update killsnoop to use tracepoints #3592
Description
This is a request for help.
I wrote killsnoop back in 2015 before tracepoint support, and so I kprobe'd sys_kill(). It still does some derivation of that. But now there's a report it no longer works on Linux 5.11: #3572 (comment) CC @chenhengqi
Can someone please update killsnoop (both Python and libbpf-tools) to use tracepoints instead of kprobes (if it works as expected). All of these:
syscalls:sys_enter_kill [Tracepoint event]
syscalls:sys_enter_tgkill [Tracepoint event]
syscalls:sys_enter_tkill [Tracepoint event]
syscalls:sys_exit_kill [Tracepoint event]
syscalls:sys_exit_tgkill [Tracepoint event]
syscalls:sys_exit_tkill [Tracepoint event]