summaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
authorPaul Buetow <paul@buetow.org>2025-10-09 10:44:27 +0300
committerPaul Buetow <paul@buetow.org>2025-10-09 10:44:27 +0300
commit82f3c50dce5a26d828b9e9fd71bdf3c05adae968 (patch)
treed75439d32485c6586e0631d49d3e3d3b36a577e0 /internal
parent91632ae9e2f49cb046b5899f190890b9d139ed89 (diff)
fix unit tests, initial hard exclude of not working yet syscalls
Diffstat (limited to 'internal')
-rw-r--r--internal/c/generated_tracepoints.c444
-rw-r--r--internal/eventloop.go6
-rw-r--r--internal/eventloop_test.go62
-rw-r--r--internal/file/file.go4
-rw-r--r--internal/flags/flags.go16
5 files changed, 303 insertions, 229 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c
index 3abd510..d636695 100644
--- a/internal/c/generated_tracepoints.c
+++ b/internal/c/generated_tracepoints.c
@@ -1,257 +1,257 @@
// Code generated - don't change manually!
-/// Ignoring sys_enter_wait4 sys_exit_wait4 as possibly not file I/O related
+/// Ignoring sys_enter_epoll_ctl sys_exit_epoll_ctl as possibly not file I/O related
/// Ignoring sys_enter_setdomainname sys_exit_setdomainname as possibly not file I/O related
-/// Ignoring sys_enter_socket sys_exit_socket as possibly not file I/O related
+/// Ignoring sys_enter_mlockall sys_exit_mlockall as possibly not file I/O related
+/// Ignoring sys_enter_getsockopt sys_exit_getsockopt as possibly not file I/O related
+/// Ignoring sys_enter_futex_requeue sys_exit_futex_requeue as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigtimedwait sys_exit_rt_sigtimedwait as possibly not file I/O related
+/// Ignoring sys_enter_sched_get_priority_min sys_exit_sched_get_priority_min as possibly not file I/O related
+/// Ignoring sys_enter_pkey_alloc sys_exit_pkey_alloc as possibly not file I/O related
+/// Ignoring sys_enter_shmat sys_exit_shmat as possibly not file I/O related
+/// Ignoring sys_enter_recvmsg sys_exit_recvmsg as possibly not file I/O related
+/// Ignoring sys_enter_utime sys_exit_utime as possibly not file I/O related
+/// Ignoring sys_enter_msgget sys_exit_msgget as possibly not file I/O related
/// Ignoring sys_enter_rseq sys_exit_rseq as possibly not file I/O related
-/// Ignoring sys_enter_landlock_create_ruleset sys_exit_landlock_create_ruleset as possibly not file I/O related
-/// Ignoring sys_enter_prctl sys_exit_prctl as possibly not file I/O related
-/// Ignoring sys_enter_pause sys_exit_pause as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigaction sys_exit_rt_sigaction as possibly not file I/O related
-/// Ignoring sys_enter_fsopen sys_exit_fsopen as possibly not file I/O related
-/// Ignoring sys_enter_geteuid sys_exit_geteuid as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigreturn sys_exit_rt_sigreturn as possibly not file I/O related
-/// Ignoring sys_enter_mincore sys_exit_mincore as possibly not file I/O related
-/// Ignoring sys_enter_ioprio_set sys_exit_ioprio_set as possibly not file I/O related
-/// Ignoring sys_enter_accept sys_exit_accept as possibly not file I/O related
-/// Ignoring sys_enter_ppoll sys_exit_ppoll as possibly not file I/O related
-/// Ignoring sys_enter_bpf sys_exit_bpf as possibly not file I/O related
-/// Ignoring sys_enter_alarm sys_exit_alarm as possibly not file I/O related
-/// Ignoring sys_enter_getppid sys_exit_getppid as possibly not file I/O related
-/// Ignoring sys_enter_sched_getattr sys_exit_sched_getattr as possibly not file I/O related
-/// Ignoring sys_enter_epoll_create sys_exit_epoll_create as possibly not file I/O related
-/// Ignoring sys_enter_epoll_ctl sys_exit_epoll_ctl as possibly not file I/O related
-/// Ignoring sys_enter_get_mempolicy sys_exit_get_mempolicy as possibly not file I/O related
+/// Ignoring sys_enter_personality sys_exit_personality as possibly not file I/O related
+/// Ignoring sys_enter_getitimer sys_exit_getitimer as possibly not file I/O related
+/// Ignoring sys_enter_pkey_free sys_exit_pkey_free as possibly not file I/O related
+/// Ignoring sys_enter_sendfile64 sys_exit_sendfile64 as possibly not file I/O related
/// Ignoring sys_enter_migrate_pages sys_exit_migrate_pages as possibly not file I/O related
-/// Ignoring sys_enter_sched_setscheduler sys_exit_sched_setscheduler as possibly not file I/O related
-/// Ignoring sys_enter_nanosleep sys_exit_nanosleep as possibly not file I/O related
-/// Ignoring sys_enter_execve sys_exit_execve as possibly not file I/O related
-/// Ignoring sys_enter_setuid sys_exit_setuid as possibly not file I/O related
-/// Ignoring sys_enter_setfsuid sys_exit_setfsuid as possibly not file I/O related
+/// Ignoring sys_enter_gettimeofday sys_exit_gettimeofday as possibly not file I/O related
+/// Ignoring sys_enter_kcmp sys_exit_kcmp as possibly not file I/O related
+/// Ignoring sys_enter_process_vm_readv sys_exit_process_vm_readv as possibly not file I/O related
/// Ignoring sys_enter_utimes sys_exit_utimes as possibly not file I/O related
-/// Ignoring sys_enter_setpgid sys_exit_setpgid as possibly not file I/O related
-/// Ignoring sys_enter_pidfd_open sys_exit_pidfd_open as possibly not file I/O related
-/// Ignoring sys_enter_clone3 sys_exit_clone3 as possibly not file I/O related
-/// Ignoring sys_enter_bind sys_exit_bind as possibly not file I/O related
-/// Ignoring sys_enter_timerfd_gettime sys_exit_timerfd_gettime as possibly not file I/O related
-/// Ignoring sys_enter_connect sys_exit_connect as possibly not file I/O related
-/// Ignoring sys_enter_recvmsg sys_exit_recvmsg as possibly not file I/O related
-/// Ignoring sys_enter_getpriority sys_exit_getpriority as possibly not file I/O related
-/// Ignoring sys_enter_shutdown sys_exit_shutdown as possibly not file I/O related
-/// Ignoring sys_enter_eventfd sys_exit_eventfd as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigqueueinfo sys_exit_rt_sigqueueinfo as possibly not file I/O related
-/// Ignoring sys_enter_get_robust_list sys_exit_get_robust_list as possibly not file I/O related
-/// Ignoring sys_enter_pkey_alloc sys_exit_pkey_alloc as possibly not file I/O related
-/// Ignoring sys_enter_timer_delete sys_exit_timer_delete as possibly not file I/O related
+/// Ignoring sys_enter_set_mempolicy sys_exit_set_mempolicy as possibly not file I/O related
+/// Ignoring sys_enter_getresgid sys_exit_getresgid as possibly not file I/O related
+/// Ignoring sys_enter_tgkill sys_exit_tgkill as possibly not file I/O related
+/// Ignoring sys_enter_select sys_exit_select as possibly not file I/O related
+/// Ignoring sys_enter_kexec_file_load sys_exit_kexec_file_load as possibly not file I/O related
+/// Ignoring sys_enter_shmctl sys_exit_shmctl as possibly not file I/O related
+/// Ignoring sys_enter_iopl sys_exit_iopl as possibly not file I/O related
+/// Ignoring sys_enter_getrlimit sys_exit_getrlimit as possibly not file I/O related
/// Ignoring sys_enter_exit sys_exit_exit as possibly not file I/O related
-/// Ignoring sys_enter_unshare sys_exit_unshare as possibly not file I/O related
-/// Ignoring sys_enter_futex_waitv sys_exit_futex_waitv as possibly not file I/O related
-/// Ignoring sys_enter_membarrier sys_exit_membarrier as possibly not file I/O related
-/// Ignoring sys_enter_landlock_add_rule sys_exit_landlock_add_rule as possibly not file I/O related
-/// Ignoring sys_enter_gettimeofday sys_exit_gettimeofday as possibly not file I/O related
-/// Ignoring sys_enter_mbind sys_exit_mbind as possibly not file I/O related
-/// Ignoring sys_enter_pidfd_getfd sys_exit_pidfd_getfd as possibly not file I/O related
-/// Ignoring sys_enter_uretprobe sys_exit_uretprobe as possibly not file I/O related
+/// Ignoring sys_enter_prlimit64 sys_exit_prlimit64 as possibly not file I/O related
+/// Ignoring sys_enter_inotify_init1 sys_exit_inotify_init1 as possibly not file I/O related
+/// Ignoring sys_enter_acct sys_exit_acct as possibly not file I/O related
+/// Ignoring sys_enter_pivot_root sys_exit_pivot_root as possibly not file I/O related
+/// Ignoring sys_enter_timer_getoverrun sys_exit_timer_getoverrun as possibly not file I/O related
+/// Ignoring sys_enter_get_robust_list sys_exit_get_robust_list as possibly not file I/O related
+/// Ignoring sys_enter_sched_setparam sys_exit_sched_setparam as possibly not file I/O related
+/// Ignoring sys_enter_ioprio_get sys_exit_ioprio_get as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigqueueinfo sys_exit_rt_sigqueueinfo as possibly not file I/O related
+/// Ignoring sys_enter_lsm_set_self_attr sys_exit_lsm_set_self_attr as possibly not file I/O related
+/// Ignoring sys_enter_modify_ldt sys_exit_modify_ldt as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigpending sys_exit_rt_sigpending as possibly not file I/O related
/// Ignoring sys_enter_arch_prctl sys_exit_arch_prctl as possibly not file I/O related
-/// Ignoring sys_enter_shmat sys_exit_shmat as possibly not file I/O related
-/// Ignoring sys_enter_sendto sys_exit_sendto as possibly not file I/O related
-/// Ignoring sys_enter_listen sys_exit_listen as possibly not file I/O related
-/// Ignoring sys_enter_vfork sys_exit_vfork as possibly not file I/O related
-/// Ignoring sys_enter_setreuid sys_exit_setreuid as possibly not file I/O related
-/// Ignoring sys_enter_sched_yield sys_exit_sched_yield as possibly not file I/O related
-/// Ignoring sys_enter_setresgid sys_exit_setresgid as possibly not file I/O related
-/// Ignoring sys_enter_futex_requeue sys_exit_futex_requeue as possibly not file I/O related
-/// Ignoring sys_enter_swapon sys_exit_swapon as possibly not file I/O related
-/// Ignoring sys_enter_mprotect sys_exit_mprotect as possibly not file I/O related
-/// Ignoring sys_enter_perf_event_open sys_exit_perf_event_open as possibly not file I/O related
-/// Ignoring sys_enter_setgid sys_exit_setgid as possibly not file I/O related
-/// Ignoring sys_enter_futex_wake sys_exit_futex_wake as possibly not file I/O related
+/// Ignoring sys_enter_add_key sys_exit_add_key as possibly not file I/O related
+/// Ignoring sys_enter_mount sys_exit_mount as possibly not file I/O related
+/// Ignoring sys_enter_signalfd sys_exit_signalfd as possibly not file I/O related
+/// Ignoring sys_enter_exit_group sys_exit_exit_group as possibly not file I/O related
+/// Ignoring sys_enter_futex_waitv sys_exit_futex_waitv as possibly not file I/O related
+/// Ignoring sys_enter_mknod sys_exit_mknod as possibly not file I/O related
+/// Ignoring sys_enter_process_mrelease sys_exit_process_mrelease as possibly not file I/O related
+/// Ignoring sys_enter_landlock_create_ruleset sys_exit_landlock_create_ruleset as possibly not file I/O related
+/// Ignoring sys_enter_copy_file_range sys_exit_copy_file_range as possibly not file I/O related
/// Ignoring sys_enter_munlock sys_exit_munlock as possibly not file I/O related
-/// Ignoring sys_enter_capget sys_exit_capget as possibly not file I/O related
-/// Ignoring sys_enter_lsm_set_self_attr sys_exit_lsm_set_self_attr as possibly not file I/O related
-/// Ignoring sys_enter_accept4 sys_exit_accept4 as possibly not file I/O related
-/// Ignoring sys_enter_select sys_exit_select as possibly not file I/O related
-/// Ignoring sys_enter_listmount sys_exit_listmount as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigaction sys_exit_rt_sigaction as possibly not file I/O related
+/// Ignoring sys_enter_move_pages sys_exit_move_pages as possibly not file I/O related
+/// Ignoring sys_enter_clock_settime sys_exit_clock_settime as possibly not file I/O related
+/// Ignoring sys_enter_sched_rr_get_interval sys_exit_sched_rr_get_interval as possibly not file I/O related
/// Ignoring sys_enter_reboot sys_exit_reboot as possibly not file I/O related
-/// Ignoring sys_enter_sched_setparam sys_exit_sched_setparam as possibly not file I/O related
-/// Ignoring sys_enter_sysinfo sys_exit_sysinfo as possibly not file I/O related
-/// Ignoring sys_enter_pidfd_send_signal sys_exit_pidfd_send_signal as possibly not file I/O related
-/// Ignoring sys_enter_semop sys_exit_semop as possibly not file I/O related
-/// Ignoring sys_enter_fork sys_exit_fork as possibly not file I/O related
-/// Ignoring sys_enter_keyctl sys_exit_keyctl as possibly not file I/O related
-/// Ignoring sys_enter_msync sys_exit_msync as possibly not file I/O related
-/// Ignoring sys_enter_kexec_file_load sys_exit_kexec_file_load as possibly not file I/O related
-/// Ignoring sys_enter_timer_settime sys_exit_timer_settime as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigpending sys_exit_rt_sigpending as possibly not file I/O related
-/// Ignoring sys_enter_sched_getaffinity sys_exit_sched_getaffinity as possibly not file I/O related
-/// Ignoring sys_enter_msgrcv sys_exit_msgrcv as possibly not file I/O related
-/// Ignoring sys_enter_pkey_mprotect sys_exit_pkey_mprotect as possibly not file I/O related
-/// Ignoring sys_enter_getitimer sys_exit_getitimer as possibly not file I/O related
-/// Ignoring sys_enter_pipe sys_exit_pipe as possibly not file I/O related
-/// Ignoring sys_enter_sendfile64 sys_exit_sendfile64 as possibly not file I/O related
-/// Ignoring sys_enter_mq_notify sys_exit_mq_notify as possibly not file I/O related
-/// Ignoring sys_enter_pivot_root sys_exit_pivot_root as possibly not file I/O related
-/// Ignoring sys_enter_fsmount sys_exit_fsmount as possibly not file I/O related
-/// Ignoring sys_enter_inotify_add_watch sys_exit_inotify_add_watch as possibly not file I/O related
-/// Ignoring sys_enter_epoll_pwait2 sys_exit_epoll_pwait2 as possibly not file I/O related
-/// Ignoring sys_enter_getsid sys_exit_getsid as possibly not file I/O related
-/// Ignoring sys_enter_madvise sys_exit_madvise as possibly not file I/O related
-/// Ignoring sys_enter_kill sys_exit_kill as possibly not file I/O related
+/// Ignoring sys_enter_getppid sys_exit_getppid as possibly not file I/O related
+/// Ignoring sys_enter_sched_yield sys_exit_sched_yield as possibly not file I/O related
+/// Ignoring sys_enter_getpeername sys_exit_getpeername as possibly not file I/O related
+/// Ignoring sys_enter_execve sys_exit_execve as possibly not file I/O related
+/// Ignoring sys_enter_pidfd_getfd sys_exit_pidfd_getfd as possibly not file I/O related
+/// Ignoring sys_enter_mlock sys_exit_mlock as possibly not file I/O related
+/// Ignoring sys_enter_timer_gettime sys_exit_timer_gettime as possibly not file I/O related
+/// Ignoring sys_enter_pause sys_exit_pause as possibly not file I/O related
+/// Ignoring sys_enter_poll sys_exit_poll as possibly not file I/O related
+/// Ignoring sys_enter_semget sys_exit_semget as possibly not file I/O related
+/// Ignoring sys_enter_mq_unlink sys_exit_mq_unlink as possibly not file I/O related
/// Ignoring sys_enter_futex_wait sys_exit_futex_wait as possibly not file I/O related
+/// Ignoring sys_enter_msgctl sys_exit_msgctl as possibly not file I/O related
/// Ignoring sys_enter_set_tid_address sys_exit_set_tid_address as possibly not file I/O related
-/// Ignoring sys_enter_clock_gettime sys_exit_clock_gettime as possibly not file I/O related
-/// Ignoring sys_enter_execveat sys_exit_execveat as possibly not file I/O related
-/// Ignoring sys_enter_sendmsg sys_exit_sendmsg as possibly not file I/O related
-/// Ignoring sys_enter_msgsnd sys_exit_msgsnd as possibly not file I/O related
-/// Ignoring sys_enter_getsockname sys_exit_getsockname as possibly not file I/O related
-/// Ignoring sys_enter_statmount sys_exit_statmount as possibly not file I/O related
-/// Ignoring sys_enter_inotify_init sys_exit_inotify_init as possibly not file I/O related
-/// Ignoring sys_enter_epoll_pwait sys_exit_epoll_pwait as possibly not file I/O related
-/// Ignoring sys_enter_clock_settime sys_exit_clock_settime as possibly not file I/O related
-/// Ignoring sys_enter_recvfrom sys_exit_recvfrom as possibly not file I/O related
+/// Ignoring sys_enter_sched_setattr sys_exit_sched_setattr as possibly not file I/O related
+/// Ignoring sys_enter_setreuid sys_exit_setreuid as possibly not file I/O related
+/// Ignoring sys_enter_setitimer sys_exit_setitimer as possibly not file I/O related
/// Ignoring sys_enter_process_vm_writev sys_exit_process_vm_writev as possibly not file I/O related
-/// Ignoring sys_enter_utime sys_exit_utime as possibly not file I/O related
-/// Ignoring sys_enter_gettid sys_exit_gettid as possibly not file I/O related
/// Ignoring sys_enter_rt_tgsigqueueinfo sys_exit_rt_tgsigqueueinfo as possibly not file I/O related
-/// Ignoring sys_enter_sigaltstack sys_exit_sigaltstack as possibly not file I/O related
-/// Ignoring sys_enter_setpriority sys_exit_setpriority as possibly not file I/O related
-/// Ignoring sys_enter_timerfd_create sys_exit_timerfd_create as possibly not file I/O related
-/// Ignoring sys_enter_process_mrelease sys_exit_process_mrelease as possibly not file I/O related
-/// Ignoring sys_enter_setgroups sys_exit_setgroups as possibly not file I/O related
-/// Ignoring sys_enter_sysfs sys_exit_sysfs as possibly not file I/O related
-/// Ignoring sys_enter_mlockall sys_exit_mlockall as possibly not file I/O related
-/// Ignoring sys_enter_pselect6 sys_exit_pselect6 as possibly not file I/O related
-/// Ignoring sys_enter_tgkill sys_exit_tgkill as possibly not file I/O related
-/// Ignoring sys_enter_iopl sys_exit_iopl as possibly not file I/O related
-/// Ignoring sys_enter_setitimer sys_exit_setitimer as possibly not file I/O related
-/// Ignoring sys_enter_setfsgid sys_exit_setfsgid as possibly not file I/O related
-/// Ignoring sys_enter_map_shadow_stack sys_exit_map_shadow_stack as possibly not file I/O related
-/// Ignoring sys_enter_clone sys_exit_clone as possibly not file I/O related
-/// Ignoring sys_enter_setsockopt sys_exit_setsockopt as possibly not file I/O related
-/// Ignoring sys_enter_sendmmsg sys_exit_sendmmsg as possibly not file I/O related
-/// Ignoring sys_enter_move_pages sys_exit_move_pages as possibly not file I/O related
-/// Ignoring sys_enter_init_module sys_exit_init_module as possibly not file I/O related
-/// Ignoring sys_enter_lsm_list_modules sys_exit_lsm_list_modules as possibly not file I/O related
-/// Ignoring sys_enter_waitid sys_exit_waitid as possibly not file I/O related
