summaryrefslogtreecommitdiff
path: root/internal/c
diff options
context:
space:
mode:
Diffstat (limited to 'internal/c')
-rw-r--r--internal/c/generated_tracepoints.c8
-rw-r--r--internal/c/generated_tracepoints_result.txt2
2 files changed, 6 insertions, 4 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c
index 78f29c7..f1602e5 100644
--- a/internal/c/generated_tracepoints.c
+++ b/internal/c/generated_tracepoints.c
@@ -13488,7 +13488,7 @@ int handle_sys_exit_kexec_load(struct syscall_trace_exit *ctx) {
return 0;
}
-/// sys_enter_acct is a struct null_event (kind=null)
+/// sys_enter_acct is a struct path_event (kind=pathname)
SEC("tracepoint/syscalls/sys_enter_acct")
int handle_sys_enter_acct(struct syscall_trace_enter *ctx) {
__u32 pid, tid;
@@ -13498,15 +13498,17 @@ int handle_sys_enter_acct(struct syscall_trace_enter *ctx) {
if (!ior_on_syscall_enter(tid, SYS_ENTER_ACCT))
return 0;
- struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0);
+ struct path_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct path_event), 0);
if (!ev)
return 0;
- ev->event_type = ENTER_NULL_EVENT;
+ ev->event_type = ENTER_PATH_EVENT;
ev->trace_id = SYS_ENTER_ACCT;
ev->pid = pid;
ev->tid = tid;
ev->time = bpf_ktime_get_boot_ns();
+ __builtin_memset(&(ev->pathname), 0, sizeof(ev->pathname));
+ bpf_probe_read_user_str(ev->pathname, sizeof(ev->pathname), (void*)ctx->args[0]);
bpf_ringbuf_submit(ev, 0);
return 0;
diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt
index 43b33d5..5c13a75 100644
--- a/internal/c/generated_tracepoints_result.txt
+++ b/internal/c/generated_tracepoints_result.txt
@@ -1,7 +1,7 @@
sys_enter_accept is a struct accept_event (kind=accept)
sys_enter_accept4 is a struct accept_event (kind=accept)
sys_enter_access is a struct path_event (kind=pathname)
-sys_enter_acct is a struct null_event (kind=null)
+sys_enter_acct is a struct path_event (kind=pathname)
sys_enter_add_key is a struct keyctl_event (kind=keyctl)
sys_enter_adjtimex is a struct null_event (kind=null)
sys_enter_alarm is a struct null_event (kind=null)
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-17 21:05:18 +0000