diff --git a/api/v1/README.md b/api/v1/README.md
index 12c8d973bf3..6bf3990c6a4 100644
--- a/api/v1/README.md
+++ b/api/v1/README.md
@@ -45,6 +45,7 @@
- [ProcessExit](#tetragon-ProcessExit)
- [ProcessKprobe](#tetragon-ProcessKprobe)
- [ProcessLoader](#tetragon-ProcessLoader)
+ - [ProcessLsm](#tetragon-ProcessLsm)
- [ProcessTracepoint](#tetragon-ProcessTracepoint)
- [ProcessUprobe](#tetragon-ProcessUprobe)
- [RuntimeHookRequest](#tetragon-RuntimeHookRequest)
@@ -924,6 +925,28 @@ loader sensor event triggered for loaded binary/library
+
+
+### ProcessLsm
+
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| process | [Process](#tetragon-Process) | | |
+| parent | [Process](#tetragon-Process) | | |
+| function_name | [string](#string) | | LSM hook name. |
+| policy_name | [string](#string) | | Name of the policy that created that LSM hook. |
+| message | [string](#string) | | Short message of the Tracing Policy to inform users what is going on. |
+| args | [KprobeArgument](#tetragon-KprobeArgument) | repeated | Arguments definition of the observed LSM hook. |
+| action | [KprobeAction](#tetragon-KprobeAction) | | Action performed when the LSM hook matched. |
+| tags | [string](#string) | repeated | Tags of the Tracing Policy to categorize the event. |
+
+
+
+
+
+
### ProcessTracepoint
@@ -1292,6 +1315,7 @@ Capability set to filter over. NOTE: you may specify only ONE set here.
| process_tracepoint | [ProcessTracepoint](#tetragon-ProcessTracepoint) | | ProcessTracepoint contains information about the pre-defined tracepoint and the process that invoked them. |
| process_loader | [ProcessLoader](#tetragon-ProcessLoader) | | |
| process_uprobe | [ProcessUprobe](#tetragon-ProcessUprobe) | | |
+| process_lsm | [ProcessLsm](#tetragon-ProcessLsm) | | |
| process_throttle | [ProcessThrottle](#tetragon-ProcessThrottle) | | |
| test | [Test](#tetragon-Test) | | |
| rate_limit_info | [RateLimitInfo](#tetragon-RateLimitInfo) | | |
@@ -1371,6 +1395,7 @@ GetEventsResponse event oneof.
| PROCESS_TRACEPOINT | 10 | |
| PROCESS_LOADER | 11 | |
| PROCESS_UPROBE | 12 | |
+| PROCESS_LSM | 13 | |
| PROCESS_THROTTLE | 27 | |
| TEST | 40000 | |
| RATE_LIMIT_INFO | 40001 | |
diff --git a/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go b/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go
index 7d5f8e8c5ca..b2fb69ede6e 100644
--- a/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go
+++ b/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go
@@ -274,6 +274,8 @@ func CheckerFromEvent(event Event) (EventChecker, error) {
return NewProcessTracepointChecker("").FromProcessTracepoint(ev), nil
case *tetragon.ProcessUprobe:
return NewProcessUprobeChecker("").FromProcessUprobe(ev), nil
+ case *tetragon.ProcessLsm:
+ return NewProcessLsmChecker("").FromProcessLsm(ev), nil
case *tetragon.Test:
return NewTestChecker("").FromTest(ev), nil
case *tetragon.ProcessLoader:
@@ -336,6 +338,8 @@ func EventFromResponse(response *tetragon.GetEventsResponse) (Event, error) {
return ev.ProcessTracepoint, nil
case *tetragon.GetEventsResponse_ProcessUprobe:
return ev.ProcessUprobe, nil
+ case *tetragon.GetEventsResponse_ProcessLsm:
+ return ev.ProcessLsm, nil
case *tetragon.GetEventsResponse_Test:
return ev.Test, nil
case *tetragon.GetEventsResponse_ProcessLoader:
@@ -1662,6 +1666,197 @@ func (checker *ProcessUprobeChecker) FromProcessUprobe(event *tetragon.ProcessUp
return checker
}
+// ProcessLsmChecker implements a checker struct to check a ProcessLsm event
+type ProcessLsmChecker struct {
+ CheckerName string `json:"checkerName"`
+ Process *ProcessChecker `json:"process,omitempty"`
+ Parent *ProcessChecker `json:"parent,omitempty"`
+ FunctionName *stringmatcher.StringMatcher `json:"functionName,omitempty"`
+ PolicyName *stringmatcher.StringMatcher `json:"policyName,omitempty"`
+ Message *stringmatcher.StringMatcher `json:"message,omitempty"`
+ Args *KprobeArgumentListMatcher `json:"args,omitempty"`
+ Action *KprobeActionChecker `json:"action,omitempty"`
+ Tags *StringListMatcher `json:"tags,omitempty"`
+}
+
+// CheckEvent checks a single event and implements the EventChecker interface
+func (checker *ProcessLsmChecker) CheckEvent(event Event) error {
+ if ev, ok := event.(*tetragon.ProcessLsm); ok {
+ return checker.Check(ev)
+ }
+ return fmt.Errorf("%s: %T is not a ProcessLsm event", CheckerLogPrefix(checker), event)
+}
+
+// CheckResponse checks a single gRPC response and implements the EventChecker interface
+func (checker *ProcessLsmChecker) CheckResponse(response *tetragon.GetEventsResponse) error {
+ event, err := EventFromResponse(response)
+ if err != nil {
+ return err
+ }
+ return checker.CheckEvent(event)
+}
+
+// NewProcessLsmChecker creates a new ProcessLsmChecker
+func NewProcessLsmChecker(name string) *ProcessLsmChecker {
+ return &ProcessLsmChecker{CheckerName: name}
+}
+
+// Get the name associated with the checker
+func (checker *ProcessLsmChecker) GetCheckerName() string {
+ return checker.CheckerName
+}
+
+// Get the type of the checker as a string
+func (checker *ProcessLsmChecker) GetCheckerType() string {
+ return "ProcessLsmChecker"
+}
+
+// Check checks a ProcessLsm event
+func (checker *ProcessLsmChecker) Check(event *tetragon.ProcessLsm) error {
+ if event == nil {
+ return fmt.Errorf("%s: ProcessLsm event is nil", CheckerLogPrefix(checker))
+ }
+
+ fieldChecks := func() error {
+ if checker.Process != nil {
+ if err := checker.Process.Check(event.Process); err != nil {
+ return fmt.Errorf("Process check failed: %w", err)
+ }
+ }
+ if checker.Parent != nil {
+ if err := checker.Parent.Check(event.Parent); err != nil {
+ return fmt.Errorf("Parent check failed: %w", err)
+ }
+ }
+ if checker.FunctionName != nil {
+ if err := checker.FunctionName.Match(event.FunctionName); err != nil {
+ return fmt.Errorf("FunctionName check failed: %w", err)
+ }
+ }
+ if checker.PolicyName != nil {
+ if err := checker.PolicyName.Match(event.PolicyName); err != nil {
+ return fmt.Errorf("PolicyName check failed: %w", err)
+ }
+ }
+ if checker.Message != nil {
+ if err := checker.Message.Match(event.Message); err != nil {
+ return fmt.Errorf("Message check failed: %w", err)
+ }
+ }
+ if checker.Args != nil {
+ if err := checker.Args.Check(event.Args); err != nil {
+ return fmt.Errorf("Args check failed: %w", err)
+ }
+ }
+ if checker.Action != nil {
