-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update(driver): add support to openat2 syscall #80
update(driver): add support to openat2 syscall #80
Conversation
Welcome @jasondellaluce! It looks like this is your first PR to falcosecurity/libs 🎉 |
Hi @jasondellaluce. Thanks for your PR. I'm waiting for a falcosecurity member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Sorry for nitpicking but I think that it shouldn't say "Fixes falcosecurity/falco#676" otherwise poiana would close the issue if this PR is merged I think |
/ok-to-test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! The event names are unfortunate since we have both OPENAT2_[EX] and OPENAT_2_[EX] but I can't see a way around this.
Also, I know openat2 has been added in 5.6 and there's no struct open_how
before, but is there e.g. a #define
we could use instead of checking the kernel version? Just wondering, but I expect RHEL to backport this syscall into some 2.6.32 or other :D Maybe even #ifdef __NR_openat2
or similar? I rather like the idea of supporting the syscall even if the kernel does not, makes things simpler overall.
534995c
to
0dea0c5
Compare
LGTM label has been added. Git tree hash: 02656adf0ed466acef84a0ef2193e5652528430a
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jasondellaluce, leogr The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Hey @jasondellaluce Could you rebase, please? Thanks in advance 🙏 |
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com> Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
ac0fa94
0dea0c5
to
ac0fa94
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
approved again
LGTM label has been added. Git tree hash: 792ee114700e915d668195cc296879f80f446595
|
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area driver-kmod
/area driver-ebpf
/area libscap
/area libsinsp
What this PR does / why we need it:
This adds support for the
openat2
system call, along with its transformation flags.Which issue(s) this PR fixes:
falcosecurity/falco#676
Does this PR introduce a user-facing change?: