o7 classify landlock add-rule and restrict-self as fd

author: Paul Buetow <paul@buetow.org> 2026-05-21 18:02:16 +0300
committer: Paul Buetow <paul@buetow.org> 2026-05-21 18:02:16 +0300
commit: d29bdc79feb118dcbc27a4aa4a0bd14216b1664e (patch)
tree: af28c263a813a5114f06641a34a7ac8da3144ebe /internal/c/generated_tracepoints.c
parent: 1a0f4086b0dff03eebcc22f1b5522cc1a9c25643 (diff)
1 files changed, 8 insertions, 6 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c
index 06e486c..4a5bd60 100644
--- a/internal/c/generated_tracepoints.c
+++ b/internal/c/generated_tracepoints.c
@@ -2054,7 +2054,7 @@ int handle_sys_exit_landlock_create_ruleset(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_landlock_add_rule is a struct null_event (kind=null)
+/// sys_enter_landlock_add_rule is a struct fd_event (kind=fd)
 SEC("tracepoint/syscalls/sys_enter_landlock_add_rule")
 int handle_sys_enter_landlock_add_rule(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -2064,15 +2064,16 @@ int handle_sys_enter_landlock_add_rule(struct syscall_trace_enter *ctx) {
     if (!ior_on_syscall_enter(tid, SYS_ENTER_LANDLOCK_ADD_RULE))
         return 0;
 
-    struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+    struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0);
     if (!ev)
         return 0;
 
-    ev->event_type = ENTER_NULL_EVENT;
+    ev->event_type = ENTER_FD_EVENT;
     ev->trace_id = SYS_ENTER_LANDLOCK_ADD_RULE;
     ev->pid = pid;
     ev->tid = tid;
     ev->time = bpf_ktime_get_boot_ns();
+    ev->fd = (__s32)ctx->args[0];
 
     bpf_ringbuf_submit(ev, 0);
     return 0;
@@ -2104,7 +2105,7 @@ int handle_sys_exit_landlock_add_rule(struct syscall_trace_exit *ctx) {
     return 0;
 }
 
-/// sys_enter_landlock_restrict_self is a struct null_event (kind=null)
+/// sys_enter_landlock_restrict_self is a struct fd_event (kind=fd)
 SEC("tracepoint/syscalls/sys_enter_landlock_restrict_self")
 int handle_sys_enter_landlock_restrict_self(struct syscall_trace_enter *ctx) {
     __u32 pid, tid;
@@ -2114,15 +2115,16 @@ int handle_sys_enter_landlock_restrict_self(struct syscall_trace_enter *ctx) {
     if (!ior_on_syscall_enter(tid, SYS_ENTER_LANDLOCK_RESTRICT_SELF))
         return 0;
 
-    struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+    struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0);
     if (!ev)
         return 0;
 
-    ev->event_type = ENTER_NULL_EVENT;
+    ev->event_type = ENTER_FD_EVENT;
     ev->trace_id = SYS_ENTER_LANDLOCK_RESTRICT_SELF;
     ev->pid = pid;
     ev->tid = tid;
     ev->time = bpf_ktime_get_boot_ns();
+    ev->fd = (__s32)ctx->args[0];
 
     bpf_ringbuf_submit(ev, 0);
     return 0;
author	Paul Buetow <paul@buetow.org>	2026-05-21 18:02:16 +0300
committer	Paul Buetow <paul@buetow.org>	2026-05-21 18:02:16 +0300
commit	d29bdc79feb118dcbc27a4aa4a0bd14216b1664e (patch)
tree	af28c263a813a5114f06641a34a7ac8da3144ebe /internal/c/generated_tracepoints.c
parent	1a0f4086b0dff03eebcc22f1b5522cc1a9c25643 (diff)