From e7afabb2f52e0ab281a9a9c0d0d5d9d6cf0a5766 Mon Sep 17 00:00:00 2001
From: Hongliang Liu <75655411+hongliangl@users.noreply.github.com>
Date: Mon, 27 May 2024 21:34:17 +0800
Subject: [PATCH] Avoid generating defunct process when starting Suricata
 (#6366)

When antrea-agent starts Suricata instance with the following command:

```
suricata -c /etc/suricata/suricata.yaml --af-packet -D -l /var/log/antrea/networkpolicy/l7engine/
```

The method `Run()` of `exec.Cmd` should be used instead of `Start()`
to avoid generating a zombie process. The above command will exit after starting
the process of Suricata instance in the background, so using `Run()` ensures that
the command's resources are properly released and no defunct process remains.

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
---
 pkg/agent/controller/networkpolicy/l7engine/reconciler.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/agent/controller/networkpolicy/l7engine/reconciler.go b/pkg/agent/controller/networkpolicy/l7engine/reconciler.go
index 4d489199fdd..8f693782b7a 100644
--- a/pkg/agent/controller/networkpolicy/l7engine/reconciler.go
+++ b/pkg/agent/controller/networkpolicy/l7engine/reconciler.go
@@ -515,7 +515,7 @@ func startSuricata() {
 	}
 	// Start Suricata with default Suricata config file /etc/suricata/suricata.yaml.
 	cmd := exec.Command("suricata", "-c", defaultSuricataConfigPath, "--af-packet", "-D", "-l", antreaSuricataLogPath)
-	if err := cmd.Start(); err != nil {
+	if err := cmd.Run(); err != nil {
 		klog.ErrorS(err, "Failed to start Suricata instance")
 	}
 }