also catch enter openat syscall

author: Paul Buetow <paul@buetow.org> 2024-02-09 00:32:11 +0200
committer: Paul Buetow <paul@buetow.org> 2024-02-09 00:32:11 +0200
commit: f1d915931ca1e0f5fb4007c9cab59fd460a25c6c (patch)
tree: fe05c819a315d98bce1073ef6d39736a06352f3f /internal
parent: 05fd16ccde0dea9848e8c0140e14dd1854631fc6 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/internal/tracepoints/syscalls.go b/internal/tracepoints/syscalls.go
new file mode 100644
index 0000000..ebc46af
--- /dev/null
+++ b/internal/tracepoints/syscalls.go
@@ -0,0 +1,21 @@
+package tracepoints
+
+import (
+	"fmt"
+
+	bpf "github.com/aquasecurity/libbpfgo"
+)
+
+func AttachSyscalls(bpfModule *bpf.Module, names ...string) error {
+	for _, name := range names {
+		// Attach to tracepoint
+		prog, err := bpfModule.GetProgram(fmt.Sprintf("handle_%s", name))
+		if err != nil {
+			return fmt.Errorf("Failed to get BPF program handle_%s: %v", name, err)
+		}
+		if _, err = prog.AttachTracepoint("syscalls", fmt.Sprintf("sys_%s", name)); err != nil {
+			return fmt.Errorf("Failed to attach to sys_%s tracepoint: %v", name, err)
+		}
+	}
+	return nil
+}
author	Paul Buetow <paul@buetow.org>	2024-02-09 00:32:11 +0200
committer	Paul Buetow <paul@buetow.org>	2024-02-09 00:32:11 +0200
commit	f1d915931ca1e0f5fb4007c9cab59fd460a25c6c (patch)
tree	fe05c819a315d98bce1073ef6d39736a06352f3f /internal
parent	05fd16ccde0dea9848e8c0140e14dd1854631fc6 (diff)