From 956b0392dc1206dce49e6904210dfc9ae100d3e2 Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Thu, 21 May 2026 17:59:33 +0300
Subject: k7 classify process control and prctl syscalls

---
 internal/generate/classify.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'internal/generate/classify.go')

diff --git a/internal/generate/classify.go b/internal/generate/classify.go
index ffac1b3..8ad1d58 100644
--- a/internal/generate/classify.go
+++ b/internal/generate/classify.go
@@ -38,6 +38,7 @@ const (
 	KindProc
 	KindBpf
 	KindFutex
+	KindPrctl
 )
 
 func (k TracepointKind) MetadataName() string {
@@ -106,6 +107,8 @@ func (k TracepointKind) MetadataName() string {
 		return "bpf"
 	case KindFutex:
 		return "futex"
+	case KindPrctl:
+		return "prctl"
 	default:
 		return "none"
 	}
@@ -403,6 +406,10 @@ func classifyNameOnly(name string) (ClassificationResult, bool) {
 		return ClassificationResult{Kind: KindFd}, true
 	case "sys_enter_process_mrelease":
 		return ClassificationResult{Kind: KindFd}, true
+	case "sys_enter_wait4":
+		return ClassificationResult{Kind: KindProc}, true
+	case "sys_enter_waitid":
+		return ClassificationResult{Kind: KindProc}, true
 	case "sys_enter_clone":
 		return ClassificationResult{Kind: KindProc}, true
 	case "sys_enter_clone3":
@@ -411,6 +418,14 @@ func classifyNameOnly(name string) (ClassificationResult, bool) {
 		return ClassificationResult{Kind: KindProc}, true
 	case "sys_enter_vfork":
 		return ClassificationResult{Kind: KindProc}, true
+	case "sys_enter_kill":
+		return ClassificationResult{Kind: KindNull}, true
+	case "sys_enter_prctl":
+		return ClassificationResult{Kind: KindPrctl}, true
+	case "sys_enter_setns":
+		return ClassificationResult{Kind: KindFd}, true
+	case "sys_enter_unshare":
+		return ClassificationResult{Kind: KindNull}, true
 	case "sys_enter_bpf":
 		return ClassificationResult{Kind: KindBpf}, true
 	case "sys_enter_futex":
-- 
cgit v1.2.3