Skip to content

Commit

Permalink
Tracing: add support for file permissions
Browse files Browse the repository at this point in the history 
For the observed file/directory, add the associated permission and
output the complete file/directory permission information, consistent
with the format of 'ls -l'. Can be used in user space to further
filter/identify events based on specific file attributes.

Signed-off-by: Jianlin Lv <[email protected]>
  • Loading branch information
@jianlv01
jianlv01 committed Mar 16, 2024
1 parent 67bdc67 commit f56b3da
Show file tree
Hide file tree
Showing 21 changed files with 260 additions and 54 deletions.
2 changes: 2 additions & 0 deletions api/v1/README.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

38 changes: 32 additions & 6 deletions api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

40 changes: 30 additions & 10 deletions api/v1/tetragon/tetragon.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions api/v1/tetragon/tetragon.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -325,12 +325,14 @@ message KprobePath {
string mount = 1;
string path = 2;
string flags = 3;
string permission = 4;
}

message KprobeFile {
string mount = 1;
string path = 2;
string flags = 3;
string permission = 4;
}

message KprobeTruncatedBytes {
Expand Down
17 changes: 11 additions & 6 deletions bpf/process/types/basic.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -445,6 +445,7 @@ copy_path(char *args, const struct path *arg)
int size = 0, flags = 0;
char *buffer;
void *curr = &args[4];
umode_t i_mode;

buffer = d_path_local(arg, &size, &flags);
if (!buffer)
Expand All @@ -456,12 +457,14 @@ copy_path(char *args, const struct path *arg)
*s = size;
size += 4;

BPF_CORE_READ_INTO(&i_mode, arg, dentry, d_inode, i_mode);

/*
* the format of the path is:
* -------------------------------
* | 4 bytes | N bytes | 4 bytes |
* | pathlen | path | flags |
* -------------------------------
* -----------------------------------------
* | 4 bytes | N bytes | 4 bytes | 2 bytes |
* | pathlen | path | flags | mode |
* -----------------------------------------
* Next we set up the flags.
*/
asm volatile goto(
Expand All @@ -472,12 +475,14 @@ copy_path(char *args, const struct path *arg)
"r1 += r7;\n"
"r2 = *(u32 *)%[flags];\n"
"*(u32 *)(r1 + 0) = r2;\n"
"r2 = *(u16 *)%[mode];\n"
"*(u16 *)(r1 + 4) = r2;\n"
:
: [pid] "m"(args), [flags] "m"(flags), [offset] "+m"(size)
: [pid] "m"(args), [flags] "m"(flags), [offset] "+m"(size), [mode] "m"(i_mode)
: "r0", "r1", "r2", "r7", "memory"
: a);
a:
size += sizeof(u32); // for the flags
size += sizeof(u32) + sizeof(u16); // for the flags + i_mode

return size;
}
Expand Down
2 changes: 2 additions & 0 deletions docs/content/en/docs/reference/grpc-api.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 10 additions & 8 deletions pkg/api/tracingapi/client_kprobe.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,10 +58,11 @@ type MsgGenericKprobe struct {
}

type MsgGenericKprobeArgPath struct {
Index uint64
Value string
Flags uint32
Label string
Index uint64
Value string
Flags uint32
Permission uint16
Label string
}

func (m MsgGenericKprobeArgPath) GetIndex() uint64 {
Expand All @@ -73,10 +74,11 @@ func (m MsgGenericKprobeArgPath) IsReturnArg() bool {
}

type MsgGenericKprobeArgFile struct {
Index uint64
Value string
Flags uint32
Label string
Index uint64
Value string
Flags uint32
Permission uint16
Label string
}

