[CWS] Don't skip remaining rule actions on kill error (#46011)

YoannGh · web-flow · commit f6167c2fd9a3 · 2026-02-09T09:53:44.000Z
### What does this PR do?

Don't skip remaining rule actions on errors in kill or network_filter actions 

### Motivation

### Describe how you validated your changes

### Additional Notes


Co-authored-by: yoann.ghigoff &lt;yoann.ghigoff@datadoghq.com&gt;
diff --git a/pkg/security/probe/probe_ebpf.go b/pkg/security/probe/probe_ebpf.go
@@ -3399,7 +3399,7 @@ func (p *EBPFProbe) HandleActions(ctx *eval.Context, rule *rules.Rule) {
 		case action.Def.Kill != nil:
 			// do not handle kill action on event with error
 			if ev.Error != nil {
-				return
+				continue
 			}
 
 			tryToKill, report := p.processKiller.KillAndReport(action.Def.Kill, rule, ev)
@@ -3425,7 +3425,7 @@ func (p *EBPFProbe) HandleActions(ctx *eval.Context, rule *rules.Rule) {
 			}
 		case action.Def.NetworkFilter != nil:
 			if !p.config.RuntimeSecurity.EnforcementEnabled {
-				return
+				continue
 			}
 
 			var policy rawpacket.Policy
diff --git a/pkg/security/probe/probe_ebpfless.go b/pkg/security/probe/probe_ebpfless.go
@@ -660,7 +660,7 @@ func (p *EBPFLessProbe) HandleActions(ctx *eval.Context, rule *rules.Rule) {
 		case action.Def.Kill != nil:
 			// do not handle kill action on event with error
 			if ev.Error != nil {
-				return
+				continue
 			}
 			tryToKill, _ := p.processKiller.KillAndReport(action.Def.Kill, rule, ev)
 			if tryToKill {

Original file line number	Diff line number	Diff line change
`@@ -3399,7 +3399,7 @@ func (p EBPFProbe) HandleActions(ctx eval.Context, rule *rules.Rule) {`
`3399`	`3399`	`case action.Def.Kill != nil:`
`3400`	`3400`	`// do not handle kill action on event with error`
`3401`	`3401`	`if ev.Error != nil {`
`3402`		`- return`
	`3402`	`+ continue`
`3403`	`3403`	`}`
`3404`	`3404`
`3405`	`3405`	`tryToKill, report := p.processKiller.KillAndReport(action.Def.Kill, rule, ev)`
`@@ -3425,7 +3425,7 @@ func (p EBPFProbe) HandleActions(ctx eval.Context, rule *rules.Rule) {`
`3425`	`3425`	`}`
`3426`	`3426`	`case action.Def.NetworkFilter != nil:`
`3427`	`3427`	`if !p.config.RuntimeSecurity.EnforcementEnabled {`
`3428`		`- return`
	`3428`	`+ continue`
`3429`	`3429`	`}`
`3430`	`3430`
`3431`	`3431`	`var policy rawpacket.Policy`
Original file line number	Diff line number	Diff line change
`@@ -660,7 +660,7 @@ func (p EBPFLessProbe) HandleActions(ctx eval.Context, rule *rules.Rule) {`
`660`	`660`	`case action.Def.Kill != nil:`
`661`	`661`	`// do not handle kill action on event with error`
`662`	`662`	`if ev.Error != nil {`
`663`		`- return`
	`663`	`+ continue`
`664`	`664`	`}`
`665`	`665`	`tryToKill, _ := p.processKiller.KillAndReport(action.Def.Kill, rule, ev)`
`666`	`666`	`if tryToKill {`