security: track kubectl/docker exec session using pid_namespace field

Add a field to the pid_namespace to check if a process is linked to the
container creation or a dedicated session kubectl/docker exec (also
used for liveness probes).

TEST=Ran all internal testing.

Signed-off-by: Thomas Garnier <>
Change-Id: Id8ec642d42a382be586135c6344af200b68b6d5d
Commit-Queue: Vaibhav Rustagi <>
Reviewed-by: Peter Martincic <>
Reviewed-by: Vaibhav Rustagi <>
Tested-by: Vaibhav Rustagi <>
1 file changed