settings: Register only runc as traced container runtime process

Starting from now, registering containers is handled by the runc
wrapper and the role of the BPF runtime map becomes rather to find the
unwrapped runc processes and deny them.

Signed-off-by: Michal Rostecki <[email protected]>

Author: vadorovsky

src/settings.rs

@@ -1,19 +1,22 @@
+const TASK_COMM_LEN: usize = 16;
+
 #[derive(Debug, serde::Deserialize)]
 pub struct Settings {
     pub runtimes: Vec<String>,
 }
 
+fn trim_task_comm_len(mut s: std::string::String) -> std::string::String {
+    s.truncate(TASK_COMM_LEN - 1);
+    s
+}
+
 impl Settings {
     pub fn new() -> Result<Self, config::ConfigError> {
-	let mut s = config::Config::default();
+        let mut s = config::Config::default();
 
-	s.set("runtimes", vec![
-	    "conmon".to_string(),
-	    "containerd-shim".into()
-	])?;
+        s.set("runtimes", vec![trim_task_comm_len("runc".to_string())])?;
 
-	s.merge(config::File::with_name("/etc/enclave/enclave.toml").
-		required(false))?;
-	s.try_into()
+        s.merge(config::File::with_name("/etc/enclave/enclave.toml").required(false))?;
+        s.try_into()
     }
 }