[v1] security: add trace event for cap_capable
Andrii Nakryiko
andrii.nakryiko at gmail.com
Thu Oct 24 17:48:55 UTC 2024
On Thu, Oct 24, 2024 at 6:19 AM Steven Rostedt <rostedt at goodmis.org> wrote:
>
> On Thu, 24 Oct 2024 03:40:12 -0700
> Jordan Rome <linux at jordanrome.com> wrote:
>
> > +TRACE_EVENT(capable,
> > +
> > + TP_PROTO(const struct cred *cred, struct user_namespace *targ_ns,
> > + struct user_namespace *capable_ns, int cap, unsigned int opts, int ret),
> > +
> > + TP_ARGS(cred, targ_ns, capable_ns, cap, opts, ret),
> > +
> > + TP_STRUCT__entry(
> > + __field(const struct cred *, cred)
> > + __field(struct user_namespace *, targ_ns)
> > + __field(struct user_namespace *, capable_ns)
> > + __field(int, cap)
> > + __field(unsigned int, opts)
> > + __field(int, ret)
> > + ),
> > +
> > + TP_fast_assign(
> > + __entry->cred = cred;
> > + __entry->targ_ns = targ_ns;
> > + __entry->capable_ns = capable_ns;
> > + __entry->cap = cap;
> > + __entry->opts = opts;
> > + __entry->ret = ret;
> > + ),
> > +
> > + TP_printk("cap %d, opts %u, ret %d",
> > + __entry->cap, __entry->opts, __entry->ret)
> > +);
> > +
>
> You record cred, targ_ns and capable_ns but don't use it in TP_printk?
>
> It's fine to print pointers there. Is there a reason you do not?
Are those pointers really useful for anything? Maybe it's better to
print ns->ns.inum instead? At least that's something that is usable
from user space side, no?
>
> -- Steve
More information about the Linux-security-module-archive
mailing list