• Home
  • Raw
  • Download

Lines Matching +full:security +full:- +full:events

2 # @lint-avoid-python-3-compatibility-imports
4 # capable   Trace security capabilitiy checks (cap_capable()).
7 # USAGE: capable [-h] [-v] [-p PID] [-K] [-U]
12 # 13-Sep-2016   Brendan Gregg   Created this.
26     ./capable -v          # verbose: include non-audit checks
27     ./capable -p 181      # only trace PID 181
28     ./capable -K          # add kernel stacks to trace
29     ./capable -U          # add user-space stacks to trace
30     ./capable -x          # extra fields: show TID and INSETID columns
31     ./capable --unique    # don't repeat stacks for the same pid or cgroup
32     ./capable --cgroupmap mappath  # only trace cgroups in this BPF map
33     ./capable --mntnsmap mappath   # only trace mount namespaces in the map
36     description="Trace security capability checks",
39 parser.add_argument("-v", "--verbose", action="store_true",
40     help="include non-audit checks")
41 parser.add_argument("-p", "--pid",
43 parser.add_argument("-K", "--kernel-stack", action="store_true",
45 parser.add_argument("-U", "--user-stack", action="store_true",
47 parser.add_argument("-x", "--extra", action="store_true",
49 parser.add_argument("--cgroupmap",
51 parser.add_argument("--mntnsmap",
53 parser.add_argument("--unique", action="store_true",
59 # awk '/^#define.CAP_.*[0-9]$/ { print "    " $3 ": \"" $2 "\"," }' \
118 #include <linux/security.h>
136 BPF_PERF_OUTPUT(events);
173     insetid = -1;
223     events.perf_submit(ctx, &data, sizeof(data));
254     print("%-9s %-6s %-6s %-6s %-16s %-4s %-20s %-6s %s" % (
257     print("%-9s %-6s %-6s %-16s %-4s %-20s %-6s" % (
261     # -EFAULT in get_stackid normally means the stack-trace is not available,
263     return (stack_id < 0) and (stack_id != -errno.EFAULT)
276     event = b["events"].event(data)
283         print("%-9s %-6d %-6d %-6d %-16s %-4d %-20s %-6d %s" % (strftime("%H:%M:%S"),
284             event.uid, event.pid, event.tgid, event.comm.decode('utf-8', 'replace'),
285             event.cap, name, event.audit, str(event.insetid) if event.insetid != -1 else "N/A"))
287         print("%-9s %-6d %-6d %-16s %-4d %-20s %-6d" % (strftime("%H:%M:%S"),
288             event.uid, event.pid, event.comm.decode('utf-8', 'replace'),
291         print_stack(bpf, event.kernel_stack_id, StackType.Kernel, -1)
297 b["events"].open_perf_buffer(callback)