libs icon indicating copy to clipboard operation
libs copied to clipboard
verified publisher icon falcosecurity

new(modern_bpf): add support for `link` family syscalls

Open Andreagit97 opened this issue 3 years ago • 2 comments

What type of PR is this?

/kind feature

Any specific area of the project related to this PR?

/area driver-modern-bpf

/area libpman

/area tests

Does this PR require a change in the driver versions?

What this PR does / why we need it:

This PR is part of a series https://github.com/falcosecurity/libs/issues/513, the final aim is to support the most important syscalls also in the new probe. This PR introduces:

  • link
  • linkat
  • symlink
  • symlinkat
  • unlink
  • unlinkat

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

new(modern_bpf): add support for `link` family syscalls

Andreagit97 avatar Aug 13 '22 09:08 Andreagit97

Hi @Andreagit97 ,

tests on s390x running fine:

[ RUN      ] SyscallExit.linkX
[       OK ] SyscallExit.linkX (0 ms)
[ RUN      ] SyscallExit.linkatX
[       OK ] SyscallExit.linkatX (0 ms)

[ RUN      ] SyscallExit.symlinkX
[       OK ] SyscallExit.symlinkX (0 ms)
[ RUN      ] SyscallExit.symlinkatX
[       OK ] SyscallExit.symlinkatX (0 ms)

[ RUN      ] SyscallExit.unlinkX
[       OK ] SyscallExit.unlinkX (0 ms)
[ RUN      ] SyscallExit.unlinkatX
[       OK ] SyscallExit.unlinkatX (0 ms)


[ RUN      ] SyscallEnter.linkE
[       OK ] SyscallEnter.linkE (0 ms)
[ RUN      ] SyscallEnter.linkatE
[       OK ] SyscallEnter.linkatE (0 ms)


[ RUN      ] SyscallEnter.symlinkE
[       OK ] SyscallEnter.symlinkE (0 ms)
[ RUN      ] SyscallEnter.symlinkatE
[       OK ] SyscallEnter.symlinkatE (0 ms)

[ RUN      ] SyscallEnter.unlinkE
[       OK ] SyscallEnter.unlinkE (0 ms)
[ RUN      ] SyscallEnter.unlinkatE
[       OK ] SyscallEnter.unlinkatE (0 ms)


[----------] Global test environment tear-down
[==========] 72 tests from 2 test suites ran. (5 ms total)
[  PASSED  ] 72 tests.

(more review at later point in time, tty soon)

hbrueckner avatar Aug 15 '22 09:08 hbrueckner

LGTM label has been added.

Git tree hash: bdf7987d950833fb72a4c71a77557e6b59784413

poiana avatar Aug 31 '22 10:08 poiana

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, FedeDP

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • ~~OWNERS~~ [Andreagit97,FedeDP]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

poiana avatar Aug 31 '22 10:08 poiana

@Andreagit97 reviewed them: lgtm

hbrueckner avatar Sep 02 '22 12:09 hbrueckner