-/// Ignoring sys_enter_add_key sys_exit_add_key as possibly not file I/O related
-/// Ignoring sys_enter_getgroups sys_exit_getgroups as possibly not file I/O related
+/// Ignoring sys_enter_sched_getaffinity sys_exit_sched_getaffinity as possibly not file I/O related
+/// Ignoring sys_enter_umount sys_exit_umount as possibly not file I/O related
/// Ignoring sys_enter_mremap sys_exit_mremap as possibly not file I/O related
-/// Ignoring sys_enter_process_madvise sys_exit_process_madvise as possibly not file I/O related
-/// Ignoring sys_enter_poll sys_exit_poll as possibly not file I/O related
-/// Ignoring sys_enter_getresuid sys_exit_getresuid as possibly not file I/O related
-/// Ignoring sys_enter_newuname sys_exit_newuname as possibly not file I/O related
-/// Ignoring sys_enter_msgctl sys_exit_msgctl as possibly not file I/O related
-/// Ignoring sys_enter_timer_create sys_exit_timer_create as possibly not file I/O related
-/// Ignoring sys_enter_sched_rr_get_interval sys_exit_sched_rr_get_interval as possibly not file I/O related
+/// Ignoring sys_enter_futex sys_exit_futex as possibly not file I/O related
+/// Ignoring sys_enter_setsid sys_exit_setsid as possibly not file I/O related
+/// Ignoring sys_enter_memfd_secret sys_exit_memfd_secret as possibly not file I/O related
+/// Ignoring sys_enter_ppoll sys_exit_ppoll as possibly not file I/O related
+/// Ignoring sys_enter_get_mempolicy sys_exit_get_mempolicy as possibly not file I/O related
+/// Ignoring sys_enter_memfd_create sys_exit_memfd_create as possibly not file I/O related
+/// Ignoring sys_enter_splice sys_exit_splice as possibly not file I/O related
+/// Ignoring sys_enter_execveat sys_exit_execveat as possibly not file I/O related
+/// Ignoring sys_enter_accept sys_exit_accept as possibly not file I/O related
+/// Ignoring sys_enter_inotify_rm_watch sys_exit_inotify_rm_watch as possibly not file I/O related
+/// Ignoring sys_enter_ioperm sys_exit_ioperm as possibly not file I/O related
+/// Ignoring sys_enter_landlock_restrict_self sys_exit_landlock_restrict_self as possibly not file I/O related
/// Ignoring sys_enter_getuid sys_exit_getuid as possibly not file I/O related
-/// Ignoring sys_enter_sched_get_priority_min sys_exit_sched_get_priority_min as possibly not file I/O related
-/// Ignoring sys_enter_time sys_exit_time as possibly not file I/O related
-/// Ignoring sys_enter_modify_ldt sys_exit_modify_ldt as possibly not file I/O related
-/// Ignoring sys_enter_pkey_free sys_exit_pkey_free as possibly not file I/O related
-/// Ignoring sys_enter_vhangup sys_exit_vhangup as possibly not file I/O related
-/// Ignoring sys_enter_clock_nanosleep sys_exit_clock_nanosleep as possibly not file I/O related
-/// Ignoring sys_enter_remap_file_pages sys_exit_remap_file_pages as possibly not file I/O related
-/// Ignoring sys_enter_times sys_exit_times as possibly not file I/O related
-/// Ignoring sys_enter_mseal sys_exit_mseal as possibly not file I/O related
+/// Ignoring sys_enter_bpf sys_exit_bpf as possibly not file I/O related
/// Ignoring sys_enter_ustat sys_exit_ustat as possibly not file I/O related
-/// Ignoring sys_enter_set_mempolicy_home_node sys_exit_set_mempolicy_home_node as possibly not file I/O related
-/// Ignoring sys_enter_inotify_init1 sys_exit_inotify_init1 as possibly not file I/O related
-/// Ignoring sys_enter_getpeername sys_exit_getpeername as possibly not file I/O related
-/// Ignoring sys_enter_memfd_create sys_exit_memfd_create as possibly not file I/O related
-/// Ignoring sys_enter_mq_open sys_exit_mq_open as possibly not file I/O related
+/// Ignoring sys_enter_newuname sys_exit_newuname as possibly not file I/O related
+/// Ignoring sys_enter_mq_notify sys_exit_mq_notify as possibly not file I/O related
+/// Ignoring sys_enter_sched_getparam sys_exit_sched_getparam as possibly not file I/O related
+/// Ignoring sys_enter_mprotect sys_exit_mprotect as possibly not file I/O related
+/// Ignoring sys_enter_setgid sys_exit_setgid as possibly not file I/O related
+/// Ignoring sys_enter_seccomp sys_exit_seccomp as possibly not file I/O related
+/// Ignoring sys_enter_setgroups sys_exit_setgroups as possibly not file I/O related
+/// Ignoring sys_enter_shutdown sys_exit_shutdown as possibly not file I/O related
+/// Ignoring sys_enter_swapoff sys_exit_swapoff as possibly not file I/O related
+/// Ignoring sys_enter_msgrcv sys_exit_msgrcv as possibly not file I/O related
+/// Ignoring sys_enter_userfaultfd sys_exit_userfaultfd as possibly not file I/O related
+/// Ignoring sys_enter_capset sys_exit_capset as possibly not file I/O related
+/// Ignoring sys_enter_sendto sys_exit_sendto as possibly not file I/O related
+/// Ignoring sys_enter_sigaltstack sys_exit_sigaltstack as possibly not file I/O related
+/// Ignoring sys_enter_umask sys_exit_umask as possibly not file I/O related
/// Ignoring sys_enter_semtimedop sys_exit_semtimedop as possibly not file I/O related
-/// Ignoring sys_enter_eventfd2 sys_exit_eventfd2 as possibly not file I/O related
/// Ignoring sys_enter_brk sys_exit_brk as possibly not file I/O related
-/// Ignoring sys_enter_epoll_create1 sys_exit_epoll_create1 as possibly not file I/O related
-/// Ignoring sys_enter_getegid sys_exit_getegid as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigsuspend sys_exit_rt_sigsuspend as possibly not file I/O related
-/// Ignoring sys_enter_landlock_restrict_self sys_exit_landlock_restrict_self as possibly not file I/O related
-/// Ignoring sys_enter_set_mempolicy sys_exit_set_mempolicy as possibly not file I/O related
-/// Ignoring sys_enter_adjtimex sys_exit_adjtimex as possibly not file I/O related
-/// Ignoring sys_enter_setrlimit sys_exit_setrlimit as possibly not file I/O related
-/// Ignoring sys_enter_kexec_load sys_exit_kexec_load as possibly not file I/O related
-/// Ignoring sys_enter_restart_syscall sys_exit_restart_syscall as possibly not file I/O related
-/// Ignoring sys_enter_mount sys_exit_mount as possibly not file I/O related
-/// Ignoring sys_enter_mknod sys_exit_mknod as possibly not file I/O related