+ if err := checker.Action.Check(&event.Action); err != nil {
+ return fmt.Errorf("Action check failed: %w", err)
+ }
+ }
+ if checker.Tags != nil {
+ if err := checker.Tags.Check(event.Tags); err != nil {
+ return fmt.Errorf("Tags check failed: %w", err)
+ }
+ }
+ return nil
+ }
+ if err := fieldChecks(); err != nil {
+ return fmt.Errorf("%s: %w", CheckerLogPrefix(checker), err)
+ }
+ return nil
+}
+
+// WithProcess adds a Process check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithProcess(check *ProcessChecker) *ProcessLsmChecker {
+ checker.Process = check
+ return checker
+}
+
+// WithParent adds a Parent check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithParent(check *ProcessChecker) *ProcessLsmChecker {
+ checker.Parent = check
+ return checker
+}
+
+// WithFunctionName adds a FunctionName check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithFunctionName(check *stringmatcher.StringMatcher) *ProcessLsmChecker {
+ checker.FunctionName = check
+ return checker
+}
+
+// WithPolicyName adds a PolicyName check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessLsmChecker {
+ checker.PolicyName = check
+ return checker
+}
+
+// WithMessage adds a Message check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessLsmChecker {
+ checker.Message = check
+ return checker
+}
+
+// WithArgs adds a Args check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessLsmChecker {
+ checker.Args = check
+ return checker
+}
+
+// WithAction adds a Action check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithAction(check tetragon.KprobeAction) *ProcessLsmChecker {
+ wrappedCheck := KprobeActionChecker(check)
+ checker.Action = &wrappedCheck
+ return checker
+}
+
+// WithTags adds a Tags check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithTags(check *StringListMatcher) *ProcessLsmChecker {
+ checker.Tags = check
+ return checker
+}
+
+//FromProcessLsm populates the ProcessLsmChecker using data from a ProcessLsm event
+func (checker *ProcessLsmChecker) FromProcessLsm(event *tetragon.ProcessLsm) *ProcessLsmChecker {
+ if event == nil {
+ return checker
+ }
+ if event.Process != nil {
+ checker.Process = NewProcessChecker().FromProcess(event.Process)
+ }
+ if event.Parent != nil {
+ checker.Parent = NewProcessChecker().FromProcess(event.Parent)
+ }
+ checker.FunctionName = stringmatcher.Full(event.FunctionName)
+ checker.PolicyName = stringmatcher.Full(event.PolicyName)
+ checker.Message = stringmatcher.Full(event.Message)
+ {
+ var checks []*KprobeArgumentChecker
+ for _, check := range event.Args {
+ var convertedCheck *KprobeArgumentChecker
+ if check != nil {
+ convertedCheck = NewKprobeArgumentChecker().FromKprobeArgument(check)
+ }
+ checks = append(checks, convertedCheck)
+ }
+ lm := NewKprobeArgumentListMatcher().WithOperator(listmatcher.Ordered).
+ WithValues(checks...)
+ checker.Args = lm
+ }
+ checker.Action = NewKprobeActionChecker(event.Action)
+ {
+ var checks []*stringmatcher.StringMatcher
+ for _, check := range event.Tags {
+ var convertedCheck *stringmatcher.StringMatcher
+ convertedCheck = stringmatcher.Full(check)
+ checks = append(checks, convertedCheck)
+ }
+ lm := NewStringListMatcher().WithOperator(listmatcher.Ordered).
+ WithValues(checks...)
+ checker.Tags = lm
+ }
+ return checker
+}
+
// TestChecker implements a checker struct to check a Test event
type TestChecker struct {
CheckerName string `json:"checkerName"`
diff --git a/api/v1/tetragon/codegen/eventchecker/yaml/yaml.pb.go b/api/v1/tetragon/codegen/eventchecker/yaml/yaml.pb.go
index f3ff5347a95..61eb2b0452a 100644
--- a/api/v1/tetragon/codegen/eventchecker/yaml/yaml.pb.go
+++ b/api/v1/tetragon/codegen/eventchecker/yaml/yaml.pb.go
@@ -145,6 +145,7 @@ type eventCheckerHelper struct {
ProcessKprobe *eventchecker.ProcessKprobeChecker `json:"kprobe,omitempty"`
ProcessTracepoint *eventchecker.ProcessTracepointChecker `json:"tracepoint,omitempty"`
ProcessUprobe *eventchecker.ProcessUprobeChecker `json:"uprobe,omitempty"`
+ ProcessLsm *eventchecker.ProcessLsmChecker `json:"lsm,omitempty"`
Test *eventchecker.TestChecker `json:"test,omitempty"`
ProcessLoader *eventchecker.ProcessLoaderChecker `json:"loader,omitempty"`
RateLimitInfo *eventchecker.RateLimitInfoChecker `json:"rateLimitInfo,omitempty"`
@@ -193,6 +194,12 @@ func (checker *EventChecker) UnmarshalJSON(b []byte) error {
}
eventChecker = helper.ProcessUprobe
}
+ if helper.ProcessLsm != nil {
+ if eventChecker != nil {
+ return fmt.Errorf("EventChecker: cannot define more than one checker, got %T but already had %T", helper.ProcessLsm, eventChecker)
+ }
+ eventChecker = helper.ProcessLsm
+ }
if helper.Test != nil {
if eventChecker != nil {
return fmt.Errorf("EventChecker: cannot define more than one checker, got %T but already had %T", helper.Test, eventChecker)
@@ -235,6 +242,8 @@ func (checker EventChecker) MarshalJSON() ([]byte, error) {
helper.ProcessTracepoint = c
case *eventchecker.ProcessUprobeChecker:
helper.ProcessUprobe = c
+ case *eventchecker.ProcessLsmChecker:
+ helper.ProcessLsm = c
case *eventchecker.TestChecker:
helper.Test = c
case *eventchecker.ProcessLoaderChecker:
diff --git a/api/v1/tetragon/codegen/helpers/helpers.pb.go b/api/v1/tetragon/codegen/helpers/helpers.pb.go
index 55f80b413ef..f4a241432a0 100644
--- a/api/v1/tetragon/codegen/helpers/helpers.pb.go
+++ b/api/v1/tetragon/codegen/helpers/helpers.pb.go
@@ -34,6 +34,8 @@ func ResponseTypeString(response *tetragon.GetEventsResponse) (string, error) {
return tetragon.EventType_PROCESS_LOADER.String(), nil
case *tetragon.GetEventsResponse_ProcessUprobe:
return tetragon.EventType_PROCESS_UPROBE.String(), nil
+ case *tetragon.GetEventsResponse_ProcessLsm:
+ return tetragon.EventType_PROCESS_LSM.String(), nil
case *tetragon.GetEventsResponse_ProcessThrottle:
return tetragon.EventType_PROCESS_THROTTLE.String(), nil
case *tetragon.GetEventsResponse_Test:
@@ -72,6 +74,8 @@ func ResponseInnerGetProcess(event tetragon.IsGetEventsResponse_Event) *tetragon
return ev.ProcessTracepoint.Process
case *tetragon.GetEventsResponse_ProcessUprobe:
return ev.ProcessUprobe.Process
+ case *tetragon.GetEventsResponse_ProcessLsm:
+ return ev.ProcessLsm.Process
case *tetragon.GetEventsResponse_ProcessLoader:
return ev.ProcessLoader.Process
@@ -115,6 +119,8 @@ func ResponseInnerGetParent(event tetragon.IsGetEventsResponse_Event) *tetragon.
