Merge pull request #12 from aquasecurity/fix_missing_stat_syscalls

fix: stat syscalls are missing
aquasecurity · Nov 21, 2019 · 0630258 · 0630258
2 parents 4ffb880 + 2e296cf
commit 0630258
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/tracee/container_tracer.py b/tracee/container_tracer.py
@@ -838,6 +838,8 @@ def print_event(self, cpu, data, size):
 
         args = list()
 
+        eventfunc = "dummy"
+
         if context.eventid == EventId.SYS_EXECVE:
             eventname = "execve"
             event_type = self.get_int_from_buf(event_buf)
@@ -980,12 +982,15 @@ def print_event(self, cpu, data, size):
             args.append(str(self.get_int_from_buf(event_buf)))  # prot
         elif context.eventid == EventId.SYS_STAT:
             eventname = "stat"
+            eventfunc = "newstat"
             args.append(self.get_string_from_buf(event_buf))  # path
         elif context.eventid == EventId.SYS_FSTAT:
             eventname = "fstat"
+            eventfunc = "newfstat"
             args.append(str(self.get_uint_from_buf(event_buf)))  # fd
         elif context.eventid == EventId.SYS_LSTAT:
             eventname = "lstat"
+            eventfunc = "newlstat"
             args.append(self.get_string_from_buf(event_buf))  # path
         elif context.eventid == EventId.SYS_PRCTL:
             eventname = "prctl"
@@ -1062,7 +1067,7 @@ def print_event(self, cpu, data, size):
         except:
             return
 
-        if eventname in self.events_to_trace:
+        if eventname in self.events_to_trace or eventfunc in self.events_to_trace:
             if not self.json:
                 log.info("%-14f %-16s %-12d %-12d %-6d %-16s %-16s %-6d %-6d %-6d %-12d %s" % (
                     context.ts / 1000000.0, uts_name, context.mnt_id, context.pid_id, context.uid,