feat(events): add chmod_common event #4339
Conversation
| @@ -262,7 +263,7 @@ var CoreEvents = map[ID]Definition{ | |||
| params: []trace.ArgMeta{ | |||
| {Type: "const char*", Name: "pathname"}, | |||
| {Type: "int", Name: "flags"}, | |||
| {Type: "mode_t", Name: "mode"}, | |||
| {Type: "umode_t", Name: "mode"}, | |||
There was a problem hiding this comment.
@NDStrahilevitz we need standardise names or migrate entirely to types instead of strings. Seeing this change and double checking 4737625#diff-561afb519199f76436d77252de43fdbc7020a8603bb0dd8226d8eea314c4ba32R29-R154, I realized that we can't be confident of the type size based on the name only, check these:
https://elixir.bootlin.com/linux/v6.11.1/source/include/linux/types.h#L23
https://elixir.bootlin.com/linux/v6.11.1/source/include/linux/types.h#L24
https://elixir.bootlin.com/linux/v6.11.1/source/arch/x86/include/uapi/asm/posix_types_32.h#L11
https://elixir.bootlin.com/linux/v6.11.1/source/include/uapi/asm-generic/posix_types.h#L24
unsigned short OR unsigned int.
I'll review all ArgZeroValueFromType() named types again and chose the larger option when necessary.
OriGlassman
force-pushed
the
add_common_chmod
branch
from
f03f7f8
to
ee8f534
Compare
|
@OriGlassman to fix integration tests: diff --git a/tests/integration/event_filters_test.go b/tests/integration/event_filters_test.go
index e3e9868ea..ad5810821 100644
--- a/tests/integration/event_filters_test.go
+++ b/tests/integration/event_filters_test.go
@@ -1603,7 +1603,7 @@ func Test_EventFilters(t *testing.T) {
expectEvent(anyHost, "fakeprog1", testutils.CPUForTests, anyPID, 0, events.Openat, orPolNames("comm-event-data-64"), orPolIDs(64),
expectArg("dirfd", int32(0)),
expectArg("flags", int32(0)),
- expectArg("mode", uint32(0)),
+ expectArg("mode", uint16(0)),
),
},
[]string{},
@@ -1615,7 +1615,7 @@ func Test_EventFilters(t *testing.T) {
[]trace.Event{
expectEvent(anyHost, "fakeprog2", testutils.CPUForTests, anyPID, 0, events.Open, orPolNames("comm-event-data-42"), orPolIDs(42),
expectArg("flags", int32(0)),
- expectArg("mode", uint32(0)),
+ expectArg("mode", uint16(0)),
),
},
[]string{},
@@ -1683,7 +1683,7 @@ func Test_EventFilters(t *testing.T) {
expectEvent(anyHost, "fakeprog1", testutils.CPUForTests, anyPID, 0, events.Openat, orPolNames("comm-event-retval-64"), orPolIDs(64),
expectArg("dirfd", int32(0)),
expectArg("flags", int32(0)),
- expectArg("mode", uint32(0)),
+ expectArg("mode", uint16(0)),
),
},
[]string{}, |
OriGlassman
force-pushed
the
add_common_chmod
branch
from
ee8f534
to
5791514
Compare
events like chmod and mknod used mode_t type which is 32 bit, but should use umode_t (note the 'u'), which is 16 bit.
OriGlassman
force-pushed
the
add_common_chmod
branch
from
5791514
to
a869f80
Compare
|
/fast-forward |
| @@ -0,0 +1,34 @@ | |||
| # chmod_common | |||
There was a problem hiding this comment.
I don't think the name chmod_common is so clear to the user.
A better name for this event may be file_chmod
1. Explain what the PR does
add chmod_common event
2. Explain how to test it
./tracee -e=chmod_common
3. Other comments