return ev.ProcessTracepoint.Parent
case *tetragon.GetEventsResponse_ProcessUprobe:
return ev.ProcessUprobe.Parent
+ case *tetragon.GetEventsResponse_ProcessLsm:
+ return ev.ProcessLsm.Parent
}
return nil
diff --git a/api/v1/tetragon/events.pb.go b/api/v1/tetragon/events.pb.go
index f11dc36ba6c..b903f651925 100644
--- a/api/v1/tetragon/events.pb.go
+++ b/api/v1/tetragon/events.pb.go
@@ -41,6 +41,7 @@ const (
EventType_PROCESS_TRACEPOINT EventType = 10
EventType_PROCESS_LOADER EventType = 11
EventType_PROCESS_UPROBE EventType = 12
+ EventType_PROCESS_LSM EventType = 13
EventType_PROCESS_THROTTLE EventType = 27
EventType_TEST EventType = 40000
EventType_RATE_LIMIT_INFO EventType = 40001
@@ -56,6 +57,7 @@ var (
10: "PROCESS_TRACEPOINT",
11: "PROCESS_LOADER",
12: "PROCESS_UPROBE",
+ 13: "PROCESS_LSM",
27: "PROCESS_THROTTLE",
40000: "TEST",
40001: "RATE_LIMIT_INFO",
@@ -68,6 +70,7 @@ var (
"PROCESS_TRACEPOINT": 10,
"PROCESS_LOADER": 11,
"PROCESS_UPROBE": 12,
+ "PROCESS_LSM": 13,
"PROCESS_THROTTLE": 27,
"TEST": 40000,
"RATE_LIMIT_INFO": 40001,
@@ -944,6 +947,7 @@ type GetEventsResponse struct {
// *GetEventsResponse_ProcessTracepoint
// *GetEventsResponse_ProcessLoader
// *GetEventsResponse_ProcessUprobe
+ // *GetEventsResponse_ProcessLsm
// *GetEventsResponse_ProcessThrottle
// *GetEventsResponse_Test
// *GetEventsResponse_RateLimitInfo
@@ -1040,6 +1044,13 @@ func (x *GetEventsResponse) GetProcessUprobe() *ProcessUprobe {
return nil
}
+func (x *GetEventsResponse) GetProcessLsm() *ProcessLsm {
+ if x, ok := x.GetEvent().(*GetEventsResponse_ProcessLsm); ok {
+ return x.ProcessLsm
+ }
+ return nil
+}
+
func (x *GetEventsResponse) GetProcessThrottle() *ProcessThrottle {
if x, ok := x.GetEvent().(*GetEventsResponse_ProcessThrottle); ok {
return x.ProcessThrottle
@@ -1117,6 +1128,10 @@ type GetEventsResponse_ProcessUprobe struct {
ProcessUprobe *ProcessUprobe `protobuf:"bytes,12,opt,name=process_uprobe,json=processUprobe,proto3,oneof"`
}
+type GetEventsResponse_ProcessLsm struct {
+ ProcessLsm *ProcessLsm `protobuf:"bytes,13,opt,name=process_lsm,json=processLsm,proto3,oneof"`
+}
+
type GetEventsResponse_ProcessThrottle struct {
ProcessThrottle *ProcessThrottle `protobuf:"bytes,27,opt,name=process_throttle,json=processThrottle,proto3,oneof"`
}
@@ -1141,6 +1156,8 @@ func (*GetEventsResponse_ProcessLoader) isGetEventsResponse_Event() {}
func (*GetEventsResponse_ProcessUprobe) isGetEventsResponse_Event() {}
+func (*GetEventsResponse_ProcessLsm) isGetEventsResponse_Event() {}
+
func (*GetEventsResponse_ProcessThrottle) isGetEventsResponse_Event() {}
func (*GetEventsResponse_Test) isGetEventsResponse_Event() {}
@@ -1274,7 +1291,7 @@ var file_tetragon_events_proto_rawDesc = []byte{
0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e,
0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79,
0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x02, 0x20, 0x01,
- 0x28, 0x09, 0x52, 0x06, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xf3, 0x05, 0x0a, 0x11, 0x47,
+ 0x28, 0x09, 0x52, 0x06, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xac, 0x06, 0x0a, 0x11, 0x47,
0x65, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
0x12, 0x3a, 0x0a, 0x0c, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x65, 0x78, 0x65, 0x63,
0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f,
@@ -1300,49 +1317,54 @@ var file_tetragon_events_proto_rawDesc = []byte{
0x6f, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x75, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x18, 0x0c, 0x20, 0x01,
0x28, 0x0b, 0x32, 0x17, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72,
0x6f, 0x63, 0x65, 0x73, 0x73, 0x55, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x48, 0x00, 0x52, 0x0d, 0x70,
- 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x55, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x46, 0x0a, 0x10,
- 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65,
- 0x18, 0x1b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f,
- 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c,
- 0x65, 0x48, 0x00, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x6f,
- 0x74, 0x74, 0x6c, 0x65, 0x12, 0x26, 0x0a, 0x04, 0x74, 0x65, 0x73, 0x74, 0x18, 0xc0, 0xb8, 0x02,
- 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e,
- 0x54, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x04, 0x74, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, 0x0f,
- 0x72, 0x61, 0x74, 0x65, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18,
- 0xc1, 0xb8, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67,
- 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, 0x66, 0x6f,
- 0x48, 0x00, 0x52, 0x0d, 0x72, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, 0x66,
- 0x6f, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0xe8,
- 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12,
- 0x2f, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0xe9, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
- 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
- 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65,
- 0x12, 0x45, 0x0a, 0x10, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
- 0x69, 0x6e, 0x66, 0x6f, 0x18, 0xea, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65,
- 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x41, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69,
- 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74,
- 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x42, 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74,
- 0x2a, 0xc7, 0x01, 0x0a, 0x09, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x09,
- 0x0a, 0x05, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f,
- 0x43, 0x45, 0x53, 0x53, 0x5f, 0x45, 0x58, 0x45, 0x43, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x50,
- 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x45, 0x58, 0x49, 0x54, 0x10, 0x05, 0x12, 0x12, 0x0a,
- 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x10,
- 0x09, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x54, 0x52, 0x41,
- 0x43, 0x45, 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x10, 0x0a, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f,
- 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4c, 0x4f, 0x41, 0x44, 0x45, 0x52, 0x10, 0x0b, 0x12, 0x12, 0x0a,
- 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x55, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x10,
- 0x0c, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x54, 0x48, 0x52,
- 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x10, 0x1b, 0x12, 0x0a, 0x0a, 0x04, 0x54, 0x45, 0x53, 0x54, 0x10,
- 0xc0, 0xb8, 0x02, 0x12, 0x15, 0x0a, 0x0f, 0x52, 0x41, 0x54, 0x45, 0x5f, 0x4c, 0x49, 0x4d, 0x49,
- 0x54, 0x5f, 0x49, 0x4e, 0x46, 0x4f, 0x10, 0xc1, 0xb8, 0x02, 0x2a, 0x2d, 0x0a, 0x11, 0x46, 0x69,
- 0x65, 0x6c, 0x64, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12,
