Closed mmat11 closed 8 months ago
Add cgroup path to file events
sudo ../veristat/src/veristat ./artifacts-x86_64/GPL/Events/EventProbe.bpf.o Processing 'EventProbe.bpf.o'... File Program Verdict Duration (us) Insns States Peak states ---------------- ----------------------------------- ------- ------------- ----- ------ ----------- EventProbe.bpf.o fentry__commit_creds success 339 740 35 35 EventProbe.bpf.o fentry__do_renameat2 success 75 68 4 4 EventProbe.bpf.o fentry__do_unlinkat success 56 50 2 2 EventProbe.bpf.o fentry__mnt_want_write success 61 37 3 3 EventProbe.bpf.o fentry__taskstats_exit success 21496 26453 1397 78 EventProbe.bpf.o fentry__tcp_close success 314 474 26 26 EventProbe.bpf.o fentry__tty_write success 320 561 25 25 EventProbe.bpf.o fentry__vfs_rename success 40785 79651 3119 405 EventProbe.bpf.o fentry__vfs_unlink success 63 37 3 3 EventProbe.bpf.o fexit__chmod_common success 42305 67635 3005 299 EventProbe.bpf.o fexit__chown_common success 42003 67635 3005 299 EventProbe.bpf.o fexit__do_filp_open success 42916 66696 2965 318 EventProbe.bpf.o fexit__do_truncate success 41801 67658 3007 301 EventProbe.bpf.o fexit__inet_csk_accept success 267 419 25 25 EventProbe.bpf.o fexit__tcp_v4_connect success 265 422 25 25 EventProbe.bpf.o fexit__tcp_v6_connect success 266 422 25 25 EventProbe.bpf.o fexit__vfs_rename success 23000 27561 1432 113 EventProbe.bpf.o fexit__vfs_unlink success 45958 66704 2965 318 EventProbe.bpf.o fexit__vfs_write success 41921 67636 3006 300 EventProbe.bpf.o fexit__vfs_writev success 42329 67636 3006 300 EventProbe.bpf.o kprobe__chmod_common success 40 43 1 1 EventProbe.bpf.o kprobe__chown_common success 41 41 1 1 EventProbe.bpf.o kprobe__commit_creds success 325 740 35 35 EventProbe.bpf.o kprobe__do_renameat2 success 62 68 4 4 EventProbe.bpf.o kprobe__do_truncate success 51 53 2 2 EventProbe.bpf.o kprobe__do_unlinkat success 50 50 2 2 EventProbe.bpf.o kprobe__mnt_want_write success 49 37 3 3 EventProbe.bpf.o kprobe__taskstats_exit success 21632 26453 1397 78 EventProbe.bpf.o kprobe__tcp_close success 300 474 26 26 EventProbe.bpf.o kprobe__tcp_v4_connect success 49 50 2 2 EventProbe.bpf.o kprobe__tcp_v6_connect success 53 50 2 2 EventProbe.bpf.o kprobe__tty_write success 303 561 25 25 EventProbe.bpf.o kprobe__vfs_rename success 42744 79648 3120 406 EventProbe.bpf.o kprobe__vfs_unlink success 51 39 4 4 EventProbe.bpf.o kprobe__vfs_write success 39 43 1 1 EventProbe.bpf.o kprobe__vfs_writev success 40 43 1 1 EventProbe.bpf.o kretprobe__chmod_common success 42810 67645 3006 300 EventProbe.bpf.o kretprobe__chown_common success 42378 67645 3006 300 EventProbe.bpf.o kretprobe__do_filp_open success 43470 66696 2965 318 EventProbe.bpf.o kretprobe__do_truncate success 42449 67645 3006 300 EventProbe.bpf.o kretprobe__inet_csk_accept success 245 419 25 25 EventProbe.bpf.o kretprobe__tcp_v4_connect success 268 432 26 26 EventProbe.bpf.o kretprobe__tcp_v6_connect success 263 432 26 26 EventProbe.bpf.o kretprobe__vfs_rename success 22421 27550 1431 112 EventProbe.bpf.o kretprobe__vfs_unlink success 44520 66693 2964 317 EventProbe.bpf.o kretprobe__vfs_write success 42192 67644 3006 300 EventProbe.bpf.o kretprobe__vfs_writev success 42153 67644 3006 300 EventProbe.bpf.o sched_process_exec success 40688 67486 2987 292 EventProbe.bpf.o sched_process_fork success 18561 26868 1416 99 EventProbe.bpf.o tracepoint_syscalls_sys_exit_setsid success 150 262 14 14 ---------------- ----------------------------------- ------- ------------- ----- ------ ----------- Done. Processed 1 files, 0 programs. Skipped 50 files, 0 programs.
➜ sudo ./artifacts-x86_64/non-GPL/Events/EventsTrace/EventsTrace -i --file-create {"probes_initialized": true, "features": {"bpf_tramp": true}} {"event_type":"FILE_CREATE",...snip...,"pids_ss_cgroup_path":"/user.slice/user-1000.slice/user@1000.service/app.slice/app-gnome-firefox-2318768.scope"}
Add cgroup path to file events