Added Rust clone of 'execsnoop'

[e3prom]

Hello,

• What problem are you trying to solve? (or if there's no problem, what's the motivation for this change?) Here is a Rust port of the iovisor/bcc's execsnoop example tool.
• What changes does this pull request make? It adds the user-land utility written in Rust and a slightly modified version of the execsnoop.c file.
• Are there any non-obvious implications of these changes? (does it break compatibility with previous versions, etc) It shouldn't bring major implications, however I have chosen to use a MultiMap to holds the process's argument(s) vector and to use a Mutex and an Arc so the object can be "safely" accessed in memory. A raw pointer to it is kept inside the data_t structure. Due to time constraints, this is the most elegant way I found to access the arg vectors (sorry!). The tool has been successfully tested on a Linux 4.15.0-112-generic kernel. The CGROUPSET filter has not been ported/implemented in the user-land part, but the filter has been preserved the bpf code.

Regards.

[jvns]

Awesome! We've been putting implementations of new tools in https://github.com/rust-bpf/bpf-tools instead -- mind moving this PR there?

[e3prom]

I don't mind moving it (I can make another PR if necessary). I also noticed the 'Multimap' crate must be added to the dependencies.

[brayniac]

@e3prom yes, you'd need to open a new PR against the rust-bpf/bpf-tools repo.

[e3prom]

Created new PR at https://github.com/rust-bpf/bpf-tools/pull/12

[brayniac]

Closing this PR in favor of the one in the bpf-tools repo.