From cfbeb8b000ba82c59565091be42badf8e6079355 Mon Sep 17 00:00:00 2001
From: Prateek Nandle <prateeknandle@gmail.com>
Date: Fri, 20 Oct 2023 20:59:34 +0530
Subject: [PATCH] deleting untraced file access entries in file_map

Signed-off-by: Prateek Nandle <prateeknandle@gmail.com>
---
 KubeArmor/BPF/system_monitor.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/KubeArmor/BPF/system_monitor.c b/KubeArmor/BPF/system_monitor.c
index ce9ab6e539..576953f3fd 100644
--- a/KubeArmor/BPF/system_monitor.c
+++ b/KubeArmor/BPF/system_monitor.c
@@ -1326,6 +1326,11 @@ int kprobe__do_exit(struct pt_regs *ctx)
     if (skip_syscall())
         return 0;
 
+    u64 tgid = bpf_get_current_pid_tgid();
+
+    // delete entry for file access which are not successful and are not deleted from file_map since kretprobe/__x64_sys_openat hook is not triggered
+    bpf_map_delete_elem(&file_map, &tgid);
+
     sys_context_t context = {};
 
     const long code = PT_REGS_PARM1(ctx);