Prisma Cloud Host Protection unable to handle Processes originated from Systemd services defined with 'PrivateTmp=true'

• As an example, running the following command on an Apache HTTP Server confirms that the Apache service is running with 'PrivateTmp=true' in its unit file.

sudo systemctl cat httpd

• As a result, Processes originated from this service go undetected and hence not alerted by Prisma Cloud Host Protection Mechanism.

• Prisma Cloud

• Systemd services defined with `PrivateTmp=true' spawn processes in a separate (not host) mount namespace.
• If true, it sets up a new file system namespace for the executed processes and mounts private /tmp/ and /var/tmp/ directories inside it that are not shared by processes outside of the namespace.
• This is useful to secure access to temporary files of the process, but makes sharing between processes via /tmp/ or /var/tmp/ impossible. 
• More information on this can be found here: PrivateTmp=
• Currently, Prisma Cloud Host Protection does not support Processes originated from Systemd services defined with 'PrivateTmp=true'.

• An open feature improvement to support this has already been raised on priority with no ETA at this time.
• Meanwhile, changing the default settings of Systemd services or making 'PrivateTmp=false' for Prisma Cloud Host Protection to detect and alert on such processes is neither advised nor recommended for security reasons.