- 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x43, 0x4c, 0x55, 0x44, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07,
- 0x45, 0x58, 0x43, 0x4c, 0x55, 0x44, 0x45, 0x10, 0x01, 0x2a, 0x4b, 0x0a, 0x0c, 0x54, 0x68, 0x72,
- 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x48, 0x52,
- 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12,
- 0x12, 0x0a, 0x0e, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x52,
- 0x54, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f,
- 0x53, 0x54, 0x4f, 0x50, 0x10, 0x02, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+ 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x55, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x37, 0x0a, 0x0b,
+ 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x73, 0x6d, 0x18, 0x0d, 0x20, 0x01, 0x28,
+ 0x0b, 0x32, 0x14, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f,
+ 0x63, 0x65, 0x73, 0x73, 0x4c, 0x73, 0x6d, 0x48, 0x00, 0x52, 0x0a, 0x70, 0x72, 0x6f, 0x63, 0x65,
+ 0x73, 0x73, 0x4c, 0x73, 0x6d, 0x12, 0x46, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73,
+ 0x5f, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x0b, 0x32,
+ 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65,
+ 0x73, 0x73, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x48, 0x00, 0x52, 0x0f, 0x70, 0x72,
+ 0x6f, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x12, 0x26, 0x0a,
+ 0x04, 0x74, 0x65, 0x73, 0x74, 0x18, 0xc0, 0xb8, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e,
+ 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x54, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52,
+ 0x04, 0x74, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, 0x0f, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x6c, 0x69,
+ 0x6d, 0x69, 0x74, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0xc1, 0xb8, 0x02, 0x20, 0x01, 0x28, 0x0b,
+ 0x32, 0x17, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x74, 0x65,
+ 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x48, 0x00, 0x52, 0x0d, 0x72, 0x61, 0x74,
+ 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x6f,
+ 0x64, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0xe8, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
+ 0x6e, 0x6f, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2f, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65,
+ 0x18, 0xe9, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+ 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74,
+ 0x61, 0x6d, 0x70, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x45, 0x0a, 0x10, 0x61, 0x67, 0x67,
+ 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0xea, 0x07,
+ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e,
+ 0x41, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52,
+ 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f,
+ 0x42, 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x2a, 0xd8, 0x01, 0x0a, 0x09, 0x45, 0x76,
+ 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x55, 0x4e, 0x44, 0x45, 0x46,
+ 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x45, 0x58,
+ 0x45, 0x43, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f,
+ 0x45, 0x58, 0x49, 0x54, 0x10, 0x05, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53,
+ 0x53, 0x5f, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x10, 0x09, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52,
+ 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x54, 0x52, 0x41, 0x43, 0x45, 0x50, 0x4f, 0x49, 0x4e, 0x54,
+ 0x10, 0x0a, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4c, 0x4f,
+ 0x41, 0x44, 0x45, 0x52, 0x10, 0x0b, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53,
+ 0x53, 0x5f, 0x55, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x52,
+ 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4c, 0x53, 0x4d, 0x10, 0x0d, 0x12, 0x14, 0x0a, 0x10, 0x50,
+ 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x10,
+ 0x1b, 0x12, 0x0a, 0x0a, 0x04, 0x54, 0x45, 0x53, 0x54, 0x10, 0xc0, 0xb8, 0x02, 0x12, 0x15, 0x0a,
+ 0x0f, 0x52, 0x41, 0x54, 0x45, 0x5f, 0x4c, 0x49, 0x4d, 0x49, 0x54, 0x5f, 0x49, 0x4e, 0x46, 0x4f,
+ 0x10, 0xc1, 0xb8, 0x02, 0x2a, 0x2d, 0x0a, 0x11, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x46, 0x69, 0x6c,
+ 0x74, 0x65, 0x72, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x43,
+ 0x4c, 0x55, 0x44, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x58, 0x43, 0x4c, 0x55, 0x44,
+ 0x45, 0x10, 0x01, 0x2a, 0x4b, 0x0a, 0x0c, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x54,
+ 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f,
+ 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x54, 0x48, 0x52,
+ 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x52, 0x54, 0x10, 0x01, 0x12, 0x11, 0x0a,
+ 0x0d, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f, 0x53, 0x54, 0x4f, 0x50, 0x10, 0x02,
+ 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@@ -1384,8 +1406,9 @@ var file_tetragon_events_proto_goTypes = []interface{}{
(*ProcessTracepoint)(nil), // 21: tetragon.ProcessTracepoint
(*ProcessLoader)(nil), // 22: tetragon.ProcessLoader
(*ProcessUprobe)(nil), // 23: tetragon.ProcessUprobe
- (*Test)(nil), // 24: tetragon.Test
- (*timestamppb.Timestamp)(nil), // 25: google.protobuf.Timestamp
+ (*ProcessLsm)(nil), // 24: tetragon.ProcessLsm
+ (*Test)(nil), // 25: tetragon.Test
+ (*timestamppb.Timestamp)(nil), // 26: google.protobuf.Timestamp
}
var file_tetragon_events_proto_depIdxs = []int32{
14, // 0: tetragon.Filter.health_check:type_name -> google.protobuf.BoolValue
@@ -1415,16 +1438,17 @@ var file_tetragon_events_proto_depIdxs = []int32{
21, // 24: tetragon.GetEventsResponse.process_tracepoint:type_name -> tetragon.ProcessTracepoint
22, // 25: tetragon.GetEventsResponse.process_loader:type_name -> tetragon.ProcessLoader
23, // 26: tetragon.GetEventsResponse.process_uprobe:type_name -> tetragon.ProcessUprobe
- 12, // 27: tetragon.GetEventsResponse.process_throttle:type_name -> tetragon.ProcessThrottle
- 24, // 28: tetragon.GetEventsResponse.test:type_name -> tetragon.Test
- 11, // 29: tetragon.GetEventsResponse.rate_limit_info:type_name -> tetragon.RateLimitInfo
- 25, // 30: tetragon.GetEventsResponse.time:type_name -> google.protobuf.Timestamp
- 10, // 31: tetragon.GetEventsResponse.aggregation_info:type_name -> tetragon.AggregationInfo
- 32, // [32:32] is the sub-list for method output_type
- 32, // [32:32] is the sub-list for method input_type
- 32, // [32:32] is the sub-list for extension type_name
- 32, // [32:32] is the sub-list for extension extendee
- 0, // [0:32] is the sub-list for field type_name
+ 24, // 27: tetragon.GetEventsResponse.process_lsm:type_name -> tetragon.ProcessLsm
+ 12, // 28: tetragon.GetEventsResponse.process_throttle:type_name -> tetragon.ProcessThrottle
+ 25, // 29: tetragon.GetEventsResponse.test:type_name -> tetragon.Test