-/// Ignoring sys_enter_getpid sys_exit_getpid as possibly not file I/O related
-/// Ignoring sys_enter_mlock sys_exit_mlock as possibly not file I/O related
-/// Ignoring sys_enter_sched_getscheduler sys_exit_sched_getscheduler as possibly not file I/O related
-/// Ignoring sys_enter_recvmmsg sys_exit_recvmmsg as possibly not file I/O related
-/// Ignoring sys_enter_move_mount sys_exit_move_mount as possibly not file I/O related
-/// Ignoring sys_enter_clock_getres sys_exit_clock_getres as possibly not file I/O related
-/// Ignoring sys_enter_shmdt sys_exit_shmdt as possibly not file I/O related
-/// Ignoring sys_enter_swapoff sys_exit_swapoff as possibly not file I/O related
-/// Ignoring sys_enter_setresuid sys_exit_setresuid as possibly not file I/O related
+/// Ignoring sys_enter_uretprobe sys_exit_uretprobe as possibly not file I/O related
+/// Ignoring sys_enter_getrusage sys_exit_getrusage as possibly not file I/O related
+/// Ignoring sys_enter_timer_settime sys_exit_timer_settime as possibly not file I/O related
+/// Ignoring sys_enter_setpriority sys_exit_setpriority as possibly not file I/O related
+/// Ignoring sys_enter_timerfd_create sys_exit_timerfd_create as possibly not file I/O related
+/// Ignoring sys_enter_init_module sys_exit_init_module as possibly not file I/O related
+/// Ignoring sys_enter_setpgid sys_exit_setpgid as possibly not file I/O related
/// Ignoring sys_enter_request_key sys_exit_request_key as possibly not file I/O related
-/// Ignoring sys_enter_sched_get_priority_max sys_exit_sched_get_priority_max as possibly not file I/O related
-/// Ignoring sys_enter_process_vm_readv sys_exit_process_vm_readv as possibly not file I/O related
-/// Ignoring sys_enter_memfd_secret sys_exit_memfd_secret as possibly not file I/O related
-/// Ignoring sys_enter_semctl sys_exit_semctl as possibly not file I/O related
+/// Ignoring sys_enter_setresuid sys_exit_setresuid as possibly not file I/O related
+/// Ignoring sys_enter_pselect6 sys_exit_pselect6 as possibly not file I/O related
+/// Ignoring sys_enter_setns sys_exit_setns as possibly not file I/O related
+/// Ignoring sys_enter_timerfd_gettime sys_exit_timerfd_gettime as possibly not file I/O related
/// Ignoring sys_enter_clock_adjtime sys_exit_clock_adjtime as possibly not file I/O related
-/// Ignoring sys_enter_getgid sys_exit_getgid as possibly not file I/O related
-/// Ignoring sys_enter_getpgrp sys_exit_getpgrp as possibly not file I/O related
+/// Ignoring sys_enter_connect sys_exit_connect as possibly not file I/O related
+/// Ignoring sys_enter_getsockname sys_exit_getsockname as possibly not file I/O related
+/// Ignoring sys_enter_getpid sys_exit_getpid as possibly not file I/O related
+/// Ignoring sys_enter_ioprio_set sys_exit_ioprio_set as possibly not file I/O related
+/// Ignoring sys_enter_getcwd sys_exit_getcwd as possibly not file I/O related
+/// Ignoring sys_enter_sched_getscheduler sys_exit_sched_getscheduler as possibly not file I/O related
/// Ignoring sys_enter_settimeofday sys_exit_settimeofday as possibly not file I/O related
-/// Ignoring sys_enter_timer_gettime sys_exit_timer_gettime as possibly not file I/O related
-/// Ignoring sys_enter_setsid sys_exit_setsid as possibly not file I/O related
-/// Ignoring sys_enter_timerfd_settime sys_exit_timerfd_settime as possibly not file I/O related
+/// Ignoring sys_enter_sendmsg sys_exit_sendmsg as possibly not file I/O related
+/// Ignoring sys_enter_delete_module sys_exit_delete_module as possibly not file I/O related
+/// Ignoring sys_enter_getgid sys_exit_getgid as possibly not file I/O related
/// Ignoring sys_enter_lsm_get_self_attr sys_exit_lsm_get_self_attr as possibly not file I/O related
-/// Ignoring sys_enter_splice sys_exit_splice as possibly not file I/O related
-/// Ignoring sys_enter_futex sys_exit_futex as possibly not file I/O related
-/// Ignoring sys_enter_mq_timedsend sys_exit_mq_timedsend as possibly not file I/O related
-/// Ignoring sys_enter_getcwd sys_exit_getcwd as possibly not file I/O related
-/// Ignoring sys_enter_userfaultfd sys_exit_userfaultfd as possibly not file I/O related
-/// Ignoring sys_enter_timer_getoverrun sys_exit_timer_getoverrun as possibly not file I/O related
+/// Ignoring sys_enter_epoll_create1 sys_exit_epoll_create1 as possibly not file I/O related
+/// Ignoring sys_enter_inotify_add_watch sys_exit_inotify_add_watch as possibly not file I/O related
+/// Ignoring sys_enter_setuid sys_exit_setuid as possibly not file I/O related
+/// Ignoring sys_enter_socket sys_exit_socket as possibly not file I/O related
/// Ignoring sys_enter_getpgid sys_exit_getpgid as possibly not file I/O related
-/// Ignoring sys_enter_munlockall sys_exit_munlockall as possibly not file I/O related
-/// Ignoring sys_enter_shmctl sys_exit_shmctl as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigtimedwait sys_exit_rt_sigtimedwait as possibly not file I/O related
-/// Ignoring sys_enter_kcmp sys_exit_kcmp as possibly not file I/O related
+/// Ignoring sys_enter_signalfd4 sys_exit_signalfd4 as possibly not file I/O related
+/// Ignoring sys_enter_bind sys_exit_bind as possibly not file I/O related
+/// Ignoring sys_enter_lsm_list_modules sys_exit_lsm_list_modules as possibly not file I/O related
+/// Ignoring sys_enter_getcpu sys_exit_getcpu as possibly not file I/O related
+/// Ignoring sys_enter_sched_setscheduler sys_exit_sched_setscheduler as possibly not file I/O related
+/// Ignoring sys_enter_timer_delete sys_exit_timer_delete as possibly not file I/O related
+/// Ignoring sys_enter_adjtimex sys_exit_adjtimex as possibly not file I/O related
+/// Ignoring sys_enter_shmdt sys_exit_shmdt as possibly not file I/O related
+/// Ignoring sys_enter_kill sys_exit_kill as possibly not file I/O related
+/// Ignoring sys_enter_listen sys_exit_listen as possibly not file I/O related
+/// Ignoring sys_enter_fsmount sys_exit_fsmount as possibly not file I/O related
+/// Ignoring sys_enter_waitid sys_exit_waitid as possibly not file I/O related
+/// Ignoring sys_enter_geteuid sys_exit_geteuid as possibly not file I/O related
