[Feature Request] differ activity in container from activity on host

[kuvaldini]

I noticed opensnitch does not differ if app is running on host or in container.
once /usr/bin/ping was allowed on host forever, it is allowed also for containerized ping.

filter was created by executable path, it is likely to add filter by cgroup. With ebpf that is definitely possible.

[kuvaldini]

there is also system rule

likely interception event already contains parameters about forwarded connection from containerized apps. Can we inspect info about container name, image, container-id, _{something else}? and add it to filter/rule screen.

once i finish current activity, will participate in dev

[gustavo-iniguez-goya]

For now we don't have this information, but it's definitely in the "roadmap". Regarding filtering by cgroup, it was requested here: #1116

What I planned was to refactorize the GUI, which is more or less done. Release the 1.9.x version, and then refactorize the DB to support more fields: cgroups, containers, bytes sent/received per connection/process, etc.

It'll be the version v2.0.0.

For now, in order to disinguish processes with the same path you can enable process checksums from the Preferences -> Nodes -> Rules -> [x] Enable checksums verification.
Also you can filter by source ip for example.