+ 11, // 30: tetragon.GetEventsResponse.rate_limit_info:type_name -> tetragon.RateLimitInfo
+ 26, // 31: tetragon.GetEventsResponse.time:type_name -> google.protobuf.Timestamp
+ 10, // 32: tetragon.GetEventsResponse.aggregation_info:type_name -> tetragon.AggregationInfo
+ 33, // [33:33] is the sub-list for method output_type
+ 33, // [33:33] is the sub-list for method input_type
+ 33, // [33:33] is the sub-list for extension type_name
+ 33, // [33:33] is the sub-list for extension extendee
+ 0, // [0:33] is the sub-list for field type_name
}
func init() { file_tetragon_events_proto_init() }
@@ -1575,6 +1599,7 @@ func file_tetragon_events_proto_init() {
(*GetEventsResponse_ProcessTracepoint)(nil),
(*GetEventsResponse_ProcessLoader)(nil),
(*GetEventsResponse_ProcessUprobe)(nil),
+ (*GetEventsResponse_ProcessLsm)(nil),
(*GetEventsResponse_ProcessThrottle)(nil),
(*GetEventsResponse_Test)(nil),
(*GetEventsResponse_RateLimitInfo)(nil),
diff --git a/api/v1/tetragon/events.proto b/api/v1/tetragon/events.proto
index f2bd554645f..155bd489665 100644
--- a/api/v1/tetragon/events.proto
+++ b/api/v1/tetragon/events.proto
@@ -25,6 +25,7 @@ enum EventType {
PROCESS_TRACEPOINT = 10;
PROCESS_LOADER = 11;
PROCESS_UPROBE = 12;
+ PROCESS_LSM = 13;
PROCESS_THROTTLE = 27;
TEST = 40000;
@@ -183,6 +184,7 @@ message GetEventsResponse {
ProcessTracepoint process_tracepoint = 10;
ProcessLoader process_loader = 11;
ProcessUprobe process_uprobe = 12;
+ ProcessLsm process_lsm = 13;
ProcessThrottle process_throttle = 27;
Test test = 40000;
diff --git a/api/v1/tetragon/tetragon.pb.go b/api/v1/tetragon/tetragon.pb.go
index ace6dfcfc1c..8a5d6be212e 100644
--- a/api/v1/tetragon/tetragon.pb.go
+++ b/api/v1/tetragon/tetragon.pb.go
@@ -3475,6 +3475,115 @@ func (x *ProcessUprobe) GetTags() []string {
return nil
}
+type ProcessLsm struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Process *Process `protobuf:"bytes,1,opt,name=process,proto3" json:"process,omitempty"`
+ Parent *Process `protobuf:"bytes,2,opt,name=parent,proto3" json:"parent,omitempty"`
+ // LSM hook name.
+ FunctionName string `protobuf:"bytes,3,opt,name=function_name,json=functionName,proto3" json:"function_name,omitempty"`
+ // Name of the policy that created that LSM hook.
+ PolicyName string `protobuf:"bytes,5,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"`
+ // Short message of the Tracing Policy to inform users what is going on.
+ Message string `protobuf:"bytes,6,opt,name=message,proto3" json:"message,omitempty"`
+ // Arguments definition of the observed LSM hook.
+ Args []*KprobeArgument `protobuf:"bytes,7,rep,name=args,proto3" json:"args,omitempty"`
+ // Action performed when the LSM hook matched.
+ Action KprobeAction `protobuf:"varint,8,opt,name=action,proto3,enum=tetragon.KprobeAction" json:"action,omitempty"`
+ // Tags of the Tracing Policy to categorize the event.
+ Tags []string `protobuf:"bytes,9,rep,name=tags,proto3" json:"tags,omitempty"`
+}
+
+func (x *ProcessLsm) Reset() {
+ *x = ProcessLsm{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_tetragon_tetragon_proto_msgTypes[32]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *ProcessLsm) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProcessLsm) ProtoMessage() {}
+
+func (x *ProcessLsm) ProtoReflect() protoreflect.Message {
+ mi := &file_tetragon_tetragon_proto_msgTypes[32]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProcessLsm.ProtoReflect.Descriptor instead.
+func (*ProcessLsm) Descriptor() ([]byte, []int) {
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{32}
+}
+
+func (x *ProcessLsm) GetProcess() *Process {
+ if x != nil {
+ return x.Process
+ }
+ return nil
+}
+
+func (x *ProcessLsm) GetParent() *Process {
+ if x != nil {
+ return x.Parent
+ }
+ return nil
+}
+
+func (x *ProcessLsm) GetFunctionName() string {
+ if x != nil {
+ return x.FunctionName
+ }
+ return ""
+}
+
+func (x *ProcessLsm) GetPolicyName() string {
+ if x != nil {
+ return x.PolicyName
+ }
+ return ""
+}
+
+func (x *ProcessLsm) GetMessage() string {
+ if x != nil {
+ return x.Message
+ }
+ return ""
+}
+
+func (x *ProcessLsm) GetArgs() []*KprobeArgument {
+ if x != nil {
+ return x.Args
+ }
+ return nil
+}
+
+func (x *ProcessLsm) GetAction() KprobeAction {
+ if x != nil {
+ return x.Action
+ }
+ return KprobeAction_KPROBE_ACTION_UNKNOWN
+}
+
+func (x *ProcessLsm) GetTags() []string {
+ if x != nil {
+ return x.Tags
+ }
+ return nil
+}
+
type KernelModule struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
@@ -3492,7 +3601,7 @@ type KernelModule struct {
func (x *KernelModule) Reset() {
*x = KernelModule{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[32]
+ mi := &file_tetragon_tetragon_proto_msgTypes[33]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3505,7 +3614,7 @@ func (x *KernelModule) String() string {
func (*KernelModule) ProtoMessage() {}
func (x *KernelModule) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[32]
+ mi := &file_tetragon_tetragon_proto_msgTypes[33]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3518,7 +3627,7 @@ func (x *KernelModule) ProtoReflect() protoreflect.Message {
// Deprecated: Use KernelModule.ProtoReflect.Descriptor instead.
func (*KernelModule) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{32}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{33}
}
func (x *KernelModule) GetName() string {
@@ -3556,7 +3665,7 @@ type Test struct {
func (x *Test) Reset() {
*x = Test{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[33]
+ mi := &file_tetragon_tetragon_proto_msgTypes[34]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3569,7 +3678,7 @@ func (x *Test) String() string {
func (*Test) ProtoMessage() {}
func (x *Test) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[33]
+ mi := &file_tetragon_tetragon_proto_msgTypes[34]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3582,7 +3691,7 @@ func (x *Test) ProtoReflect() protoreflect.Message {
// Deprecated: Use Test.ProtoReflect.Descriptor instead.
func (*Test) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{33}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{34}
}
func (x *Test) GetArg0() uint64 {
@@ -3624,7 +3733,7 @@ type GetHealthStatusRequest struct {
func (x *GetHealthStatusRequest) Reset() {
*x = GetHealthStatusRequest{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[34]
+ mi := &file_tetragon_tetragon_proto_msgTypes[35]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3637,7 +3746,7 @@ func (x *GetHealthStatusRequest) String() string {
func (*GetHealthStatusRequest) ProtoMessage() {}
func (x *GetHealthStatusRequest) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[34]
+ mi := &file_tetragon_tetragon_proto_msgTypes[35]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3650,7 +3759,7 @@ func (x *GetHealthStatusRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use GetHealthStatusRequest.ProtoReflect.Descriptor instead.
