diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-29 16:58:36 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-29 16:58:36 +0300 |
| commit | d526d0a5f482a3b12675bd281683c58b23d9093c (patch) | |
| tree | 2c7f9a2918fd40d89436745a31181cf0a58df306 /internal/tracepoints | |
| parent | e4d91d9a0e0e3dfb3ec6914c265c2f117a66d062 (diff) | |
classify: move lsm_* syscalls from Misc to Security family
The Linux Security Module introspection syscalls lsm_list_modules,
lsm_get_self_attr and lsm_set_self_attr (Linux 6.8+) were classified as
FamilyMisc while every sibling LSM/security syscall (landlock_*, keyctl,
add_key, request_key, seccomp) is FamilySecurity. This audited
inconsistency is fixed by adding the three lsm_* entries to the
syscallFamilies map; their kind stays KindNull (args are userspace
pointers + flags, no fd/path) and the exit remains a ret_event.
Docs (syscall-tracing-plan.md) updated accordingly, generated artifacts
regenerated via mage generate, and lock-in family assertions added to
TestClassifySyscallPairEmitsAllFamilies.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Diffstat (limited to 'internal/tracepoints')
| -rw-r--r-- | internal/tracepoints/generated_tracepoints.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/internal/tracepoints/generated_tracepoints.go b/internal/tracepoints/generated_tracepoints.go index c9495eb..c8d214d 100644 --- a/internal/tracepoints/generated_tracepoints.go +++ b/internal/tracepoints/generated_tracepoints.go @@ -889,9 +889,9 @@ var syscallFamilies = map[string]string{ "lremovexattr": "FS", "lseek": "FS", "lsetxattr": "FS", - "lsm_get_self_attr": "Misc", - "lsm_list_modules": "Misc", - "lsm_set_self_attr": "Misc", + "lsm_get_self_attr": "Security", + "lsm_list_modules": "Security", + "lsm_set_self_attr": "Security", "madvise": "Memory", "map_shadow_stack": "Memory", "mbind": "Memory", |