Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ebpf: fix mem_prot_alert invalid args (#2324)
* ebpf: fix mem_prot_alert invalid args In cases where both security_file_mprotect and mem_prot_alert events were chosen by the user, mem_prot_alert could have failed to decode or have invalid arguments. This was caused by the fact we submitted those two events one after the other without reinitializing the submit buffer. Fix mem_prot_alert event by initializing the submit buffer as required. * ebpf: remove redundant submit buffer initialization Since we split the bpf code to separate phases, sys_enter/sys_exit don't contain more than one event to submit in one bpf program. Remove the redundant buffer initialization then. * ebpf: placed should_trace where missing In some cases, should_trace() wasn't called properly. Fix this,
- Loading branch information