func (*GetHealthStatusRequest) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{34}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{35}
}
func (x *GetHealthStatusRequest) GetEventSet() []HealthStatusType {
@@ -3673,7 +3782,7 @@ type HealthStatus struct {
func (x *HealthStatus) Reset() {
*x = HealthStatus{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[35]
+ mi := &file_tetragon_tetragon_proto_msgTypes[36]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3686,7 +3795,7 @@ func (x *HealthStatus) String() string {
func (*HealthStatus) ProtoMessage() {}
func (x *HealthStatus) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[35]
+ mi := &file_tetragon_tetragon_proto_msgTypes[36]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3699,7 +3808,7 @@ func (x *HealthStatus) ProtoReflect() protoreflect.Message {
// Deprecated: Use HealthStatus.ProtoReflect.Descriptor instead.
func (*HealthStatus) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{35}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{36}
}
func (x *HealthStatus) GetEvent() HealthStatusType {
@@ -3734,7 +3843,7 @@ type GetHealthStatusResponse struct {
func (x *GetHealthStatusResponse) Reset() {
*x = GetHealthStatusResponse{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[36]
+ mi := &file_tetragon_tetragon_proto_msgTypes[37]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3747,7 +3856,7 @@ func (x *GetHealthStatusResponse) String() string {
func (*GetHealthStatusResponse) ProtoMessage() {}
func (x *GetHealthStatusResponse) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[36]
+ mi := &file_tetragon_tetragon_proto_msgTypes[37]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3760,7 +3869,7 @@ func (x *GetHealthStatusResponse) ProtoReflect() protoreflect.Message {
// Deprecated: Use GetHealthStatusResponse.ProtoReflect.Descriptor instead.
func (*GetHealthStatusResponse) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{36}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{37}
}
func (x *GetHealthStatusResponse) GetHealthStatus() []*HealthStatus {
@@ -3784,7 +3893,7 @@ type ProcessLoader struct {
func (x *ProcessLoader) Reset() {
*x = ProcessLoader{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[37]
+ mi := &file_tetragon_tetragon_proto_msgTypes[38]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3797,7 +3906,7 @@ func (x *ProcessLoader) String() string {
func (*ProcessLoader) ProtoMessage() {}
func (x *ProcessLoader) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[37]
+ mi := &file_tetragon_tetragon_proto_msgTypes[38]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3810,7 +3919,7 @@ func (x *ProcessLoader) ProtoReflect() protoreflect.Message {
// Deprecated: Use ProcessLoader.ProtoReflect.Descriptor instead.
func (*ProcessLoader) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{37}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{38}
}
func (x *ProcessLoader) GetProcess() *Process {
@@ -3849,7 +3958,7 @@ type RuntimeHookRequest struct {
func (x *RuntimeHookRequest) Reset() {
*x = RuntimeHookRequest{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[38]
+ mi := &file_tetragon_tetragon_proto_msgTypes[39]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3862,7 +3971,7 @@ func (x *RuntimeHookRequest) String() string {
func (*RuntimeHookRequest) ProtoMessage() {}
func (x *RuntimeHookRequest) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[38]
+ mi := &file_tetragon_tetragon_proto_msgTypes[39]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3875,7 +3984,7 @@ func (x *RuntimeHookRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use RuntimeHookRequest.ProtoReflect.Descriptor instead.
func (*RuntimeHookRequest) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{38}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{39}
}
func (m *RuntimeHookRequest) GetEvent() isRuntimeHookRequest_Event {
@@ -3911,7 +4020,7 @@ type RuntimeHookResponse struct {
func (x *RuntimeHookResponse) Reset() {
*x = RuntimeHookResponse{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[39]
+ mi := &file_tetragon_tetragon_proto_msgTypes[40]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3924,7 +4033,7 @@ func (x *RuntimeHookResponse) String() string {
func (*RuntimeHookResponse) ProtoMessage() {}
func (x *RuntimeHookResponse) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[39]
+ mi := &file_tetragon_tetragon_proto_msgTypes[40]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3937,7 +4046,7 @@ func (x *RuntimeHookResponse) ProtoReflect() protoreflect.Message {
// Deprecated: Use RuntimeHookResponse.ProtoReflect.Descriptor instead.
func (*RuntimeHookResponse) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{39}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{40}
}
// CreateContainer informs the agent that a container was created
@@ -3965,7 +4074,7 @@ type CreateContainer struct {
func (x *CreateContainer) Reset() {
*x = CreateContainer{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[40]
+ mi := &file_tetragon_tetragon_proto_msgTypes[41]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3978,7 +4087,7 @@ func (x *CreateContainer) String() string {
func (*CreateContainer) ProtoMessage() {}
func (x *CreateContainer) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[40]
+ mi := &file_tetragon_tetragon_proto_msgTypes[41]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3991,7 +4100,7 @@ func (x *CreateContainer) ProtoReflect() protoreflect.Message {
// Deprecated: Use CreateContainer.ProtoReflect.Descriptor instead.
func (*CreateContainer) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{40}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{41}
}
func (x *CreateContainer) GetCgroupsPath() string {
@@ -4040,7 +4149,7 @@ type StackTraceEntry struct {
func (x *StackTraceEntry) Reset() {
*x = StackTraceEntry{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[41]
+ mi := &file_tetragon_tetragon_proto_msgTypes[42]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4053,7 +4162,7 @@ func (x *StackTraceEntry) String() string {
func (*StackTraceEntry) ProtoMessage() {}
func (x *StackTraceEntry) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[41]
+ mi := &file_tetragon_tetragon_proto_msgTypes[42]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4066,7 +4175,7 @@ func (x *StackTraceEntry) ProtoReflect() protoreflect.Message {
// Deprecated: Use StackTraceEntry.ProtoReflect.Descriptor instead.
func (*StackTraceEntry) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{41}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{42}
}
func (x *StackTraceEntry) GetAddress() uint64 {
@@ -4619,136 +4728,156 @@ var file_tetragon_tetragon_proto_rawDesc = []byte{
0x61, 0x72, 0x67, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x74, 0x65, 0x74,
0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x4b, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x72, 0x67, 0x75,
0x6d, 0x65, 0x6e, 0x74, 0x52, 0x04, 0x61, 0x72, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x61,
- 0x67, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x04, 0x74, 0x61, 0x67, 0x73, 0x22, 0x96,
- 0x01, 0x0a, 0x0c, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x12,
- 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
- 0x61, 0x6d, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65,
- 0x5f, 0x6f, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c,
- 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65,
- 0x4f, 0x6b, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20,
- 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x54,
- 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07,
- 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x22, 0x56, 0x0a, 0x04, 0x54, 0x65, 0x73, 0x74, 0x12,
- 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x30, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61,
- 0x72, 0x67, 0x30, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x31, 0x18, 0x02, 0x20, 0x01, 0x28,
- 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x31, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x32, 0x18,
- 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x32, 0x12, 0x12, 0x0a, 0x04, 0x61,
- 0x72, 0x67, 0x33, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x33, 0x22,
- 0x51, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74,
- 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x37, 0x0a, 0x09, 0x65, 0x76, 0x65,
- 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74,
- 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74,
- 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x08, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x53,
- 0x65, 0x74, 0x22, 0x90, 0x01, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61,
- 0x74, 0x75, 0x73, 0x12, 0x30, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01,
- 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65,
- 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05,
- 0x65, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18,
- 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e,
- 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73,
- 0x75, 0x6c, 0x74, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x64,
- 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65,
- 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x56, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x48, 0x65, 0x61, 0x6c,
- 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
- 0x12, 0x3b, 0x0a, 0x0d, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75,
- 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67,
- 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52,
- 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x6a, 0x0a,
- 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x12, 0x2b,
- 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
- 0x11, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65,
- 0x73, 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70,
- 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12,
- 0x18, 0x0a, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c,
- 0x52, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x22, 0x64, 0x0a, 0x12, 0x52, 0x75, 0x6e,
- 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
- 0x45, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e,
- 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61,
- 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69,
- 0x6e, 0x65, 0x72, 0x48, 0x00, 0x52, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e,
- 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x42, 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x22,
- 0x15, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, 0x6b, 0x52, 0x65,
- 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x81, 0x02, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61, 0x74,
- 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x67,
- 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07,
- 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72,
- 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x12, 0x4c, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61,
- 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x74, 0x65,
- 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e,
- 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f,
- 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74,
- 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65,
- 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e,
- 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e,
- 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
- 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
- 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x73, 0x0a, 0x0f, 0x53, 0x74,
- 0x61, 0x63, 0x6b, 0x54, 0x72, 0x61, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a,
- 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07,
- 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65,
- 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12,
- 0x16, 0x0a, 0x06, 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x06, 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x6f, 0x64, 0x75, 0x6c,
- 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x2a,
- 0x95, 0x03, 0x0a, 0x0c, 0x4b, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e,
- 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f,
- 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4b,
- 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x4f, 0x53,
- 0x54, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43,
- 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x4f, 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10, 0x02, 0x12,
- 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e,
- 0x5f, 0x53, 0x49, 0x47, 0x4b, 0x49, 0x4c, 0x4c, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x50,
- 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x46, 0x4f,
- 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10, 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x50, 0x52, 0x4f,
- 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x52, 0x49,
- 0x44, 0x45, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41,
- 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x46, 0x44, 0x10, 0x06, 0x12, 0x18,
+ 0x67, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x04, 0x74, 0x61, 0x67, 0x73, 0x22, 0xb6,
+ 0x02, 0x0a, 0x0a, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x73, 0x6d, 0x12, 0x2b, 0x0a,
+ 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11,
+ 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73,
+ 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x12, 0x29, 0x0a, 0x06, 0x70, 0x61,
+ 0x72, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x65, 0x74,
+ 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x06, 0x70,
+ 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f,
+ 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x66, 0x75,
+ 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x6f,
+ 0x6c, 0x69, 0x63, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
+ 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d,
+ 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65,
+ 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x2c, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, 0x18, 0x07, 0x20,
+ 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x4b,
+ 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x04, 0x61,
+ 0x72, 0x67, 0x73, 0x12, 0x2e, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20,
+ 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x4b,
+ 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74,
+ 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x61, 0x67, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28,
+ 0x09, 0x52, 0x04, 0x74, 0x61, 0x67, 0x73, 0x22, 0x96, 0x01, 0x0a, 0x0c, 0x4b, 0x65, 0x72, 0x6e,
+ 0x65, 0x6c, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+ 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3d, 0x0a, 0x0c,
+ 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6f, 0x6b, 0x18, 0x02, 0x20, 0x01,
+ 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+ 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b,
+ 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x4f, 0x6b, 0x12, 0x33, 0x0a, 0x07, 0x74,
+ 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x74,
+ 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42,
+ 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64,
+ 0x22, 0x56, 0x0a, 0x04, 0x54, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x30,
+ 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x30, 0x12, 0x12, 0x0a, 0x04,
+ 0x61, 0x72, 0x67, 0x31, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x31,
+ 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x32, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04,
+ 0x61, 0x72, 0x67, 0x32, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x33, 0x18, 0x04, 0x20, 0x01,
+ 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x33, 0x22, 0x51, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x48,
+ 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
+ 0x73, 0x74, 0x12, 0x37, 0x0a, 0x09, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18,
+ 0x01, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e,
+ 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70,
+ 0x65, 0x52, 0x08, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x74, 0x22, 0x90, 0x01, 0x0a, 0x0c,
+ 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x30, 0x0a, 0x05,
+ 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65,
+ 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61,
+ 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x34,
+ 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c,
+ 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68,
+ 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x06, 0x73, 0x74,
+ 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18,
+ 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x56,
+ 0x0a, 0x17, 0x47, 0x65, 0x74, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75,
+ 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3b, 0x0a, 0x0d, 0x68, 0x65, 0x61,
+ 0x6c, 0x74, 0x68, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
+ 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c,
+ 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68,
+ 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x6a, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73,
+ 0x73, 0x4c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65,
+ 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61,
+ 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f,
+ 0x63, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01,
+ 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x75, 0x69, 0x6c,
+ 0x64, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64,
+ 0x69, 0x64, 0x22, 0x64, 0x0a, 0x12, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f,
