github.com/nicocha30/gvisor-ligolo@v0.0.0-20230726075806-989fa2c0a413/pkg/sentry/seccheck/metadata_amd64.go (about) 1 // Copyright 2022 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 //go:build amd64 16 // +build amd64 17 18 package seccheck 19 20 // archInit registers syscall trace points metadata. 21 // Keep them sorted by syscall number. 22 func archInit() { 23 addSyscallPoint(0, "read", []FieldDesc{ 24 { 25 ID: FieldSyscallPath, 26 Name: "fd_path", 27 }, 28 }) 29 addSyscallPoint(1, "write", []FieldDesc{ 30 { 31 ID: FieldSyscallPath, 32 Name: "fd_path", 33 }, 34 }) 35 addSyscallPoint(2, "open", nil) 36 addSyscallPoint(3, "close", []FieldDesc{ 37 { 38 ID: FieldSyscallPath, 39 Name: "fd_path", 40 }, 41 }) 42 addSyscallPoint(17, "pread64", []FieldDesc{ 43 { 44 ID: FieldSyscallPath, 45 Name: "fd_path", 46 }, 47 }) 48 addSyscallPoint(18, "pwrite64", []FieldDesc{ 49 { 50 ID: FieldSyscallPath, 51 Name: "fd_path", 52 }, 53 }) 54 addSyscallPoint(19, "readv", []FieldDesc{ 55 { 56 ID: FieldSyscallPath, 57 Name: "fd_path", 58 }, 59 }) 60 addSyscallPoint(20, "writev", []FieldDesc{ 61 { 62 ID: FieldSyscallPath, 63 Name: "fd_path", 64 }, 65 }) 66 addSyscallPoint(22, "pipe", nil) 67 addSyscallPoint(32, "dup", []FieldDesc{ 68 { 69 ID: FieldSyscallPath, 70 Name: "fd_path", 71 }, 72 }) 73 addSyscallPoint(33, "dup2", []FieldDesc{ 74 { 75 ID: FieldSyscallPath, 76 Name: "fd_path", 77 }, 78 }) 79 addSyscallPoint(41, "socket", nil) 80 addSyscallPoint(42, "connect", []FieldDesc{ 81 { 82 ID: FieldSyscallPath, 83 Name: "fd_path", 84 }, 85 }) 86 addSyscallPoint(43, "accept", []FieldDesc{ 87 { 88 ID: FieldSyscallPath, 89 Name: "fd_path", 90 }, 91 }) 92 addSyscallPoint(49, "bind", []FieldDesc{ 93 { 94 ID: FieldSyscallPath, 95 Name: "fd_path", 96 }, 97 }) 98 addSyscallPoint(53, "socketpair", nil) 99 addSyscallPoint(56, "clone", nil) 100 addSyscallPoint(57, "fork", nil) 101 addSyscallPoint(58, "vfork", nil) 102 addSyscallPoint(59, "execve", []FieldDesc{ 103 { 104 ID: FieldSyscallExecveEnvv, 105 Name: "envv", 106 }, 107 }) 108 addSyscallPoint(72, "fcntl", []FieldDesc{ 109 { 110 ID: FieldSyscallPath, 111 Name: "fd_path", 112 }, 113 }) 114 addSyscallPoint(85, "creat", []FieldDesc{ 115 { 116 ID: FieldSyscallPath, 117 Name: "fd_path", 118 }, 119 }) 120 addSyscallPoint(80, "chdir", nil) 121 addSyscallPoint(81, "fchdir", []FieldDesc{ 122 { 123 ID: FieldSyscallPath, 124 Name: "fd_path", 125 }, 126 }) 127 addSyscallPoint(105, "setuid", nil) 128 addSyscallPoint(106, "setgid", nil) 129 addSyscallPoint(112, "setsid", nil) 130 addSyscallPoint(117, "setresuid", nil) 131 addSyscallPoint(119, "setresgid", nil) 132 addSyscallPoint(161, "chroot", nil) 133 addSyscallPoint(253, "inotify_init", nil) 134 addSyscallPoint(254, "inotify_add_watch", []FieldDesc{ 135 { 136 ID: FieldSyscallPath, 137 Name: "fd_path", 138 }, 139 }) 140 addSyscallPoint(255, "inotify_rm_watch", []FieldDesc{ 141 { 142 ID: FieldSyscallPath, 143 Name: "fd_path", 144 }, 145 }) 146 addSyscallPoint(257, "openat", []FieldDesc{ 147 { 148 ID: FieldSyscallPath, 149 Name: "fd_path", 150 }, 151 }) 152 addSyscallPoint(282, "signalfd", []FieldDesc{ 153 { 154 ID: FieldSyscallPath, 155 Name: "fd_path", 156 }, 157 }) 158 addSyscallPoint(283, "timerfd_create", nil) 159 addSyscallPoint(284, "eventfd", nil) 160 addSyscallPoint(286, "timerfd_settime", []FieldDesc{ 161 { 162 ID: FieldSyscallPath, 163 Name: "fd_path", 164 }, 165 }) 166 addSyscallPoint(287, "timerfd_gettime", []FieldDesc{ 167 { 168 ID: FieldSyscallPath, 169 Name: "fd_path", 170 }, 171 }) 172 addSyscallPoint(288, "accept4", []FieldDesc{ 173 { 174 ID: FieldSyscallPath, 175 Name: "fd_path", 176 }, 177 }) 178 addSyscallPoint(289, "signalfd4", []FieldDesc{ 179 { 180 ID: FieldSyscallPath, 181 Name: "fd_path", 182 }, 183 }) 184 addSyscallPoint(290, "eventfd2", nil) 185 addSyscallPoint(292, "dup3", []FieldDesc{ 186 { 187 ID: FieldSyscallPath, 188 Name: "fd_path", 189 }, 190 }) 191 addSyscallPoint(293, "pipe2", nil) 192 addSyscallPoint(294, "inotify_init1", nil) 193 addSyscallPoint(295, "preadv", []FieldDesc{ 194 { 195 ID: FieldSyscallPath, 196 Name: "fd_path", 197 }, 198 }) 199 addSyscallPoint(296, "pwritev", []FieldDesc{ 200 { 201 ID: FieldSyscallPath, 202 Name: "fd_path", 203 }, 204 }) 205 addSyscallPoint(302, "prlimit64", nil) 206 addSyscallPoint(322, "execveat", []FieldDesc{ 207 { 208 ID: FieldSyscallPath, 209 Name: "fd_path", 210 }, 211 { 212 ID: FieldSyscallExecveEnvv, 213 Name: "envv", 214 }, 215 }) 216 addSyscallPoint(327, "preadv2", []FieldDesc{ 217 { 218 ID: FieldSyscallPath, 219 Name: "fd_path", 220 }, 221 }) 222 addSyscallPoint(328, "pwritev2", []FieldDesc{ 223 { 224 ID: FieldSyscallPath, 225 Name: "fd_path", 226 }, 227 }) 228 229 const lastSyscallInTable = 441 230 for i := 0; i <= lastSyscallInTable; i++ { 231 addRawSyscallPoint(uintptr(i)) 232 } 233 }