diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-21 18:02:16 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-21 18:02:16 +0300 |
| commit | d29bdc79feb118dcbc27a4aa4a0bd14216b1664e (patch) | |
| tree | af28c263a813a5114f06641a34a7ac8da3144ebe /internal/c | |
| parent | 1a0f4086b0dff03eebcc22f1b5522cc1a9c25643 (diff) | |
o7 classify landlock add-rule and restrict-self as fd
Diffstat (limited to 'internal/c')
| -rw-r--r-- | internal/c/generated_tracepoints.c | 14 | ||||
| -rw-r--r-- | internal/c/generated_tracepoints_result.txt | 4 |
2 files changed, 10 insertions, 8 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c index 06e486c..4a5bd60 100644 --- a/internal/c/generated_tracepoints.c +++ b/internal/c/generated_tracepoints.c @@ -2054,7 +2054,7 @@ int handle_sys_exit_landlock_create_ruleset(struct syscall_trace_exit *ctx) { return 0; } -/// sys_enter_landlock_add_rule is a struct null_event (kind=null) +/// sys_enter_landlock_add_rule is a struct fd_event (kind=fd) SEC("tracepoint/syscalls/sys_enter_landlock_add_rule") int handle_sys_enter_landlock_add_rule(struct syscall_trace_enter *ctx) { __u32 pid, tid; @@ -2064,15 +2064,16 @@ int handle_sys_enter_landlock_add_rule(struct syscall_trace_enter *ctx) { if (!ior_on_syscall_enter(tid, SYS_ENTER_LANDLOCK_ADD_RULE)) return 0; - struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); if (!ev) return 0; - ev->event_type = ENTER_NULL_EVENT; + ev->event_type = ENTER_FD_EVENT; ev->trace_id = SYS_ENTER_LANDLOCK_ADD_RULE; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; bpf_ringbuf_submit(ev, 0); return 0; @@ -2104,7 +2105,7 @@ int handle_sys_exit_landlock_add_rule(struct syscall_trace_exit *ctx) { return 0; } -/// sys_enter_landlock_restrict_self is a struct null_event (kind=null) +/// sys_enter_landlock_restrict_self is a struct fd_event (kind=fd) SEC("tracepoint/syscalls/sys_enter_landlock_restrict_self") int handle_sys_enter_landlock_restrict_self(struct syscall_trace_enter *ctx) { __u32 pid, tid; @@ -2114,15 +2115,16 @@ int handle_sys_enter_landlock_restrict_self(struct syscall_trace_enter *ctx) { if (!ior_on_syscall_enter(tid, SYS_ENTER_LANDLOCK_RESTRICT_SELF)) return 0; - struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); if (!ev) return 0; - ev->event_type = ENTER_NULL_EVENT; + ev->event_type = ENTER_FD_EVENT; ev->trace_id = SYS_ENTER_LANDLOCK_RESTRICT_SELF; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; bpf_ringbuf_submit(ev, 0); return 0; diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt index 96caaaa..4d44867 100644 --- a/internal/c/generated_tracepoints_result.txt +++ b/internal/c/generated_tracepoints_result.txt @@ -134,9 +134,9 @@ sys_enter_kexec_file_load is a struct fd_event (kind=fd) sys_enter_kexec_load is a struct null_event (kind=null) sys_enter_keyctl is a struct keyctl_event (kind=keyctl) sys_enter_kill is a struct null_event (kind=null) -sys_enter_landlock_add_rule is a struct null_event (kind=null) +sys_enter_landlock_add_rule is a struct fd_event (kind=fd) sys_enter_landlock_create_ruleset is a struct eventfd_event (kind=eventfd) -sys_enter_landlock_restrict_self is a struct null_event (kind=null) +sys_enter_landlock_restrict_self is a struct fd_event (kind=fd) sys_enter_lchown is a struct path_event (kind=pathname) sys_enter_lgetxattr is a struct path_event (kind=pathname) sys_enter_link is a struct name_event (kind=name) |