policylibrary: add message field to module tracing policy

This adds the message field to the module tracing library as an example of what the event is about. Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
cilium · Jan 9, 2024 · 8a2783d · 8a2783d
1 parent 6037962
commit 8a2783d
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/examples/policylibrary/modules.yaml b/examples/policylibrary/modules.yaml
@@ -3,12 +3,12 @@ apiVersion: cilium.io/v1alpha1
 kind: TracingPolicy
 metadata:
   name: "monitor-kernel-modules"
-  #annotations:
-    #description: "Monitor kernel modules operations"
+  annotations:
+    description: "Monitor kernel modules operations"
 spec:
   kprobes:
   - call: "security_kernel_module_request"
-    # Automatic module loading detection
+    message: "Kernel module requested and is being loaded automatically"
     syscall: false
     return: true
     args:
@@ -18,6 +18,7 @@ spec:
       index: 0
       type: "int"
   - call: "security_kernel_read_file"
+    message: "Kernel module is being loaded"
     # Explicit module loading using file descriptor finit_module() to print module full path
     syscall: false
     return: true