diff --git a/bpf/process/types/basic.h b/bpf/process/types/basic.h index 7a7de120c32..19b6d5eb5de 100644 --- a/bpf/process/types/basic.h +++ b/bpf/process/types/basic.h @@ -2493,7 +2493,7 @@ read_call_arg(void *ctx, struct msg_generic_kprobe *e, int index, int type, probe_read(&d_name, sizeof(d_name), (const void *)arg); probe_read(&arg, sizeof(arg), &d_name.name); - size = copy_strings(args, (char *)arg, d_name.len); + size = copy_strings(args, (char *)arg, MAX_STRING); } break; #endif case filename_ty: { diff --git a/examples/tracingpolicy/security_inode_follow_link.yaml b/examples/tracingpolicy/security_inode_follow_link.yaml index 0048cb6350d..8f07cf15878 100644 --- a/examples/tracingpolicy/security_inode_follow_link.yaml +++ b/examples/tracingpolicy/security_inode_follow_link.yaml @@ -1,7 +1,7 @@ apiVersion: cilium.io/v1alpha1 kind: TracingPolicy metadata: - name: "sample-no-exec-id" + name: "follow-symlink" spec: kprobes: - call: "security_inode_follow_link" diff --git a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml index f8699a4f451..c515cb3bdc4 100644 --- a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml +++ b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml @@ -190,6 +190,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -288,6 +289,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -954,6 +956,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -1526,6 +1529,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index diff --git a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml index 19b141f0b64..4a9253196dd 100644 --- a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml +++ b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml @@ -190,6 +190,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -288,6 +289,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -954,6 +956,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -1526,6 +1529,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index diff --git a/pkg/generictypes/generictypes.go b/pkg/generictypes/generictypes.go index 1a87df280cc..887c1f9f4cf 100644 --- a/pkg/generictypes/generictypes.go +++ b/pkg/generictypes/generictypes.go @@ -110,6 +110,7 @@ var GenericStringToType = map[string]int{ "linux_binprm": GenericLinuxBinprmType, "data_loc": GenericDataLoc, "net_device": GenericNetDev, + "dentry": GenericDentryType, } var GenericTypeToStringTable = map[int]string{ @@ -152,6 +153,7 @@ var GenericTypeToStringTable = map[int]string{ GenericLinuxBinprmType: "linux_binprm", GenericDataLoc: "data_loc", GenericNetDev: "net_device", + GenericDentryType: "dentry", GenericInvalidType: "", } diff --git a/pkg/grpc/tracing/tracing.go b/pkg/grpc/tracing/tracing.go index 1b35fdba258..575a37b2ef3 100644 --- a/pkg/grpc/tracing/tracing.go +++ b/pkg/grpc/tracing/tracing.go @@ -266,6 +266,12 @@ func getKprobeArgument(arg tracingapi.MsgGenericKprobeArg) *tetragon.KprobeArgum } a.Arg = &tetragon.KprobeArgument_LinuxBinprmArg{LinuxBinprmArg: lArg} a.Label = e.Label + case api.MsgGenericKprobeArgDentry: + lArg := &tetragon.KprobeDentry{ + Name: e.Value, + }; + a.Arg = &tetragon.KprobeArgument_DentryArg{DentryArg: lArg} + a.Label = e.Label default: logger.GetLogger().WithField("arg", e).Warnf("unexpected type: %T", e) } diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml index f8699a4f451..c515cb3bdc4 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml @@ -190,6 +190,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -288,6 +289,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -954,6 +956,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -1526,6 +1529,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml index 19b141f0b64..4a9253196dd 100644 --- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml +++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml @@ -190,6 +190,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -288,6 +289,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -954,6 +956,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -1526,6 +1529,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml index f8699a4f451..c515cb3bdc4 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml @@ -190,6 +190,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -288,6 +289,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -954,6 +956,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -1526,6 +1529,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml index 19b141f0b64..4a9253196dd 100644 --- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml +++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml @@ -190,6 +190,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -288,6 +289,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -954,6 +956,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index @@ -1526,6 +1529,7 @@ spec: - linux_binprm - data_loc - net_device + - dentry type: string required: - index