Lines Matching +full:security +full:- +full:events

1 .TH capable 8  "2020-03-08" "USER COMMANDS"
3 capable \- Trace security capability checks (cap_capable()).
5 .B capable [\-h] [\-v] [\-p PID] [\-K] [\-U] [\-x] [\-\-cgroupmap MAPPATH]
6            [\-\-mntnsmap MAPPATH] [--unique]
8 This traces security capability checks in the kernel, and prints details for
9 each call. This can be useful for general debugging, and also security
16 \-h
19 \-v
20 Include non-audit capability checks. These are those deemed not interesting and
24 \-K
27 \-U
28 Include user-space stack traces to the output.
30 \-x
33 \-\-cgroupmap MAPPATH
34 Trace cgroups in this BPF map only (filtered in-kernel).
36 \-\-mntnsmap  MAPPATH
37 Trace mount namespaces in this BPF map only (filtered in-kernel).
39 \-\-unique
43 Trace all capability checks system-wide:
49 .B capable \-p 181
54 .B capable \-\-cgroupmap /sys/fs/bpf/test01
74 Whether this was an audit event. Use \-v to include non-audit events.
78 This adds low-overhead instrumentation to capability checks, which are expected
91 Unstable - in development.