commit | 09a2c1dbb88b8e8f21e83a002a4dbe62975029a9 | [log] [tgz] |
---|---|---|
author | Andrew G. Morgan <morgan@kernel.org> | Sun Sep 18 16:56:40 2022 -0700 |
committer | Andrew G. Morgan <morgan@kernel.org> | Sun Sep 18 16:56:40 2022 -0700 |
tree | 31f9c7975172d9383766207075986a34e8ccf646 | |
parent | 26e3a096a4eb4edd8bbcaab57ac8df38e6594a1d [diff] |
Add an example of using BPF kprobing to trace capability use. $ make $ sudo go/captrace your-program will attempt to explore what capabilities are needed to run your program by observing when cap_capable() inside the kernel is associated with your-program. Other ways to invoke this are $ sudo go/captrace --pid=<pid> $ sudo go/captrace The last of these traces everything running on a system. Signed-off-by: Andrew G. Morgan <morgan@kernel.org>