pkg/ebpf: add syscalls arguments to security_file_mprotect #2335

AlonZivony · 2022-11-07T10:14:45Z

Initial Checklist

There is an issue describing the need for this PR.
Git log contains summary of the change.
Git log contains motivation and context of the change.
If part of an EPIC, PR git log contains EPIC number.
If part of an EPIC, PR was added to EPIC description.

Description (git log)

Add missing information in the security_file_mprotect, like address and len of operation.
Add support to the pkey_mprotect syscall too.

Fixes: #2334

Type of change

Bug fix (non-breaking change fixing an issue, preferable).
Quick fix (minor non-breaking change requiring no issue, use with care)
Code refactor (code improvement and/or code removal)
New feature (non-breaking change adding functionality).
Breaking change (cause existing functionality not to work as expected).

How Has This Been Tested?

Ran the event with the mprotect and pkey_mprotect to check that the event works well.

Final Checklist:

Pick "Bug Fix" or "Feature", delete the other and mark appropriate checks.

I have made corresponding changes to the documentation.
My code follows the style guidelines (C and Go) of this project.
I have performed a self-review of my own code.
I have commented all functions/methods created explaining what they do.
I have commented my code, particularly in hard-to-understand areas.
My changes generate no new warnings.
I have added tests that prove my fix, or feature, is effective.
New and existing unit tests pass locally with my changes.
Any dependent changes have been merged and published before.

Git Log Checklist:

My commits logs have:

Subject starts with "subsystem|file: description".
Do not end the subject line with a period.
Limit the subject line to 50 characters.
Separate subject from body with a blank line.
Use the imperative mood in the subject line.
Wrap the body at 72 characters.
Use the body to explain what and why instead of how.

Add missing information in the security_file_mprotect, like address and len of operation. Add support to the `pkey_mprotect` syscall too.

rafaeldtinoco

LGTM. Thanks for documenting the event Alon!

AlonZivony force-pushed the feature/add-mprotect-args-to-lsm branch 2 times, most recently from 39aab1c to ad25054 Compare November 7, 2022 12:39

pkg/ebpf: add syscalls arguments to security_file_mprotect

aff47f1

Add missing information in the security_file_mprotect, like address and len of operation. Add support to the `pkey_mprotect` syscall too.

AlonZivony force-pushed the feature/add-mprotect-args-to-lsm branch from ad25054 to aff47f1 Compare November 8, 2022 13:27

rafaeldtinoco self-requested a review November 9, 2022 12:42

rafaeldtinoco approved these changes Nov 9, 2022

View reviewed changes

rafaeldtinoco merged commit d30ef65 into aquasecurity:main Nov 9, 2022

AlonZivony deleted the feature/add-mprotect-args-to-lsm branch November 9, 2022 13:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

pkg/ebpf: add syscalls arguments to security_file_mprotect #2335

pkg/ebpf: add syscalls arguments to security_file_mprotect #2335

Uh oh!

Uh oh!

Uh oh!

Uh oh!

pkg/ebpf: add syscalls arguments to security_file_mprotect #2335

pkg/ebpf: add syscalls arguments to security_file_mprotect #2335

Uh oh!

Conversation

Uh oh!

Initial Checklist

Description (git log)

Type of change

How Has This Been Tested?

Final Checklist:

Git Log Checklist:

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!