aquasecurity · geyslan · Sep 13, 2024 · Sep 13, 2024
diff --git a/docs/docs/install/config/index.md b/docs/docs/install/config/index.md
@@ -16,9 +16,6 @@ proctree:
     cache:
         process: 8192
         thread: 4096
-    cache-ttl:
-        process: 60
-        thread: 60
 
 capabilities:
     bypass: false

diff --git a/docs/docs/policies/usage/cli.md b/docs/docs/policies/usage/cli.md
@@ -67,9 +67,6 @@ proctree:
     cache:
         process: 8192
         thread: 8192
-    cache-ttl:
-        process: 120
-        thread: 120
 # cri:
 #     - runtime:
 #         name: docker

diff --git a/examples/config/global_config.yaml b/examples/config/global_config.yaml
@@ -8,9 +8,6 @@ proctree:
     # cache:
     #     process: 8192
     #     thread: 4096
-    # cache-ttl:
-    #     process: 120
-    #     thread: 120
 
 capabilities:
     bypass: false

diff --git a/pkg/cmd/cobra/config.go b/pkg/cmd/cobra/config.go
@@ -173,21 +173,15 @@ func (c *RegoConfig) flags() []string {
 //
 
 type ProcTreeConfig struct {
-	Source   string                 `mapstructure:"source"`
-	Cache    ProcTreeCacheConfig    `mapstructure:"cache"`
-	CacheTTL ProcTreeCacheTTLConfig `mapstructure:"cache-ttl"`
+	Source string              `mapstructure:"source"`
+	Cache  ProcTreeCacheConfig `mapstructure:"cache"`
 }
 
 type ProcTreeCacheConfig struct {
 	Process int `mapstructure:"process"`
 	Thread  int `mapstructure:"thread"`
 }
 
-type ProcTreeCacheTTLConfig struct {
-	Process int `mapstructure:"process"`
-	Thread  int `mapstructure:"thread"`
-}
-
 func (c *ProcTreeConfig) flags() []string {
 	flags := make([]string, 0)
 
@@ -204,12 +198,6 @@ func (c *ProcTreeConfig) flags() []string {
 	if c.Cache.Thread != 0 {
 		flags = append(flags, fmt.Sprintf("thread-cache=%d", c.Cache.Thread))
 	}
-	if c.CacheTTL.Process != 0 {
-		flags = append(flags, fmt.Sprintf("process-cache-ttl=%d", c.CacheTTL.Process))
-	}
-	if c.CacheTTL.Thread != 0 {
-		flags = append(flags, fmt.Sprintf("thread-cache-ttl=%d", c.CacheTTL.Thread))
-	}
 
 	return flags
 }

diff --git a/pkg/cmd/cobra/config_test.go b/pkg/cmd/cobra/config_test.go
@@ -97,17 +97,12 @@ proctree:
     cache:
         process: 8192
         thread: 4096
-    cache-ttl:
-        process: 5
-        thread: 10
 `,
 			key: "proctree",
 			expectedFlags: []string{
 				"source=events",
 				"process-cache=8192",
 				"thread-cache=4096",
-				"process-cache-ttl=5",
-				"thread-cache-ttl=10",
 			},
 		},
 		{
@@ -596,20 +591,6 @@ func TestProcTreeConfigFlags(t *testing.T) {
 				"thread-cache=4096",
 			},
 		},
-		{
-			name: "process cache ttl set",
-			config: ProcTreeConfig{
-				Source: "",
-				CacheTTL: ProcTreeCacheTTLConfig{
-					Process: 5,
-					Thread:  10,
-				},
-			},
-			expected: []string{
-				"process-cache-ttl=5",
-				"thread-cache-ttl=10",
-			},
-		},
 		{
 			name: "all fields set",
 			config: ProcTreeConfig{

diff --git a/pkg/cmd/flags/proctree.go b/pkg/cmd/flags/proctree.go
@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
-	"time"
 
 	"github.com/aquasecurity/tracee/pkg/logger"
 	"github.com/aquasecurity/tracee/pkg/proctree"
@@ -21,8 +20,6 @@ Example:
       both         | process tree is built from both events and signals.
   --proctree process-cache=8192   | will cache up to 8192 processes in the tree (LRU cache).
   --proctree thread-cache=4096    | will cache up to 4096 threads in the tree (LRU cache).
-  --proctree process-cache-ttl=60 | will set the process cache element TTL to 60 seconds.
-  --proctree thread-cache-ttl=60  | will set the thread cache element TTL to 60 seconds.
   --proctree disable-procfs-query | Will disable procfs queries during runtime
 
