Skip to content

Exclude unneeded progs #1636

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Exclude unneeded progs #1636

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6883578
Exclude unneeded progs
erthalion Apr 18, 2024
af9669f
Simplify excluded progs list format
erthalion Apr 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion collector/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,12 @@ set(SCAP_HOST_ROOT_ENV_VAR_NAME "COLLECTOR_HOST_ROOT" CACHE STRING "Host root en

set(BUILD_LIBSCAP_MODERN_BPF ON CACHE BOOL "Enable modern bpf engine" FORCE)

set(MODERN_BPF_EXCLUDE_PROGS "^(openat2|ppoll|setsockopt|clone3|io_uring_setup|nanosleep)$" CACHE STRING "Set of syscalls to exclude from modern bpf engine " FORCE)
# Exclude unneeded progs, generated in a straightforward way as follow:
# $ bpftool prog | grep tracing | awk '{print $4}' > all_progs.list
# $ grep -v -f progs_in_use.list all_progs.list > collector/excluded_progs.list
file(STRINGS "excluded_progs.list" EXCLUDED_PROGS_LIST)
list(JOIN EXCLUDED_PROGS_LIST "|" EXCLUDED_PROGS)
set(MODERN_BPF_EXCLUDE_PROGS "^(${EXCLUDED_PROGS})$" CACHE STRING "Set of syscalls to exclude from modern bpf engine " FORCE)
message(INFO " Excluding ${MODERN_BPF_EXCLUDE_PROGS}")

add_subdirectory(${FALCO_DIR} falco)
138 changes: 138 additions & 0 deletions collector/excluded_progs.list
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
access
bind
bpf
brk
capset
chmod
chown
chroot
clone3
copy_file_range
creat
dup
dup2
dup3
epoll_create
epoll_create1
epoll_wait
eventfd
eventfd2
fchmod
fchmodat
fchown
fchownat
fcntl
finit_module
flock
fsconfig
fstat
futex
generic
getcwd
getdents
getdents64
getegid
geteuid
getgid
getpeername
getresgid
getresuid
getrlimit
getsockname
getuid
init_module
inotify_init
inotify_init1
ioctl
io_uringnter
io_uring_regist
io_uring_setup
kill
lchown
link
linkat
listen
llseek
lseek
lstat
memfd_create
mkdir
mkdirat
mknod
mknodat
mlock
mlock2
mlockall
mmap
mmap2
mount
mprotect
munlock
munlockall
munmap
nanosleep
open
openat
openat2
open_by_handle
pf_kernel
pf_user
pidfd_getfd
pidfd_open
pipe
pipe2
poll
ppoll
prctl
pread64
preadv
prlimit64
ptrace
pwrite64
pwritev
quotactl
read
readv
recv
recvfrom
recvmmsg
recvmsg
rename
renameat
renameat2
rmdir
seccomp
select
semctl
semget
semop
send
sendfile
sendmmsg
sendmsg
sendto
setns
setpgid
setrlimit
setsid
setsockopt
signalfd
signalfd4
splice
stat
symlink
symlinkat
sysxit
t1_drop
t1_open_by_hand
tgkill
timerfd_create
tkill
umount
umount2
unlink
unlinkat
unshare
userfaultfd
write
writev