func (m MsgGenericKprobeArgFile) GetIndex() uint64 {
Expand Down
10 changes: 6 additions & 4 deletions pkg/grpc/tracing/tracing.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,15 +168,17 @@ func getKprobeArgument(arg tracingapi.MsgGenericKprobeArg) *tetragon.KprobeArgum
a.Label = e.Label
case api.MsgGenericKprobeArgFile:
fileArg := &tetragon.KprobeFile{
Path: e.Value,
Flags: path.FilePathFlagsToStr(e.Flags),
Path: e.Value,
Flags: path.FilePathFlagsToStr(e.Flags),
Permission: path.FilePathModeToStr(e.Permission),
}
a.Arg = &tetragon.KprobeArgument_FileArg{FileArg: fileArg}
a.Label = e.Label
case api.MsgGenericKprobeArgPath:
pathArg := &tetragon.KprobePath{
Path: e.Value,
Flags: path.FilePathFlagsToStr(e.Flags),
Path: e.Value,
Flags: path.FilePathFlagsToStr(e.Flags),
Permission: path.FilePathModeToStr(e.Permission),
}
a.Arg = &tetragon.KprobeArgument_PathArg{PathArg: pathArg}
a.Label = e.Label
Expand Down
4 changes: 4 additions & 0 deletions pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ spec:
- file
- filename
- path
- permission
- nop
- bpf_attr
- perf_event
Expand Down Expand Up @@ -212,6 +213,7 @@ spec:
- file
- filename
- path
- permission
- nop
- bpf_attr
- perf_event
Expand Down Expand Up @@ -863,6 +865,7 @@ spec:
- file
- filename
- path
- permission
- nop
- bpf_attr
- perf_event
Expand Down Expand Up @@ -1420,6 +1423,7 @@ spec:
- file
- filename
- path
- permission
- nop
- bpf_attr
- perf_event
Expand Down
4 changes: 4 additions & 0 deletions pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@ spec:
- file
- filename
- path
- permission
- nop
- bpf_attr
- perf_event
Expand Down Expand Up @@ -212,6 +213,7 @@ spec:
- file
- filename
- path
- permission
- nop
- bpf_attr
- perf_event
Expand Down Expand Up @@ -863,6 +865,7 @@ spec:
- file
- filename
- path
- permission
- nop
- bpf_attr
- perf_event
Expand Down Expand Up @@ -1420,6 +1423,7 @@ spec:
- file
- filename
- path
- permission
- nop
- bpf_attr
- perf_event
Expand Down
2 changes: 1 addition & 1 deletion pkg/k8s/apis/cilium.io/v1alpha1/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ type KProbeArg struct {
// +kubebuilder:validation:Minimum=0
// Position of the argument.
Index uint32 `json:"index"`
// +kubebuilder:validation:Enum=auto;int;int8;uint8;int16;uint16;uint32;int32;uint64;int64;char_buf;char_iovec;size_t;skb;sock;string;fd;file;filename;path;nop;bpf_attr;perf_event;bpf_map;user_namespace;capability;kiocb;iov_iter;cred;load_info;module;syscall64;kernel_cap_t;cap_inheritable;cap_permitted;cap_effective;linux_binprm;data_loc;net_device
// +kubebuilder:validation:Enum=auto;int;int8;uint8;int16;uint16;uint32;int32;uint64;int64;char_buf;char_iovec;size_t;skb;sock;string;fd;file;filename;path;permission;nop;bpf_attr;perf_event;bpf_map;user_namespace;capability;kiocb;iov_iter;cred;load_info;module;syscall64;kernel_cap_t;cap_inheritable;cap_permitted;cap_effective;linux_binprm;data_loc;net_device
// +kubebuilder:default=auto
// Argument type.
Type string `json:"type"`
Expand Down
2 changes: 1 addition & 1 deletion pkg/k8s/apis/cilium.io/v1alpha1/version.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ package v1alpha1
// Used to determine if CRD needs to be updated in cluster
//
// Developers: Bump patch for each change in the CRD schema.
const CustomResourceDefinitionSchemaVersion = "1.1.8"
const CustomResourceDefinitionSchemaVersion = "1.1.9"
Loading

0 comments on commit f56b3da

Please sign in to comment.