Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When attaching uprobe needs to check pid #251

Open
hengyoush opened this issue Jan 5, 2025 · 3 comments
Open

When attaching uprobe needs to check pid #251

hengyoush opened this issue Jan 5, 2025 · 3 comments
Assignees
Labels
enhancement New feature or request feature-request good first issue Good for newcomers

Comments

@hengyoush
Copy link
Owner

hengyoush commented Jan 5, 2025

Is your feature request related to a problem? Please describe.
When attaching uprobe, it is necessary to verify if the PID matches the options in the command line.(--pids, --comm), if not skip attaching.

Describe the solution you'd like
code in agent/uprobe/manager.go#handleSchedExecEvent():

func handleSchedExecEvent(event *bpf.AgentProcessExecEvent) {
 // check pid here
}

Describe alternatives you've considered
None

Additional context
None

@hengyoush hengyoush added the enhancement New feature or request label Jan 5, 2025
@hengyoush hengyoush added the good first issue Good for newcomers label Jan 6, 2025
@Laitr0n
Copy link
Contributor

Laitr0n commented Jan 8, 2025

/assign

@Laitr0n
Copy link
Contributor

Laitr0n commented Jan 16, 2025

Does AgentProcessExecEvent.pid match the PIDs from the command?
I noticed that event.pid differs with each event. Is this expected behavior?

@hengyoush
Copy link
Owner Author

hengyoush commented Jan 16, 2025

Does AgentProcessExecEvent.pid match the PIDs from the command? I noticed that event.pid differs with each event. Is this expected behavior?

Whenever a new process starts, an AgentProcessExecEvent is triggered. This is expected behavior. We need to check whether the pid or command name in the AgentProcessExecEvent matches the one specified in the command line. (Or we can just validate the comm, because I believe no one can predict the pid.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request feature-request good first issue Good for newcomers
Projects
None yet
Development

No branches or pull requests

2 participants