8
#include <bpf/bpf_helpers.h>
9
#include <bpf/bpf_core_read.h>
10
#include <bpf/bpf_tracing.h>
12
#include "audit-seccomp.h"
13
#include <gadget/mntns_filter.h>
17
__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
18
__uint(max_entries, 1);
20
__type(value, struct event);
21
} tmp_event SEC(".maps");
24
__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
27
SEC("kprobe/audit_seccomp")
28
int ig_audit_secc(struct pt_regs *ctx)
30
unsigned long syscall = PT_REGS_PARM1(ctx);
31
int code = PT_REGS_PARM3(ctx);
33
__u64 mntns_id = gadget_get_mntns_id();
37
if (gadget_should_discard_mntns_id(mntns_id))
41
struct event *event = bpf_map_lookup_elem(&tmp_event, &zero);
45
event->timestamp = bpf_ktime_get_boot_ns();
46
event->pid = bpf_get_current_pid_tgid();
47
event->mntns_id = mntns_id;
48
event->syscall = syscall;
50
bpf_get_current_comm(&event->comm, sizeof(event->comm));
52
bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, event,
57
char _license[] SEC("license") = "GPL";