Tracing: add support for file permissions #2222
Conversation
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
tpapagian
added
the
release-note/minor
There was a problem hiding this comment.
Thanks for contributing to Tetragon! I have tried to run that and I got an event like the following:
{
"process_kprobe": {
"process": {
"exec_id": "YXBhcGFnLXVidW50dS1kZXY6MjYwMzI3ODcyMDgwNzU0OjMzMDk3MA==",
"pid": 330970,
"uid": 1010,
"cwd": "/home/test",
"binary": "/usr/bin/chmod",
"arguments": "0777 a.txt"",
"flags": "execve clone",
"start_time": "2024-03-15T08:35:25.447770357Z",
"auid": 1010,
"parent_exec_id": "YXBhcGFnLXVidW50dS1kZXY6MjU4NTYzOTcwMDAwMDAwOjI4Njc0MQ==",
"refcnt": 1,
"tid": 330970
},
"parent": {
"exec_id": "YXBhcGFnLXVidW50dS1kZXY6MjU4NTYzOTcwMDAwMDAwOjI4Njc0MQ==",
"pid": 286741,
"uid": 1010,
"cwd": "/home/test/tetragon",
"binary": "/usr/bin/bash",
"flags": "procFS auid",
"start_time": "2024-03-15T08:06:01.545689544Z",
"auid": 1010,
"parent_exec_id": "YXBhcGFnLXVidW50dS1kZXY6MjU4NTYzODEwMDAwMDAwOjI4Njc0MA==",
"tid": 286741
},
"function_name": "security_path_chmod",
"args": [
{
"path_arg": {
"path": "/home/test/a.txt",
"permission": "-rw-rw-r--"
}
}
],
"action": "KPROBE_ACTION_POST",
"policy_name": "permission-test",
"return_action": "KPROBE_ACTION_POST"
},
"node_name": "ubuntu-dev",
"time": "2024-03-15T08:35:25.448337205Z"
}
and this is great!
On the other hand, it seems that some tests are failing. Maybe you can try to run make tests locally to check what exactly fails and try to fix that. Thanks!
Jianlin-lv
force-pushed
the
pr-file-attribute
branch
from
9cddcdb
to
f56b3da
Compare
hi , fixed test failed issue locally. How can I trigger checks on this PR? |
Jianlin-lv
force-pushed
the
pr-file-attribute
branch
from
f56b3da
to
23d4750
Compare
There was a problem hiding this comment.
Thanks for taking the time to fix the tests. All seems fine now.
So at a high level you modify copy_path kernel function which is called when we have the following types:
In the users-space (in args.go) you handle the first three types but you miss the last one which is handled here. I believe that you have also to read mode there as well.
Furthermore, I have one more comment regarding the tracing policy types.
Let me know if any of these does not make sense. Thanks!
For the observed file/directory, add the associated permission and output the complete file/directory permission information, consistent with the format of 'ls -l'. Can be used in user space to further filter/identify events based on specific file attributes. Signed-off-by: Jianlin Lv <[email protected]>
Jianlin-lv
force-pushed
the
pr-file-attribute
branch
from
23d4750
to
36c1bf1
Compare
For the observed file/directory, add the associated permission and output the complete file/directory permission information, consistent with the format of 'ls -l'. Can be used in user space to further filter/identify events based on specific file attributes.