This might be due to Allow access to /proc/PID/exe by default · Issue #40713 · moby/moby · GitHub - attempting to ls the symlink even as root within the container gives me: ls: cannot read symbolic link ‘/proc/<pid>/exe’: Permission denied
Adding the SYS_PTRACE capability to the container resolves this, but this may present security issues and probably requires additional seccomp config to secure, which I have no idea about.
Perhaps there’s an alternative method of process detection that the agent can fall back to if /proc/<pid>/exe doesn’t work?