This information is going to be useful for unique distinguising of containerized binaries. The path of the binary logged in events is relative to the root filesystem. By including an inode, we can retrieve a binary file of a containerized process from the host reliably.
For example, given the following event coming from container:
/bin/sh mentioned here refers to a path inside container's filesystem. It's not the same as /bin/sh on the host. However, if we ever want to access that binary from the host, we can search for it by the inode 5503693:
This information is going to be useful for unique distinguising of containerized binaries. The path of the binary logged in events is relative to the root filesystem. By including an inode, we can retrieve a binary file of a containerized process from the host reliably.
For example, given the following event coming from container:
/bin/sh
mentioned here refers to a path inside container's filesystem. It's not the same as/bin/sh
on the host. However, if we ever want to access that binary from the host, we can search for it by the inode5503693
: