When running with cgroups enabled, the rogue process detector should check if a process exists in any of user cgroup containers before marking such process rogue. Users may deploy an AP which can spawn child processes detached from a parent. Currently such child processes are considered rogue. The rogue detector checks the parent tree and a process which is not rooted at agent is marked as rogue.
When cgroups are disabled, current code should not change as there are no containers to check. The only approach is to check parent tree.