Skip to content

Commit

Permalink
Add process.thread.capabilities
Browse files Browse the repository at this point in the history
  • Loading branch information
@nicholasberlin
nicholasberlin committed Jul 26, 2023
1 parent 0525ea0 commit 8e34dd1
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions schemas/process.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,28 @@
description: >
Thread name.
- name: thread.capabilities.permitted
level: extended
type: keyword
short: Array of capabilities a thread could assume.
description: >
This is a limiting superset for the effective capabilities that the
thread may assume.
example: "[\"CAP_BPF\", \"CAP_SYS_ADMIN\"]"
normalize:
- array

- name: thread.capabilities.effective
level: extended
type: keyword
short: Array of capabilities used for permission checks.
description: >
This is the set of capabilities used by the kernel to perform permission
checks for the thread.
example: "[\"CAP_BPF\", \"CAP_SYS_ADMIN\"]"
normalize:
- array

- name: start
level: extended
type: date
Expand Down

0 comments on commit 8e34dd1

Please sign in to comment.