Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add dentry type #3423

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

add dentry type #3423

wants to merge 4 commits into from

Conversation

olsajiri
Copy link
Contributor

@olsajiri olsajiri commented Feb 20, 2025
edited
Loading

Adding support to extract dentry full path via new 'dentry' type,
which presents the data as as path_arg argument.

So following spec:

  spec:
    kprobes:
    - call: "security_path_unlink"
      syscall: false
      args:
      - index: 1
        type: "dentry"

gives you:

args{"path_arg":{"path":"/tmp/TestKprobeDentryPath4036433650/001/dentry-unlink872807283", "permission":"-rw-------"}}

Note dentry type can extract path only to the first mount point.

Note this patch is based on work of David Windsor, adding his SOB.

@olsajiri olsajiri added the release-note/minor This PR introduces a minor user-visible change label Feb 20, 2025
@olsajiri olsajiri mentioned this pull request Feb 23, 2025
Draft
6 tasks
@olsajiri
tetragon: Add support to extract dentry path
5a644f4 
Adding support to extract dentry full path via new 'dentry' type,
which presents the data as as path_arg argument.

So following spec:

  spec:
    kprobes:
    - call: "security_path_unlink"
      syscall: false
      args:
      - index: 1
        type: "dentry"

gives you:

   args{"path_arg":{"path":"/tmp/TestKprobeDentryPath4036433650/001/dentry-unlink872807283", "permission":"-rw-------"}}

Note dentry type can extract path only to the first mount point.

Note this patch is based on work of David Windsor, adding his SOB.

Signed-off-by: David Windsor <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
@olsajiri
tetragon: Allow dentry type to be used in the spec
fcbfec3 
Allowing dentry type to be used in the spec, so the spec validation passes.

Signed-off-by: Jiri Olsa <[email protected]>
olsajiri and others added 2 commits February 25, 2025 08:25
@olsajiri
tetragon: Add test for dentry path extraction
d5634ca 
Addinbg test for dentry path extraction.

Signed-off-by: Jiri Olsa <[email protected]>
@dwindsor @olsajiri
Add dentry example TracingPolicy
dd8a46f 
Signed-off-by: David Windsor <[email protected]>
@olsajiri olsajiri changed the title Pr/olsajiri/dentry add dentry type Feb 25, 2025
@olsajiri olsajiri requested a review from dwindsor February 25, 2025 09:26
@olsajiri olsajiri marked this pull request as ready for review February 25, 2025 09:26
@olsajiri olsajiri requested a review from a team as a code owner February 25, 2025 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwindsor dwindsor Awaiting requested review from dwindsor

@jrfastab jrfastab Awaiting requested review from jrfastab jrfastab is a code owner automatically assigned from cilium/tetragon

@kkourt kkourt Awaiting requested review from kkourt

@mtardy mtardy Awaiting requested review from mtardy

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
release-note/minor This PR introduces a minor user-visible change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@olsajiri @dwindsor