+/// Ignoring sys_enter_accept4 sys_exit_accept4 as possibly not file I/O related
+/// Ignoring sys_enter_eventfd sys_exit_eventfd as possibly not file I/O related
/// Ignoring sys_enter_tkill sys_exit_tkill as possibly not file I/O related
-/// Ignoring sys_enter_getrusage sys_exit_getrusage as possibly not file I/O related
-/// Ignoring sys_enter_getrandom sys_exit_getrandom as possibly not file I/O related
-/// Ignoring sys_enter_sethostname sys_exit_sethostname as possibly not file I/O related
-/// Ignoring sys_enter_delete_module sys_exit_delete_module as possibly not file I/O related
-/// Ignoring sys_enter_getrlimit sys_exit_getrlimit as possibly not file I/O related
-/// Ignoring sys_enter_capset sys_exit_capset as possibly not file I/O related
-/// Ignoring sys_enter_sched_setaffinity sys_exit_sched_setaffinity as possibly not file I/O related
-/// Ignoring sys_enter_ioperm sys_exit_ioperm as possibly not file I/O related
-/// Ignoring sys_enter_umount sys_exit_umount as possibly not file I/O related
-/// Ignoring sys_enter_sched_getparam sys_exit_sched_getparam as possibly not file I/O related
-/// Ignoring sys_enter_umask sys_exit_umask as possibly not file I/O related
-/// Ignoring sys_enter_munmap sys_exit_munmap as possibly not file I/O related
+/// Ignoring sys_enter_perf_event_open sys_exit_perf_event_open as possibly not file I/O related
+/// Ignoring sys_enter_msync sys_exit_msync as possibly not file I/O related
+/// Ignoring sys_enter_fsopen sys_exit_fsopen as possibly not file I/O related
+/// Ignoring sys_enter_mbind sys_exit_mbind as possibly not file I/O related
+/// Ignoring sys_enter_remap_file_pages sys_exit_remap_file_pages as possibly not file I/O related
+/// Ignoring sys_enter_nanosleep sys_exit_nanosleep as possibly not file I/O related
+/// Ignoring sys_enter_kexec_load sys_exit_kexec_load as possibly not file I/O related
+/// Ignoring sys_enter_mincore sys_exit_mincore as possibly not file I/O related
+/// Ignoring sys_enter_epoll_pwait sys_exit_epoll_pwait as possibly not file I/O related
+/// Ignoring sys_enter_mlock2 sys_exit_mlock2 as possibly not file I/O related
+/// Ignoring sys_enter_prctl sys_exit_prctl as possibly not file I/O related
+/// Ignoring sys_enter_msgsnd sys_exit_msgsnd as possibly not file I/O related
+/// Ignoring sys_enter_gettid sys_exit_gettid as possibly not file I/O related
+/// Ignoring sys_enter_listmount sys_exit_listmount as possibly not file I/O related
+/// Ignoring sys_enter_sysfs sys_exit_sysfs as possibly not file I/O related
+/// Ignoring sys_enter_vfork sys_exit_vfork as possibly not file I/O related
+/// Ignoring sys_enter_sysinfo sys_exit_sysinfo as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigreturn sys_exit_rt_sigreturn as possibly not file I/O related
+/// Ignoring sys_enter_fork sys_exit_fork as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigprocmask sys_exit_rt_sigprocmask as possibly not file I/O related
+/// Ignoring sys_enter_epoll_wait sys_exit_epoll_wait as possibly not file I/O related
+/// Ignoring sys_enter_capget sys_exit_capget as possibly not file I/O related
+/// Ignoring sys_enter_unshare sys_exit_unshare as possibly not file I/O related
+/// Ignoring sys_enter_ptrace sys_exit_ptrace as possibly not file I/O related
+/// Ignoring sys_enter_statmount sys_exit_statmount as possibly not file I/O related
/// Ignoring sys_enter_mknodat sys_exit_mknodat as possibly not file I/O related
-/// Ignoring sys_enter_seccomp sys_exit_seccomp as possibly not file I/O related
-/// Ignoring sys_enter_getsockopt sys_exit_getsockopt as possibly not file I/O related
+/// Ignoring sys_enter_epoll_create sys_exit_epoll_create as possibly not file I/O related
+/// Ignoring sys_enter_eventfd2 sys_exit_eventfd2 as possibly not file I/O related
+/// Ignoring sys_enter_clock_getres sys_exit_clock_getres as possibly not file I/O related
+/// Ignoring sys_enter_wait4 sys_exit_wait4 as possibly not file I/O related
+/// Ignoring sys_enter_sched_get_priority_max sys_exit_sched_get_priority_max as possibly not file I/O related
+/// Ignoring sys_enter_clock_gettime sys_exit_clock_gettime as possibly not file I/O related
+/// Ignoring sys_enter_clone3 sys_exit_clone3 as possibly not file I/O related
+/// Ignoring sys_enter_keyctl sys_exit_keyctl as possibly not file I/O related
+/// Ignoring sys_enter_clock_nanosleep sys_exit_clock_nanosleep as possibly not file I/O related
/// Ignoring sys_enter_mq_getsetattr sys_exit_mq_getsetattr as possibly not file I/O related
-/// Ignoring sys_enter_setns sys_exit_setns as possibly not file I/O related
-/// Ignoring sys_enter_exit_group sys_exit_exit_group as possibly not file I/O related
-/// Ignoring sys_enter_copy_file_range sys_exit_copy_file_range as possibly not file I/O related
-/// Ignoring sys_enter_msgget sys_exit_msgget as possibly not file I/O related
+/// Ignoring sys_enter_madvise sys_exit_madvise as possibly not file I/O related
+/// Ignoring sys_enter_sethostname sys_exit_sethostname as possibly not file I/O related
+/// Ignoring sys_enter_mq_open sys_exit_mq_open as possibly not file I/O related
+/// Ignoring sys_enter_pidfd_open sys_exit_pidfd_open as possibly not file I/O related
+/// Ignoring sys_enter_inotify_init sys_exit_inotify_init as possibly not file I/O related
+/// Ignoring sys_enter_fanotify_init sys_exit_fanotify_init as possibly not file I/O related
+/// Ignoring sys_enter_getgroups sys_exit_getgroups as possibly not file I/O related
+/// Ignoring sys_enter_getsid sys_exit_getsid as possibly not file I/O related
+/// Ignoring sys_enter_timer_create sys_exit_timer_create as possibly not file I/O related
+/// Ignoring sys_enter_shmget sys_exit_shmget as possibly not file I/O related
+/// Ignoring sys_enter_recvmmsg sys_exit_recvmmsg as possibly not file I/O related
+/// Ignoring sys_enter_mseal sys_exit_mseal as possibly not file I/O related
+/// Ignoring sys_enter_times sys_exit_times as possibly not file I/O related
+/// Ignoring sys_enter_restart_syscall sys_exit_restart_syscall as possibly not file I/O related
