Hello Brenden! I’m not sure if it counts as an agenda item, but I’m interested in recording process events using tracepoints, and I would like to know what are the best practices when attempting to do so.
Due to project goals (endpoint monitoring) one of the requirements is to avoid losing any event data. It is probably not a surprise given the limits imposed by the verifier, but I’m having trouble with variadic functions and long strings. The following are some events I would like to capture with reasonable success: String padding, causing the string I need to be truncated: bash -c “<padding whitespace> /bin/rm -rf /home” Argument padding, causing the BPF program to not reach the last elements: sudo bash --verbose --verbose .. --verbose -c ‘printf “SELINUX=disabled\nSELINUXTYPE=targeted\n” > /etc/selinux/config’ I thought about trying to (tail?) call additional BPF programs to work around the second issue, but I’m not sure how to proceed with the first one. Thanks! Alessandro Gario On Mon, 2019-08-05 at 20:55 -0700, Brenden Blanco wrote: > Hi All, > > We have the bi-weekly phone conference scheduled for two days from > now, does > anybody have a discussion topic to add to the agenda? As a reminder, > we are > planning to hold the meeting only if agenda items are proposed. > > Cheers, > Brenden > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1769): https://lists.iovisor.org/g/iovisor-dev/message/1769 Mute This Topic: https://lists.iovisor.org/mt/32737902/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
