Documentation
¶
Index ¶
- Constants
- Variables
- func AllMaps() []*manager.Map
- func AllPerfMaps() []*manager.PerfMap
- func AllProbes() []*manager.Probe
- func AllTailRoutes() []manager.TailCallRoute
- func ExpandSyscallProbes(probe *manager.Probe, flag int, compat ...bool) []*manager.Probe
- func ExpandSyscallProbesSelector(id manager.ProbeIdentificationPair, flag int, compat ...bool) []manager.ProbesSelector
- func GetPerfBufferStatisticsMaps() map[string]string
Constants ¶
View Source
const ( // Entry indicates that the entry kprobe should be expanded Entry = 1 << 0 // Exit indicates that the exit kretprobe should be expanded Exit = 1 << 1 // ExpandTime32 indicates that the _time32 suffix should be added to the provided probe if needed ExpandTime32 = 1 << 2 // EntryAndExit indicates that both the entry kprobe and exit kretprobe should be expanded EntryAndExit = Entry | Exit )
View Source
const (
// SecurityAgentUID is the UID used for all the runtime security module probes
SecurityAgentUID = "security"
)
Variables ¶
View Source
var RuntimeArch string
RuntimeArch holds the CPU architecture of the running machine
View Source
var SelectorsPerEventType = map[eval.EventType][]manager.ProbesSelector{ "*": { &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "tracepoint/sched/sched_process_fork"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/do_exit"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/security_bprm_committed_creds"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/exit_itimers"}}, &manager.BestEffort{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/prepare_binprm"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/bprm_execve"}}, }}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kretprobe/get_task_exe_file"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/vfs_open"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/do_dentry_open"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/commit_creds"}}, }}, &manager.OneOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/cgroup_procs_write"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/cgroup1_procs_write"}}, }}, &manager.OneOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/_do_fork"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/do_fork"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/kernel_clone"}}, }}, &manager.OneOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/cgroup_tasks_write"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/cgroup1_tasks_write"}}, }}, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "execve"}, Entry), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "execveat"}, Entry), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setuid"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setuid16"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setgid"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setgid16"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "seteuid"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "seteuid16"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setegid"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setegid16"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setfsuid"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setfsuid16"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setfsgid"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setfsgid16"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setreuid"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setreuid16"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setregid"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setregid16"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setresuid"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setresuid16"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setresgid"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setresgid16"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "capset"}, EntryAndExit), }, &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/attach_recursive_mnt"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/propagate_mnt"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/security_sb_umount"}}, }}, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "mount"}, EntryAndExit, true), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "umount"}, EntryAndExit), }, &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/vfs_rename"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/mnt_want_write"}}, }}, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "rename"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "renameat"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "renameat2"}, EntryAndExit), }, &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/mnt_want_write"}}, }}, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "unlinkat"}, EntryAndExit), }, &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/security_inode_rmdir"}}, }}, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "rmdir"}, EntryAndExit), }, &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/vfs_unlink"}}, }}, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "unlink"}, EntryAndExit), }, &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/do_vfs_ioctl"}}, }}, }, "chmod": { &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/security_inode_setattr"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/mnt_want_write"}}, }}, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "chmod"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "fchmod"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "fchmodat"}, EntryAndExit), }, }, "chown": { &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/security_inode_setattr"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/mnt_want_write"}}, }}, &manager.OneOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/mnt_want_write_file"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/mnt_want_write_file_path"}}, }}, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "chown"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "chown16"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "fchown"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "fchown16"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "fchownat"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "lchown"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "lchown16"}, EntryAndExit), }, }, "link": { &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/vfs_link"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/filename_create"}}, }}, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "link"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "linkat"}, EntryAndExit), }, }, "mkdir": { &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/vfs_mkdir"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/filename_create"}}, }}, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "mkdir"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "mkdirat"}, EntryAndExit), }, }, "open": { &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/vfs_truncate"}}, }}, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "open"}, EntryAndExit, true), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "creat"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "truncate"}, EntryAndExit, true), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "openat"}, EntryAndExit, true), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "openat2"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "open_by_handle_at"}, EntryAndExit, true), }, &manager.BestEffort{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/io_openat2"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kretprobe/io_openat2"}}, }}, &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/filp_close"}}, }}, }, "removexattr": { &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/vfs_removexattr"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/mnt_want_write"}}, }}, &manager.OneOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/mnt_want_write_file"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/mnt_want_write_file_path"}}, }}, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "removexattr"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "fremovexattr"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "lremovexattr"}, EntryAndExit), }, }, "setxattr": { &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/vfs_setxattr"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/mnt_want_write"}}, }}, &manager.OneOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/mnt_want_write_file"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/mnt_want_write_file_path"}}, }}, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "setxattr"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "fsetxattr"}, EntryAndExit), }, &manager.OneOf{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "lsetxattr"}, EntryAndExit), }, }, "utimes": { &manager.AllOf{Selectors: []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/security_inode_setattr"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "kprobe/mnt_want_write"}}, }}, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "utime"}, EntryAndExit, true), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "utime32"}, EntryAndExit), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "utimes"}, EntryAndExit, true), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "utimes"}, EntryAndExit|ExpandTime32), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "utimensat"}, EntryAndExit, true), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "utimensat"}, EntryAndExit|ExpandTime32), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "futimesat"}, EntryAndExit, true), }, &manager.BestEffort{Selectors: ExpandSyscallProbesSelector( manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "futimesat"}, EntryAndExit|ExpandTime32), }, }, }
SelectorsPerEventType is the list of probes that should be activated for each event
View Source
var SyscallMonitorSelectors = []manager.ProbesSelector{ &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "tracepoint/raw_syscalls/sys_enter"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "tracepoint/raw_syscalls/sys_exit"}}, &manager.ProbeSelector{ProbeIdentificationPair: manager.ProbeIdentificationPair{UID: SecurityAgentUID, Section: "tracepoint/sched/sched_process_exec"}}, }
SyscallMonitorSelectors is the list of probes that should be activated for the syscall monitor feature
Functions ¶
func AllPerfMaps ¶
AllPerfMaps returns the list of perf maps of the runtime security module
func AllTailRoutes ¶
func AllTailRoutes() []manager.TailCallRoute
AllTailRoutes returns the list of all the tail call routes
func ExpandSyscallProbes ¶
ExpandSyscallProbes returns the list of available hook probes for the syscall func name of the provided probe
func ExpandSyscallProbesSelector ¶
func ExpandSyscallProbesSelector(id manager.ProbeIdentificationPair, flag int, compat ...bool) []manager.ProbesSelector
ExpandSyscallProbesSelector returns the list of a ProbesSelector required to query all the probes available for a syscall
func GetPerfBufferStatisticsMaps ¶
GetPerfBufferStatisticsMaps returns the list of maps used to monitor the performances of each perf buffers
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.