/// Ignoring sys_enter_setregid sys_exit_setregid as possibly not file I/O related
-/// Ignoring sys_enter_socketpair sys_exit_socketpair as possibly not file I/O related
-/// Ignoring sys_enter_signalfd4 sys_exit_signalfd4 as possibly not file I/O related
-/// Ignoring sys_enter_mlock2 sys_exit_mlock2 as possibly not file I/O related
-/// Ignoring sys_enter_sched_setattr sys_exit_sched_setattr as possibly not file I/O related
-/// Ignoring sys_enter_getresgid sys_exit_getresgid as possibly not file I/O related
+/// Ignoring sys_enter_pkey_mprotect sys_exit_pkey_mprotect as possibly not file I/O related
+/// Ignoring sys_enter_futex_wake sys_exit_futex_wake as possibly not file I/O related
+/// Ignoring sys_enter_rt_sigsuspend sys_exit_rt_sigsuspend as possibly not file I/O related
+/// Ignoring sys_enter_getpriority sys_exit_getpriority as possibly not file I/O related
+/// Ignoring sys_enter_getresuid sys_exit_getresuid as possibly not file I/O related
+/// Ignoring sys_enter_sched_getattr sys_exit_sched_getattr as possibly not file I/O related
+/// Ignoring sys_enter_setsockopt sys_exit_setsockopt as possibly not file I/O related
+/// Ignoring sys_enter_membarrier sys_exit_membarrier as possibly not file I/O related
/// Ignoring sys_enter_mq_timedreceive sys_exit_mq_timedreceive as possibly not file I/O related
/// Ignoring sys_enter_set_robust_list sys_exit_set_robust_list as possibly not file I/O related
-/// Ignoring sys_enter_ptrace sys_exit_ptrace as possibly not file I/O related
-/// Ignoring sys_enter_prlimit64 sys_exit_prlimit64 as possibly not file I/O related
+/// Ignoring sys_enter_setfsgid sys_exit_setfsgid as possibly not file I/O related
+/// Ignoring sys_enter_getpgrp sys_exit_getpgrp as possibly not file I/O related
+/// Ignoring sys_enter_recvfrom sys_exit_recvfrom as possibly not file I/O related
+/// Ignoring sys_enter_landlock_add_rule sys_exit_landlock_add_rule as possibly not file I/O related
+/// Ignoring sys_enter_mq_timedsend sys_exit_mq_timedsend as possibly not file I/O related
+/// Ignoring sys_enter_getegid sys_exit_getegid as possibly not file I/O related
+/// Ignoring sys_enter_alarm sys_exit_alarm as possibly not file I/O related
+/// Ignoring sys_enter_pidfd_send_signal sys_exit_pidfd_send_signal as possibly not file I/O related
+/// Ignoring sys_enter_quotactl sys_exit_quotactl as possibly not file I/O related
+/// Ignoring sys_enter_setfsuid sys_exit_setfsuid as possibly not file I/O related
+/// Ignoring sys_enter_munmap sys_exit_munmap as possibly not file I/O related
+/// Ignoring sys_enter_sched_setaffinity sys_exit_sched_setaffinity as possibly not file I/O related
+/// Ignoring sys_enter_clone sys_exit_clone as possibly not file I/O related
+/// Ignoring sys_enter_timerfd_settime sys_exit_timerfd_settime as possibly not file I/O related
+/// Ignoring sys_enter_socketpair sys_exit_socketpair as possibly not file I/O related
/// Ignoring sys_enter_tee sys_exit_tee as possibly not file I/O related
-/// Ignoring sys_enter_rt_sigprocmask sys_exit_rt_sigprocmask as possibly not file I/O related
-/// Ignoring sys_enter_mq_unlink sys_exit_mq_unlink as possibly not file I/O related
-/// Ignoring sys_enter_epoll_wait sys_exit_epoll_wait as possibly not file I/O related
-/// Ignoring sys_enter_semget sys_exit_semget as possibly not file I/O related
-/// Ignoring sys_enter_signalfd sys_exit_signalfd as possibly not file I/O related
/// Ignoring sys_enter_pipe2 sys_exit_pipe2 as possibly not file I/O related
-/// Ignoring sys_enter_acct sys_exit_acct as possibly not file I/O related
-/// Ignoring sys_enter_getcpu sys_exit_getcpu as possibly not file I/O related
-/// Ignoring sys_enter_inotify_rm_watch sys_exit_inotify_rm_watch as possibly not file I/O related
-/// Ignoring sys_enter_fanotify_init sys_exit_fanotify_init as possibly not file I/O related
-/// Ignoring sys_enter_shmget sys_exit_shmget as possibly not file I/O related
-/// Ignoring sys_enter_quotactl sys_exit_quotactl as possibly not file I/O related
-/// Ignoring sys_enter_ioprio_get sys_exit_ioprio_get as possibly not file I/O related
-/// Ignoring sys_enter_personality sys_exit_personality as possibly not file I/O related
+/// Ignoring sys_enter_semctl sys_exit_semctl as possibly not file I/O related
+/// Ignoring sys_enter_set_mempolicy_home_node sys_exit_set_mempolicy_home_node as possibly not file I/O related
+/// Ignoring sys_enter_time sys_exit_time as possibly not file I/O related
+/// Ignoring sys_enter_move_mount sys_exit_move_mount as possibly not file I/O related
+/// Ignoring sys_enter_semop sys_exit_semop as possibly not file I/O related
+/// Ignoring sys_enter_setrlimit sys_exit_setrlimit as possibly not file I/O related
+/// Ignoring sys_enter_vhangup sys_exit_vhangup as possibly not file I/O related
+/// Ignoring sys_enter_sendmmsg sys_exit_sendmmsg as possibly not file I/O related
+/// Ignoring sys_enter_pipe sys_exit_pipe as possibly not file I/O related
+/// Ignoring sys_enter_process_madvise sys_exit_process_madvise as possibly not file I/O related
+/// Ignoring sys_enter_map_shadow_stack sys_exit_map_shadow_stack as possibly not file I/O related
+/// Ignoring sys_enter_setresgid sys_exit_setresgid as possibly not file I/O related
+/// Ignoring sys_enter_getrandom sys_exit_getrandom as possibly not file I/O related
+/// Ignoring sys_enter_munlockall sys_exit_munlockall as possibly not file I/O related
+/// Ignoring sys_enter_epoll_pwait2 sys_exit_epoll_pwait2 as possibly not file I/O related
+/// Ignoring sys_enter_swapon sys_exit_swapon as possibly not file I/O related
#define SYS_ENTER_IO_URING_REGISTER 1505
#define SYS_EXIT_IO_URING_REGISTER 1504
diff --git a/internal/eventloop.go b/internal/eventloop.go
index d568162..6a345f2 100644
--- a/internal/eventloop.go
+++ b/internal/eventloop.go
@@ -216,7 +216,7 @@ func (e *eventLoop) tracepointExited(exitEv event.Event, ch chan<- *event.Pair)
openEv := ep.EnterEv.(*OpenEvent)
comm := types.StringValue(openEv.Comm[:])
if fd := int32(ep.ExitEv.(*RetEvent).Ret); fd >= 0 {
