update(docs): update supported syscall events for 0.32.1

Signed-off-by: Luca Guerra <luca@guerra.sh>
falcosecurity · Jul 12, 2022 · bf319e7 · bf319e7
1 parent b118d54
commit bf319e7
Showing 1 changed file with 31 additions and 24 deletions.
diff --git a/content/en/docs/rules/supported-events.md b/content/en/docs/rules/supported-events.md
@@ -5,12 +5,17 @@ weight: 3
 
 Here are the system call event types and args supported by the [kernel module and BPF probe](/docs/event-sources/drivers) via `libscap` included in the Falco libs. Note that, for performance reasons, by default Falco will only consider a subset of them indicated in the table below. However, it's possible to make Falco consider all events by using the `-A` command line switch.
 
+<!--
+generated with:
+falco --list-syscall-events --markdown
+-->
+
 Falco | Dir | Event
 :-----|:----|:-----
 Yes | > | **syscall**(SYSCALLID ID, UINT16 nativeID)
 Yes | < | **syscall**(SYSCALLID ID)
 Yes | > | **open**(FSPATH name, FLAGS32 flags, UINT32 mode)
-Yes | < | **open**(FD fd, FSPATH name, FLAGS32 flags, UINT32 mode, UINT32 dev)
+Yes | < | **open**(FD fd, FSPATH name, FLAGS32 flags, UINT32 mode, UINT32 dev, UINT64 ino)
 No | > | **close**(FD fd)
 No | < | **close**(ERRNO res)
 No | > | **read**(FD fd, UINT32 size)
@@ -54,7 +59,7 @@ Yes | < | **recvmsg**(ERRNO res, UINT32 size, BYTEBUF data, SOCKTUPLE tuple)
 No | > | **recvmmsg**()
 No | < | **recvmmsg**()
 Yes | > | **creat**(FSPATH name, UINT32 mode)
-Yes | < | **creat**(FD fd, FSPATH name, UINT32 mode, UINT32 dev)
+Yes | < | **creat**(FD fd, FSPATH name, UINT32 mode, UINT32 dev, UINT64 ino)
 Yes | > | **pipe**()
 Yes | < | **pipe**(ERRNO res, FD fd1, FD fd2, UINT64 ino)
 No | > | **eventfd**(UINT64 initval, FLAGS32 flags)
@@ -127,7 +132,7 @@ No | > | **getrlimit**(ENUMFLAGS8 resource)
 No | < | **getrlimit**(ERRNO res, INT64 cur, INT64 max)
 No | > | **setrlimit**(ENUMFLAGS8 resource)
 No | < | **setrlimit**(ERRNO res, INT64 cur, INT64 max)
-Yes | > | **prlimit**(PID pid, FLAGS8 resource)
+Yes | > | **prlimit**(PID pid, ENUMFLAGS8 resource)
 Yes | < | **prlimit**(ERRNO res, INT64 newcur, INT64 newmax, INT64 oldcur, INT64 oldmax)
 No | > | **fcntl**(FD fd, ENUMFLAGS8 cmd)
 No | < | **fcntl**(FD res)
@@ -231,7 +236,7 @@ Yes | > | **unshare**(FLAGS32 flags)
 Yes | < | **unshare**(ERRNO res)
 No | > | **page_fault**(UINT64 addr, UINT64 ip, FLAGS32 error)
 Yes | > | **execve**(FSPATH filename)
-Yes | < | **execve**(ERRNO res, CHARBUF exe, BYTEBUF args, PID tid, PID pid, PID ptid, CHARBUF cwd, UINT64 fdlimit, UINT64 pgft_maj, UINT64 pgft_min, UINT32 vm_size, UINT32 vm_rss, UINT32 vm_swap, CHARBUF comm, BYTEBUF cgroups, BYTEBUF env, INT32 tty, PID pgid, INT32 loginuid, FLAGS32 flags)
+Yes | < | **execve**(ERRNO res, CHARBUF exe, BYTEBUF args, PID tid, PID pid, PID ptid, CHARBUF cwd, UINT64 fdlimit, UINT64 pgft_maj, UINT64 pgft_min, UINT32 vm_size, UINT32 vm_rss, UINT32 vm_swap, CHARBUF comm, BYTEBUF cgroups, BYTEBUF env, INT32 tty, PID pgid, INT32 loginuid, FLAGS32 flags, UINT64 cap_inheritable, UINT64 cap_permitted, UINT64 cap_effective)
 Yes | > | **setpgid**(PID pid, PID pgid)
 Yes | < | **setpgid**(PID res)
 Yes | > | **bpf**(INT64 cmd)
@@ -245,7 +250,7 @@ Yes | < | **unlinkat**(ERRNO res, FD dirfd, FSRELPATH name, FLAGS32 flags)
 Yes | > | **mkdirat**()
 Yes | < | **mkdirat**(ERRNO res, FD dirfd, FSRELPATH path, UINT32 mode)
 Yes | > | **openat**(FD dirfd, FSRELPATH name, FLAGS32 flags, UINT32 mode)
-Yes | < | **openat**(FD fd, FD dirfd, FSRELPATH name, FLAGS32 flags, UINT32 mode, UINT32 dev)
+Yes | < | **openat**(FD fd, FD dirfd, FSRELPATH name, FLAGS32 flags, UINT32 mode, UINT32 dev, UINT64 ino)
 Yes | > | **link**()
 Yes | < | **link**(ERRNO res, FSPATH oldpath, FSPATH newpath)
 Yes | > | **linkat**()
@@ -267,34 +272,36 @@ Yes | < | **openat2**(FD fd, FD dirfd, FSRELPATH name, FLAGS32 flags, UINT32 mod
