From 13ed53e25c07fab380952c6696ea6cf5036cc4b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADctor?= <mrvikxd@gmail.com>
Date: Mon, 18 Apr 2022 16:20:42 +0200
Subject: [PATCH] proc: detect kubernetes runtime by mounts (#2054)

Fix #1936
Kubernetes was not being detected by files not by /proc/?/cgroup
contents. Now it detects the kubernetes runtime if any of those
conditions are met:

* /var/run/secrets/kubernetes.io/serviceaccount exists
* /proc/mounts has the mount for "/" with fs type "overlay"
---
 pkg/util/proc/proc.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pkg/util/proc/proc.go b/pkg/util/proc/proc.go
index e4b5881dd..0f21e522e 100644
--- a/pkg/util/proc/proc.go
+++ b/pkg/util/proc/proc.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
+	"regexp"
 	"strings"
 )
 
@@ -140,6 +141,13 @@ func GetContainerRuntime(tgid, pid int) ContainerRuntime {
 		return runtime
 	}
 
+	// Docker was not detected at this point.
+	// An overlay mount on "/" may indicate we're under containerd or other runtime.
+	a = readFileString("/proc/mounts")
+	if m, _ := regexp.MatchString("^[^ ]+ / overlay", a); m {
+		return RuntimeKubernetes
+	}
+
 	return RuntimeNotFound
 }
 
@@ -154,6 +162,8 @@ func detectContainerFiles() ContainerRuntime {
 		{RuntimePodman, "/run/.containerenv"},
 		// https://github.com/moby/moby/issues/18355
 		{RuntimeDocker, "/.dockerenv"},
+		// Detect the presence of a serviceaccount secret mounted in the default location
+		{RuntimeKubernetes, "/var/run/secrets/kubernetes.io/serviceaccount"},
 	}
 
 	for i := range files {