- file := file.NewFd(fd, openEv.Filename[:], v.Flags)
+ file := file.NewFd(fd, types.StringValue(openEv.Filename[:]), v.Flags)
e.files[fd] = file
ep.File = file
ep.Comm = comm
@@ -240,7 +240,7 @@ func (e *eventLoop) tracepointExited(exitEv event.Event, ch chan<- *event.Pair)
nameEvent := ep.EnterEv.(*PathEvent)
if ep.Is(SYS_ENTER_CREAT) {
if fd := int32(ep.ExitEv.(*RetEvent).Ret); fd >= 0 {
- file := file.NewFd(fd, nameEvent.Pathname[:],
+ file := file.NewFd(fd, types.StringValue(nameEvent.Pathname[:]),
syscall.O_CREAT|syscall.O_WRONLY|syscall.O_TRUNC)
e.files[fd] = file
ep.File = file
@@ -319,7 +319,7 @@ func (e *eventLoop) tracepointExited(exitEv event.Event, ch chan<- *event.Pair)
if fd := int32(retEvent.Ret); fd >= 0 {
openByHandleEv := ep.EnterEv.(*OpenByHandleAtEvent)
- file := file.NewFd(fd, []byte(pathname), openByHandleEv.Flags)
+ file := file.NewFd(fd, pathname, openByHandleEv.Flags)
e.files[fd] = file
ep.File = file
ep.Comm = e.comm(tid)
diff --git a/internal/eventloop_test.go b/internal/eventloop_test.go
index 7a6ce9d..dc92bda 100644
--- a/internal/eventloop_test.go
+++ b/internal/eventloop_test.go
@@ -58,6 +58,7 @@ func TestEventloop(t *testing.T) {
"FcntlDupfdCloexecTest": makeFcntlDupfdCloexecTestData(t),
"FcntlErrorTest": makeFcntlErrorTestData(t),
"FcntlInvalidFdTest": makeFcntlInvalidFdTestData(t),
+ "NameToHandleAtTest": makeNameToHandleAtTestData(t),
// FD Lifecycle tests
"FdLifecycleTest": makeFdLifecycleTestData(t),
"FdDupTest": makeFdDupTestData(t),
@@ -1523,6 +1524,67 @@ func makeFcntlInvalidFdTestData(t *testing.T) (td testData) {
return td
}
+func makeEnterOpenByHandleAtEvent(t *testing.T, time uint64, pid, tid uint32, flags int32) (types.OpenByHandleAtEvent, []byte) {
+ ev := types.OpenByHandleAtEvent{
+ EventType: types.ENTER_OPEN_BY_HANDLE_AT_EVENT,
+ TraceId: types.SYS_ENTER_OPEN_BY_HANDLE_AT,
+ Time: time,
+ Pid: pid,
+ Tid: tid,
+ Flags: flags,
+ }
+
+ bytes, err := ev.Bytes()
+ if err != nil {
+ t.Error(err)
+ }
+ return ev, bytes
+}
+
+func makeNameToHandleAtTestData(t *testing.T) (td testData) {
+ pathname := "/tmp/handle_test.txt"
+ fd := int32(70)
+
+ // Step 1: name_to_handle_at syscall
+ _, enterNameBytes := makeEnterPathEvent(t, defaulTime, defaultPid, defaultTid, pathname, types.SYS_ENTER_NAME_TO_HANDLE_AT)
+ td.rawTracepoints = append(td.rawTracepoints, enterNameBytes)
+
+ _, exitNameBytes := makeExitRetEvent(t, defaulTime+100, defaultPid, defaultTid, types.SYS_EXIT_NAME_TO_HANDLE_AT, 0)
+ td.rawTracepoints = append(td.rawTracepoints, exitNameBytes)
+
+ // Step 2: open_by_handle_at syscall
+ _, enterOpenBytes := makeEnterOpenByHandleAtEvent(t, defaulTime+200, defaultPid, defaultTid, syscall.O_RDWR)
+ td.rawTracepoints = append(td.rawTracepoints, enterOpenBytes)
+
+ exitOpenEv, exitOpenBytes := makeExitRetEvent(t, defaulTime+300, defaultPid, defaultTid, types.SYS_EXIT_OPEN_BY_HANDLE_AT, int64(fd))
+ td.rawTracepoints = append(td.rawTracepoints, exitOpenBytes)
+
+ // Validate that the two syscalls are correlated and result in a single open event
+ td.validates = append(td.validates, func(t *testing.T, el *eventLoop, ep *event.Pair) {
+ if ep.EnterEv.GetTraceId() != types.SYS_ENTER_OPEN_BY_HANDLE_AT {
+ t.Errorf("Expected enter event to be SYS_ENTER_OPEN_BY_HANDLE_AT, but got %v", ep.EnterEv.GetTraceId())
+ }
+ if !exitOpenEv.Equals(ep.ExitEv) {
+ t.Errorf("Expected exit event '%v' but got '%v'", exitOpenEv, ep.ExitEv)
+ }
+ if ep.File == nil {
+ t.Errorf("Expected file to be set")
+ } else if ep.File.Name() != pathname {
+ t.Errorf("Expected file name '%v' but got '%v'", pathname, ep.File.Name())
+ }
+
+ // Verify that the fd is now tracked
+ verifyFileDescriptor(t, el, fd, pathname)
+
+ // Verify that the pending handle has been consumed
+ if _, ok := el.pendingHandles[defaultTid]; ok {
+ t.Errorf("Expected pending handle for tid %d to be consumed", defaultTid)
+ }
+ })
+
+ return td
+}
+
// Test open→read→write→close lifecycle
func makeFdLifecycleTestData(t *testing.T) (td testData) {
fd := int32(42)
diff --git a/internal/file/file.go b/internal/file/file.go
index d46e6db..85894c9 100644
--- a/internal/file/file.go
+++ b/internal/file/file.go
@@ -23,10 +23,10 @@ type FdFile struct {
flagsFromProcFS bool
}
-func NewFd(fd int32, name []byte, flags int32) FdFile {
+func NewFd(fd int32, name string, flags int32) FdFile {
f := FdFile{
fd: fd,
- name: types.StringValue(name),
+ name: name,
flags: Flags(flags),
}
if f.flags == -1 {
diff --git a/internal/flags/flags.go b/internal/flags/flags.go
index fda921d..512697c 100644
--- a/internal/flags/flags.go
+++ b/internal/flags/flags.go
@@ -12,8 +12,10 @@ import (
bpf "github.com/aquasecurity/libbpfgo"
)
-var singleton Flags
-var once sync.Once
+var (
+ singleton Flags
+ once sync.Once
+)
var validCollapsedFields = []string{
"path",
@@ -105,6 +107,15 @@ func parse() {
singleton.TracepointsToAttach = extractTracepointFlags(*tracepointsToAttach)
singleton.TracepointsToExclude = extractTracepointFlags(*tracepointsToExclude)
+ // disabledTracepoints is a list of tracepoints that should not be attached due to wider isses.
+ // Here, the BPF programs wouldn't load otherwise due to CO-RE issues.
+ // TODO: Try out once in a while whether it works again with newer kernel versions.
+ furtherExcludes := []string{".*_name_to_handle_at", ".*_open_by_handle_at"}
+ for _, exclude := range furtherExcludes {
+ fmt.Println("WARNING: Hard-excluding ", exclude)
+ singleton.TracepointsToExclude = append(singleton.TracepointsToExclude, regexp.MustCompile(exclude))
+ }
+
if *fields == "" {
singleton.CollapsedFields = []string{"pid", "path", "tracepoint"}
} else {
@@ -140,6 +151,7 @@ func extractTracepointFlags(tracepoints string) (regexes []*regexp.Regexp) {
}
func (flags Flags) ShouldIAttachTracepoint(tracepointName string) bool {
+ fmt.Println("ShouldIAttachTracepoint called with", tracepointName)
for _, re := range flags.TracepointsToExclude {
if re.MatchString(tracepointName) {
fmt.Println("Not attaching", tracepointName, "as excluded")
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-15 23:16:19 +0000