 Use comma OR use the flag multiple times to choose multiple options:
@@ -38,8 +35,6 @@ func PrepareProcTree(cacheSlice []string) (proctree.ProcTreeConfig, error) {
 		Source:               proctree.SourceNone, // disabled by default
 		ProcessCacheSize:     proctree.DefaultProcessCacheSize,
 		ThreadCacheSize:      proctree.DefaultThreadCacheSize,
-		ProcessCacheTTL:      proctree.DefaultProcessCacheTTL,
-		ThreadCacheTTL:       proctree.DefaultThreadCacheTTL,
 		ProcfsInitialization: true,
 		ProcfsQuerying:       true,
 	}
@@ -98,24 +93,6 @@ func PrepareProcTree(cacheSlice []string) (proctree.ProcTreeConfig, error) {
 				cacheSet = true
 				continue
 			}
-			if strings.HasPrefix(value, "process-cache-ttl=") {
-				num := strings.TrimPrefix(value, "process-cache-ttl=")
-				ttl, err := strconv.Atoi(num)
-				if err != nil {
-					return config, err
-				}
-				config.ProcessCacheTTL = time.Duration(ttl) * time.Second
-				continue
-			}
-			if strings.HasPrefix(value, "thread-cache-ttl=") {
-				num := strings.TrimPrefix(value, "thread-cache-ttl=")
-				ttl, err := strconv.Atoi(num)
-				if err != nil {
-					return config, err
-				}
-				config.ThreadCacheTTL = time.Duration(ttl) * time.Second
-				continue
-			}
 			if strings.HasPrefix(value, "disable-procfs-query") {
 				config.ProcfsQuerying = false
 				continue

diff --git a/pkg/proctree/proctree.go b/pkg/proctree/proctree.go
@@ -5,8 +5,9 @@ import (
 	"sync"
 	"time"
 
-	"github.com/hashicorp/golang-lru/v2/expirable"
+	lru "github.com/hashicorp/golang-lru/v2"
 
+	"github.com/aquasecurity/tracee/pkg/errfmt"
 	"github.com/aquasecurity/tracee/pkg/logger"
 	traceetime "github.com/aquasecurity/tracee/pkg/time"
 )
@@ -68,19 +69,17 @@ type ProcTreeConfig struct {
 	Source               SourceType
 	ProcessCacheSize     int
 	ThreadCacheSize      int
-	ProcessCacheTTL      time.Duration
-	ThreadCacheTTL       time.Duration
 	ProcfsInitialization bool // Determine whether to scan procfs data for process tree initialization
 	ProcfsQuerying       bool // Determine whether to query procfs for missing information during runtime
 }
 
 // ProcessTree is a tree of processes and threads.
 type ProcessTree struct {
-	processes      *expirable.LRU[uint32, *Process] // hash -> process
-	threads        *expirable.LRU[uint32, *Thread]  // hash -> threads
-	procfsChan     chan int                         // channel of pids to read from procfs
-	procfsOnce     *sync.Once                       // busy loop debug message throttling
-	ctx            context.Context                  // context for the process tree
+	processes      *lru.Cache[uint32, *Process] // hash -> process
+	threads        *lru.Cache[uint32, *Thread]  // hash -> threads
+	procfsChan     chan int                     // channel of pids to read from procfs
+	procfsOnce     *sync.Once                   // busy loop debug message throttling
+	ctx            context.Context              // context for the process tree
 	procfsQuery    bool
 	timeNormalizer traceetime.TimeNormalizer
 }
@@ -91,22 +90,26 @@ func NewProcessTree(ctx context.Context, config ProcTreeConfig, timeNormalizer t
 	thrEvicted := 0
 
 	// Create caches for processes.
-	processes := expirable.NewLRU[uint32, *Process](
+	processes, err := lru.NewWithEvict[uint32, *Process](
 		config.ProcessCacheSize,
-		func(k uint32, v *Process) {
+		func(uint32, *Process) {
 			procEvited++
 		},
-		config.ProcessCacheTTL,
 	)
+	if err != nil {
+		return nil, errfmt.WrapError(err)
+	}
 
 	// Create caches for threads.
-	threads := expirable.NewLRU[uint32, *Thread](
+	threads, err := lru.NewWithEvict[uint32, *Thread](
 		config.ThreadCacheSize,
-		func(k uint32, v *Thread) {
+		func(uint32, *Thread) {
 			thrEvicted++
 		},
-		config.ThreadCacheTTL,
 	)
+	if err != nil {
+		return nil, errfmt.WrapError(err)
+	}
 
 	// Report cache stats if debug is enabled.
 	go func() {