@ --- +- name: Build test-runner image + become: true + containers.podman.podman_image: + build: + target: builder + path: fact + name: test-runner + - name: Start test-runner become: true containers.podman.podman_container: name: test-runner - image: quay.io/centos/centos:stream9 + image: test-runner:latest interactive: true cgroupns: host pid_mode: host @@ -11,46 +19,6 @@ register: test_result -- name: Install dependencies - become: true - containers.podman.podman_container_exec: - name: test-runner - command: > - dnf install --enablerepo=crb -y - clang-19.1.7 - libbpf-devel - protobuf-compiler - protobuf-devel - git - -- name: Download rustup - become: true - containers.podman.podman_container_exec: - name: test-runner - command: curl --tlsv1.2 -sSf https://sh.rustup.rs -o rustup.sh - -- name: Make rustup executable - become: true - containers.podman.podman_container_exec: - name: test-runner - command: chmod +x rustup.sh - -- name: Install rust toolchain - become: true - containers.podman.podman_container_exec: - name: test-runner - command: ./rustup.sh -y --default-toolchain 1.84 --profile minimal - -- name: Clone fact repo - become: true - containers.podman.podman_container_exec: - name: test-runner - command: > - git clone -b "{{ fact.version }}" - --recurse-submodules - https://github.com/stackrox/fact - register: clone_res - - name: Run unit tests become: true block: @@ -58,9 +26,7 @@ containers.podman.podman_container_exec: name: test-runner env: - PATH: /root/.cargo/bin:${PATH} FACT_LOGLEVEL: debug - workdir: /fact command: cargo test --all-features register: test_result From 083b5773c855e3b6181b14b38549bcd55109a936 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Tue, 18 Nov 2025 13:03:40 +0100 Subject: [PATCH 3/3] Guard bpf_d_path behind a flag This is needed because some older versions of the kernel don't allow the bpf_d_path helper to be called from the path_unlink LSM hook. --- fact-ebpf/src/bpf/bound_path.h | 2 +- fact-ebpf/src/bpf/d_path.h | 9 ++++++++- fact-ebpf/src/bpf/events.h | 4 ++-- fact-ebpf/src/bpf/main.c | 4 ++-- fact-ebpf/src/bpf/process.h | 10 +++++----- 5 files changed, 18 insertions(+), 11 deletions(-) diff --git a/fact-ebpf/src/bpf/bound_path.h b/fact-ebpf/src/bpf/bound_path.h index 1a18c275..1c9430cf 100644 --- a/fact-ebpf/src/bpf/bound_path.h +++ b/fact-ebpf/src/bpf/bound_path.h @@ -28,7 +28,7 @@ __always_inline static struct bound_path_t* _path_read(struct path* path, bool u return NULL; } - bound_path->len = use_bpf_d_path ? bpf_d_path(path, bound_path->path, PATH_MAX) : d_path(path, bound_path->path, PATH_MAX); + bound_path->len = d_path(path, bound_path->path, PATH_MAX, use_bpf_d_path); if (bound_path->len <= 0) { return NULL; } diff --git a/fact-ebpf/src/bpf/d_path.h b/fact-ebpf/src/bpf/d_path.h index 53269a4c..b19e3989 100644 --- a/fact-ebpf/src/bpf/d_path.h +++ b/fact-ebpf/src/bpf/d_path.h @@ -14,7 +14,7 @@ * We should attempt to use bpf_d_path when possible, but you can't on * values that have been read using the bpf_probe_* helpers. */ -__always_inline static long d_path(const struct path* path, char* buf, int buflen) { +__always_inline static long __d_path(const struct path* path, char* buf, int buflen) { if (buflen <= 0) { return -1; } @@ -79,3 +79,10 @@ __always_inline static long d_path(const struct path* path, char* buf, int bufle bpf_probe_read_str(buf, buflen, &helper->buf[offset]); return buflen - offset; } + +__always_inline static long d_path(struct path* path, char* buf, int buflen, bool use_bpf_helper) { + if (use_bpf_helper) { + return bpf_d_path(path, buf, buflen); + } + return __d_path(path, buf, buflen); +} diff --git a/fact-ebpf/src/bpf/events.h b/fact-ebpf/src/bpf/events.h index a15c18fa..adadbd46 100644 --- a/fact-ebpf/src/bpf/events.h +++ b/fact-ebpf/src/bpf/events.h @@ -7,7 +7,7 @@ #include "types.h" #include "vmlinux.h" -__always_inline static void submit_event(struct metrics_by_hook_t* m, file_activity_type_t event_type, const char filename[PATH_MAX], struct dentry* dentry) { +__always_inline static void submit_event(struct metrics_by_hook_t* m, file_activity_type_t event_type, const char filename[PATH_MAX], struct dentry* dentry, bool use_bpf_d_path) { struct event_t* event = bpf_ringbuf_reserve(&rb, sizeof(struct event_t), 0); if (event == NULL) { m->ringbuffer_full++; @@ -28,7 +28,7 @@ __always_inline static void submit_event(struct metrics_by_hook_t* m, file_activ bpf_probe_read_str(event->host_file, PATH_MAX, p); } - int64_t err = process_fill(&event->process); + int64_t err = process_fill(&event->process, use_bpf_d_path); if (err) { bpf_printk("Failed to fill process information: %d", err); goto error; diff --git a/fact-ebpf/src/bpf/main.c b/fact-ebpf/src/bpf/main.c index 42533507..659814bf 100644 --- a/fact-ebpf/src/bpf/main.c +++ b/fact-ebpf/src/bpf/main.c @@ -49,7 +49,7 @@ int BPF_PROG(trace_file_open, struct file* file) { } struct dentry* d = BPF_CORE_READ(file, f_path.dentry); - submit_event(&m->file_open, event_type, path->path, d); + submit_event(&m->file_open, event_type, path->path, d, true); return 0; @@ -96,7 +96,7 @@ int BPF_PROG(trace_path_unlink, struct path* dir, struct dentry* dentry) { return 0; } - submit_event(&m->path_unlink, FILE_ACTIVITY_UNLINK, path->path, dentry); + submit_event(&m->path_unlink, FILE_ACTIVITY_UNLINK, path->path, dentry, path_unlink_supports_bpf_d_path); return 0; error: diff --git a/fact-ebpf/src/bpf/process.h b/fact-ebpf/src/bpf/process.h index 0ae87dea..910f4825 100644 --- a/fact-ebpf/src/bpf/process.h +++ b/fact-ebpf/src/bpf/process.h @@ -77,7 +77,7 @@ __always_inline static const char* get_memory_cgroup(struct helper_t* helper) { return helper->buf; } -__always_inline static void process_fill_lineage(process_t* p, struct helper_t* helper) { +__always_inline static void process_fill_lineage(process_t* p, struct helper_t* helper, bool use_bpf_d_path) { struct task_struct* task = (struct task_struct*)bpf_get_current_task_btf(); p->lineage_len = 0; @@ -91,7 +91,7 @@ __always_inline static void process_fill_lineage(process_t* p, struct helper_t* p->lineage[i].uid = task->cred->uid.val; - bpf_d_path(&task->mm->exe_file->f_path, p->lineage[i].exe_path, PATH_MAX); + d_path(&task->mm->exe_file->f_path, p->lineage[i].exe_path, PATH_MAX, use_bpf_d_path); p->lineage_len++; } } @@ -101,7 +101,7 @@ __always_inline static unsigned long get_mount_ns() { return task->nsproxy->mnt_ns->ns.inum; } -__always_inline static int64_t process_fill(process_t* p) { +__always_inline static int64_t process_fill(process_t* p, bool use_bpf_d_path) { struct task_struct* task = (struct task_struct*)bpf_get_current_task_btf(); uint32_t key = 0; uint64_t uid_gid = bpf_get_current_uid_gid(); @@ -131,7 +131,7 @@ __always_inline static int64_t process_fill(process_t* p) { return -1; } - bpf_d_path(&task->mm->exe_file->f_path, p->exe_path, PATH_MAX); + d_path(&task->mm->exe_file->f_path, p->exe_path, PATH_MAX, use_bpf_d_path); const char* cg = get_memory_cgroup(helper); if (cg != NULL) { @@ -140,7 +140,7 @@ __always_inline static int64_t process_fill(process_t* p) { p->in_root_mount_ns = get_mount_ns() == host_mount_ns; - process_fill_lineage(p, helper); + process_fill_lineage(p, helper, use_bpf_d_path); return 0; }