search

iovisor / bcc

BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
Apache License 2.0
20.36k stars 3.86k forks source link

libbpf-tools/capable: Add additional information to backtrace for -v … #5024

Closed ekyooo closed 3 months ago

ekyooo commented 4 months ago

…option

Add additional information and change format of backtrace

before:

  # ./capable -UK
    TIME     UID   PID     COMM             CAP     NAME                 AUDIT   VER DICT
    01:59:17 0     730     irqbalance       21      CAP_SYS_ADMIN        0       deny
        cap_vm_enough_memory
        security_vm_enough_memory_mm
        mmap_region
        do_mmap
        vm_mmap_pgoff
        do_syscall_64
        entry_SYSCALL_64_after_hwframe
        mmap64
        -                irqbalance (730)

After:

  # ./capable -UKv
    TIME     UID   PID     COMM             CAP     NAME                 AUDIT   VERDICT
    01:56:37 0     730     irqbalance       21      CAP_SYS_ADMIN        0       deny
        #0  0xffffffff81447dc6 cap_vm_enough_memory+0x26
        #1  0xffffffff8144a94f security_vm_enough_memory_mm+0x2f
        #2  0xffffffff812576e3 mmap_region+0x103
        #3  0xffffffff8125837e do_mmap+0x3de
        #4  0xffffffff8122c41c vm_mmap_pgoff+0xdc
        #5  0xffffffff81dc3be0 do_syscall_64+0x50
        #6  0xffffffff81e0011b entry_SYSCALL_64_after_hwframe+0x63
        #7  0x00007f3036e9e9ca mmap64+0xa (/lib/x86_64-linux-gnu/libc-2.19.so+0xf49ca)
        -                irqbalance (730)
ekyooo commented 4 months ago

The same change from the patch below is applied to Capable as well. https://github.com/iovisor/bcc/pull/4288