add username along with userid to telemetry

[soorya-knox]

Feature Request

Add username along with user ID (UID) in KubeArmor alerts and telemetry to improve readability and operator experience.

Short Description
Currently, KubeArmor alerts and telemetry only display the numeric UID for processes. While this is technically correct, it is not human-friendly and slows down triage. Security engineers, operators, and auditors must manually resolve UIDs (via /etc/passwd, container inspection, or host lookups) to identify the actual user context.

This becomes even harder in containerized environments across different runtimes (containerd, CRI-O, Podman), where it's difficult to map UIDs to usernames. Lack of username visibility reduces efficiency during incident response and weakens auditing workflows.

Describe the solution you'd like

• resolve username for hostlogs
• resolve username for containerlogs

Extend the telemetry schema to include a username field in addition to UID.

{
  "timestamp": 1743579248,
  "updatedTime": "2025-04-02T07:34:08.658306Z",
  "hostName": "rootxrishabh",
  "hostPPid": 35429,
  "hostPid": 209850,
  "ppid": 0,
  "pid": 209850,
  "uid": 1000,
  "parentProcessName": "/snap/code/187/usr/share/code/code",
  "processName": "/usr/bin/git",
  "atags": null,
  "type": "HostLog",
  "source": "/snap/code/187/usr/share/code/code",
  "operation": "Process",
  "resource": "/usr/bin/git -c core.quotepath=false -c color.ui=false blame --root --incremental -- KubeArmor/feeder/feeder.go",
  "cwd": "/home/rootxrishabh/accuknox/KubeArmor/",
  "oid": 0,
  "data": "syscall=SYS_EXECVE",
  "result": "Passed",
  "username": "rootxrishabh"
}

[rootxrishabh]

Cannot use OCI hooks approach as container filesystem information is not available on containerd hooks -

{
  "ociVersion": "1.2.0",
  "id": "2cbaf6f107f2eff76316230f16ae25f3f3499f22257a1f636d6acd167494ba65",
  "status": "creating",
  "pid": 3528724,
  "bundle": "/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io/2cbaf6f107f2eff76316230f16ae25f3f3499f22257a1f636d6acd167494ba65",
  "annotations": {
    "io.kubernetes.cri.container-name": "busybox",
    "io.kubernetes.cri.container-type": "container",
    "io.kubernetes.cri.image-name": "busybox",
    "io.kubernetes.cri.sandbox-id": "2f8835ed7b0580a573c0a67895a2cf429874aa912ff36565ef9cbe64b73b37ba",
    "io.kubernetes.cri.sandbox-name": "hook-demo",
    "io.kubernetes.cri.sandbox-namespace": "default",
    "io.kubernetes.cri.sandbox-uid": "fb3158ac-df5e-4530-9573-d49199c04538"
  }
}

Podman hooks output -

{
  "ociVersion": "1.0",
  "id": "65e93c11034bd9762eb986cca6012754939870b55a8f7de5a65eff1f4ffb6671",
  "pid": 3531208,
  "root": "/var/lib/containers/storage/overlay/840ec54c2eabf2c98cb8dfb13484f89ea37fcef814f9bf44a6eb70519180a093/merged",
  "bundle": "/var/lib/containers/storage/overlay-containers/65e93c11034bd9762eb986cca6012754939870b55a8f7de5a65eff1f4ffb6671/userdata",
  "status": "created",
  "annotations": {
    "io.container.manager": "libpod",
    "io.kubernetes.cri-o.Created": "2025-06-17T19:18:35.925198156Z",
    "io.kubernetes.cri-o.TTY": "true",
    "io.podman.annotations.autoremove": "TRUE",
    "io.podman.annotations.init": "FALSE",
    "io.podman.annotations.privileged": "FALSE",
    "io.podman.annotations.publish-all": "FALSE",
    "org.opencontainers.image.stopSignal": "15"
  }
}

The lack of the `root` variable in containerd hooks output makes this approach inviable.