Is there an existing issue for this?

• I have searched the existing issues

Is your feature request related to a problem?

When kubernetest pod is given exec probe healthcheck, e.g.

readinessProbe:
  exec:
    command:
    - /health/ping_readiness_local.sh
    - "1"

taken from bitnami redis chart

after linux execs this command, a real execve contains script name in arguments list because linux appends it there, so tetragon seens every command inside a script as follows:

"parent": {
    "binary": "/health/ping_readiness_local.sh",
    "arguments": "/health/ping_readiness_local.sh 1",

therefore,

exportDenyList: |-
  {"health_check":true}

does not filter such events.

Describe the feature you would like

Filter bash healthchecks.

Describe your proposed solution

Add ability to filter bash healchecks because almost all k8s healthchecks are done with sh scripts. It's complicated by the fact that many public charts have sh -c script.sh so tetragon will not even see a probe as a parent, but that's a feasible tradeoff.

Code of Conduct

• I agree to follow this project's Code of Conduct