 No | > | **mprotect**(UINT64 addr, UINT64 length, FLAGS32 prot)
 No | < | **mprotect**(ERRNO res)
 Yes | > | **execveat**(FD dirfd, FSRELPATH pathname, FLAGS32 flags)
-Yes | < | **execveat**(ERRNO res, CHARBUF exe, BYTEBUF args, PID tid, PID pid, PID ptid, CHARBUF cwd, UINT64 fdlimit, UINT64 pgft_maj, UINT64 pgft_min, UINT32 vm_size, UINT32 vm_rss, UINT32 vm_swap, CHARBUF comm, BYTEBUF cgroups, BYTEBUF env, INT32 tty, PID pgid, INT32 loginuid, FLAGS32 flags)
+Yes | < | **execveat**(ERRNO res, CHARBUF exe, BYTEBUF args, PID tid, PID pid, PID ptid, CHARBUF cwd, UINT64 fdlimit, UINT64 pgft_maj, UINT64 pgft_min, UINT32 vm_size, UINT32 vm_rss, UINT32 vm_swap, CHARBUF comm, BYTEBUF cgroups, BYTEBUF env, INT32 tty, PID pgid, INT32 loginuid, FLAGS32 flags, UINT64 cap_inheritable, UINT64 cap_permitted, UINT64 cap_effective)
 Yes | > | **copy_file_range**(FD fdin, UINT64 offin, UINT64 len)
 Yes | < | **copy_file_range**(ERRNO res, FD fdout, UINT64 offout)
 Yes | > | **clone3**()
 Yes | < | **clone3**(PID res, CHARBUF exe, BYTEBUF args, PID tid, PID pid, PID ptid, CHARBUF cwd, INT64 fdlimit, UINT64 pgft_maj, UINT64 pgft_min, UINT32 vm_size, UINT32 vm_rss, UINT32 vm_swap, CHARBUF comm, BYTEBUF cgroups, FLAGS32 flags, UINT32 uid, UINT32 gid, PID vtid, PID vpid)
 Yes | > | **open_by_handle_at**()
 Yes | < | **open_by_handle_at**(FD fd, FD mountfd, FLAGS32 flags, FSPATH path)
-Yes | > | **io_uring_setup**()
-Yes | < | **io_uring_setup**(ERRNO res, UINT32 entries, UINT32 sq_entries, UINT32 cq_entries, FLAGS32 flags, UINT32 sq_thread_cpu, UINT32 sq_thread_idle, FLAGS32 features)
-Yes | > | **io_uring_enter**()
-Yes | < | **io_uring_enter**(ERRNO res, FD fd, UINT32 to_submit, UINT32 min_complete, FLAGS32 flags, SIGSET sig)
-Yes | > | **io_uring_register**()
-Yes | < | **io_uring_register**(ERRNO res, FD fd, ENUMFLAGS16 opcode, UINT64 arg, UINT32 nr_args)
-Yes | > | **mlock**()
-Yes | < | **mlock**(ERRNO res, UINT64 addr, UINT64 len)
-Yes | > | **munlock**()
-Yes | < | **munlock**(ERRNO res, UINT64 addr, UINT64 len)
-Yes | > | **mlockall**()
-Yes | < | **mlockall**(ERRNO res, FLAGS32 flags)
-Yes | > | **munlockall**()
-Yes | < | **munlockall**(ERRNO res)
+No | > | **io_uring_setup**()
+No | < | **io_uring_setup**(ERRNO res, UINT32 entries, UINT32 sq_entries, UINT32 cq_entries, FLAGS32 flags, UINT32 sq_thread_cpu, UINT32 sq_thread_idle, FLAGS32 features)
+No | > | **io_uring_enter**()
+No | < | **io_uring_enter**(ERRNO res, FD fd, UINT32 to_submit, UINT32 min_complete, FLAGS32 flags, SIGSET sig)
+No | > | **io_uring_register**()
+No | < | **io_uring_register**(ERRNO res, FD fd, ENUMFLAGS16 opcode, UINT64 arg, UINT32 nr_args)
+No | > | **mlock**()
+No | < | **mlock**(ERRNO res, UINT64 addr, UINT64 len)
+No | > | **munlock**()
+No | < | **munlock**(ERRNO res, UINT64 addr, UINT64 len)
+No | > | **mlockall**()
+No | < | **mlockall**(ERRNO res, FLAGS32 flags)
+No | > | **munlockall**()
+No | < | **munlockall**(ERRNO res)
 Yes | > | **capset**()
 Yes | < | **capset**(ERRNO res, UINT64 cap_inheritable, UINT64 cap_permitted, UINT64 cap_effective)
 Yes | > | **useradded**(UINT32 uid, UINT32 gid, CHARBUF name, CHARBUF home, CHARBUF shell, CHARBUF container_id)
-Yes | < | **useradded**()
 Yes | > | **userdeleted**(UINT32 uid, UINT32 gid, CHARBUF name, CHARBUF home, CHARBUF shell, CHARBUF container_id)
-Yes | < | **userdeleted**()
 Yes | > | **groupadded**(UINT32 gid, CHARBUF name, CHARBUF container_id)
-Yes | < | **groupadded**()
 Yes | > | **groupdeleted**(UINT32 gid, CHARBUF name, CHARBUF container_id)
-Yes | < | **groupdeleted**()
+Yes | > | **dup2**(FD fd)
+Yes | < | **dup2**(FD res, FD oldfd, FD newfd)
+Yes | > | **dup3**(FD fd)
+Yes | < | **dup3**(FD res, FD oldfd, FD newfd, FLAGS32 flags)
+Yes | > | **dup**(FD fd)
+Yes | < | **dup**(FD res, FD oldfd)