+ 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x61,
+ 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28,
+ 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65,
+ 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x48, 0x00, 0x52, 0x0f,
+ 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x42,
+ 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x22, 0x15, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74,
+ 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+ 0x81, 0x02, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69,
+ 0x6e, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61,
+ 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70,
+ 0x73, 0x50, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72,
+ 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x12,
+ 0x4c, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03,
+ 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e,
+ 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e,
+ 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79,
+ 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a,
+ 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x04,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e,
+ 0x61, 0x6d, 0x65, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f,
+ 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c,
+ 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a,
+ 0x02, 0x38, 0x01, 0x22, 0x73, 0x0a, 0x0f, 0x53, 0x74, 0x61, 0x63, 0x6b, 0x54, 0x72, 0x61, 0x63,
+ 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73,
+ 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
+ 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04,
+ 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x79, 0x6d, 0x62,
+ 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c,
+ 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
+ 0x52, 0x06, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x2a, 0x95, 0x03, 0x0a, 0x0c, 0x4b, 0x70, 0x72,
+ 0x6f, 0x62, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52,
+ 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f,
+ 0x57, 0x4e, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41,
+ 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16,
+ 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x4f,
+ 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f,
+ 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4b, 0x49, 0x4c,
+ 0x4c, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43,
+ 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x46, 0x4f, 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10,
+ 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49,
+ 0x4f, 0x4e, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x52, 0x49, 0x44, 0x45, 0x10, 0x05, 0x12, 0x18, 0x0a,
+ 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43,
+ 0x4f, 0x50, 0x59, 0x46, 0x44, 0x10, 0x06, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42,
+ 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x47, 0x45, 0x54, 0x55, 0x52, 0x4c, 0x10,
+ 0x07, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49,
+ 0x4f, 0x4e, 0x5f, 0x44, 0x4e, 0x53, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x08, 0x12, 0x18,
0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
- 0x47, 0x45, 0x54, 0x55, 0x52, 0x4c, 0x10, 0x07, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f,
- 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x4e, 0x53, 0x4c, 0x4f, 0x4f,
- 0x4b, 0x55, 0x50, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f,
- 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x09, 0x12,
- 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e,
- 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c, 0x10, 0x0a, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52,
- 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x52, 0x41, 0x43, 0x4b,
- 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0b, 0x12, 0x1d, 0x0a, 0x19, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45,
- 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53,
- 0x4f, 0x43, 0x4b, 0x10, 0x0c, 0x12, 0x20, 0x0a, 0x1c, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f,
- 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x45, 0x4e, 0x46,
- 0x4f, 0x52, 0x43, 0x45, 0x52, 0x10, 0x0d, 0x2a, 0x4f, 0x0a, 0x10, 0x48, 0x65, 0x61, 0x6c, 0x74,
- 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1c, 0x0a, 0x18, 0x48,
- 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, 0x50,
- 0x45, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x48, 0x45, 0x41,
- 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
- 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x10, 0x01, 0x2a, 0x7c, 0x0a, 0x12, 0x48, 0x65, 0x61, 0x6c,
- 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x17,
- 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f,
- 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54,
- 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47,
- 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41,
- 0x54, 0x55, 0x53, 0x5f, 0x53, 0x54, 0x4f, 0x50, 0x50, 0x45, 0x44, 0x10, 0x02, 0x12, 0x17, 0x0a,
- 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x45,
- 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x2a, 0x8d, 0x02, 0x0a, 0x0f, 0x54, 0x61, 0x69, 0x6e, 0x74,
- 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x41,
- 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x45, 0x54, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x54,
- 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52, 0x4f, 0x50, 0x52, 0x49, 0x45, 0x54, 0x41, 0x52, 0x59,
- 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x49,
- 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45,
- 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43,
- 0x45, 0x44, 0x5f, 0x55, 0x4e, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45,
- 0x10, 0x04, 0x12, 0x18, 0x0a, 0x13, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x53, 0x54, 0x41, 0x47,
- 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x08, 0x12, 0x1d, 0x0a, 0x18,
- 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4f, 0x55, 0x54, 0x5f, 0x4f, 0x46, 0x5f, 0x54, 0x52, 0x45,
- 0x45, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x20, 0x12, 0x1a, 0x0a, 0x15, 0x54,
- 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x45, 0x44, 0x5f, 0x4d, 0x4f,
- 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x40, 0x12, 0x24, 0x0a, 0x1e, 0x54, 0x41, 0x49, 0x4e, 0x54,
- 0x5f, 0x4b, 0x45, 0x52, 0x4e, 0x45, 0x4c, 0x5f, 0x4c, 0x49, 0x56, 0x45, 0x5f, 0x50, 0x41, 0x54,
- 0x43, 0x48, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x80, 0x02, 0x12, 0x17, 0x0a,
- 0x11, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4d, 0x4f, 0x44, 0x55,
- 0x4c, 0x45, 0x10, 0x80, 0x80, 0x10, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+ 0x4e, 0x4f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x09, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f,
+ 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c,
+ 0x10, 0x0a, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54,
+ 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0b, 0x12,
+ 0x1d, 0x0a, 0x19, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e,
+ 0x5f, 0x55, 0x4e, 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0c, 0x12, 0x20,
+ 0x0a, 0x1c, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
+ 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x45, 0x4e, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x52, 0x10, 0x0d,
+ 0x2a, 0x4f, 0x0a, 0x10, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
+ 0x54, 0x79, 0x70, 0x65, 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53,
+ 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46,
+ 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41,
+ 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x10,
+ 0x01, 0x2a, 0x7c, 0x0a, 0x12, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75,
+ 0x73, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54,
+ 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00,
+ 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55,
+ 0x53, 0x5f, 0x52, 0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x48,
+ 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x54, 0x4f,
+ 0x50, 0x50, 0x45, 0x44, 0x10, 0x02, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48,
+ 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x2a,
+ 0x8d, 0x02, 0x0a, 0x0f, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54,
+ 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53,
+ 0x45, 0x54, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52,
+ 0x4f, 0x50, 0x52, 0x49, 0x45, 0x54, 0x41, 0x52, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45,
+ 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43,
+ 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x54,
+ 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x55, 0x4e, 0x4c, 0x4f,
+ 0x41, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x04, 0x12, 0x18, 0x0a, 0x13, 0x54,
+ 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55,
+ 0x4c, 0x45, 0x10, 0x80, 0x08, 0x12, 0x1d, 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4f,
+ 0x55, 0x54, 0x5f, 0x4f, 0x46, 0x5f, 0x54, 0x52, 0x45, 0x45, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c,
+ 0x45, 0x10, 0x80, 0x20, 0x12, 0x1a, 0x0a, 0x15, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e,
+ 0x53, 0x49, 0x47, 0x4e, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x40,
+ 0x12, 0x24, 0x0a, 0x1e, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4b, 0x45, 0x52, 0x4e, 0x45, 0x4c,
+ 0x5f, 0x4c, 0x49, 0x56, 0x45, 0x5f, 0x50, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x4d, 0x4f, 0x44, 0x55,
+ 0x4c, 0x45, 0x10, 0x80, 0x80, 0x02, 0x12, 0x17, 0x0a, 0x11, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f,
+ 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x80, 0x10, 0x62,
+ 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@@ -4764,7 +4893,7 @@ func file_tetragon_tetragon_proto_rawDescGZIP() []byte {
}
var file_tetragon_tetragon_proto_enumTypes = make([]protoimpl.EnumInfo, 4)
-var file_tetragon_tetragon_proto_msgTypes = make([]protoimpl.MessageInfo, 44)
+var file_tetragon_tetragon_proto_msgTypes = make([]protoimpl.MessageInfo, 45)
var file_tetragon_tetragon_proto_goTypes = []interface{}{
(KprobeAction)(0), // 0: tetragon.KprobeAction
(HealthStatusType)(0), // 1: tetragon.HealthStatusType
@@ -4802,35 +4931,36 @@ var file_tetragon_tetragon_proto_goTypes = []interface{}{
(*ProcessKprobe)(nil), // 33: tetragon.ProcessKprobe
(*ProcessTracepoint)(nil), // 34: tetragon.ProcessTracepoint
(*ProcessUprobe)(nil), // 35: tetragon.ProcessUprobe
- (*KernelModule)(nil), // 36: tetragon.KernelModule
- (*Test)(nil), // 37: tetragon.Test
- (*GetHealthStatusRequest)(nil), // 38: tetragon.GetHealthStatusRequest
- (*HealthStatus)(nil), // 39: tetragon.HealthStatus
- (*GetHealthStatusResponse)(nil), // 40: tetragon.GetHealthStatusResponse
- (*ProcessLoader)(nil), // 41: tetragon.ProcessLoader
- (*RuntimeHookRequest)(nil), // 42: tetragon.RuntimeHookRequest
- (*RuntimeHookResponse)(nil), // 43: tetragon.RuntimeHookResponse
- (*CreateContainer)(nil), // 44: tetragon.CreateContainer
- (*StackTraceEntry)(nil), // 45: tetragon.StackTraceEntry
- nil, // 46: tetragon.Pod.PodLabelsEntry
- nil, // 47: tetragon.CreateContainer.AnnotationsEntry
- (*timestamppb.Timestamp)(nil), // 48: google.protobuf.Timestamp
- (*wrapperspb.UInt32Value)(nil), // 49: google.protobuf.UInt32Value
- (CapabilitiesType)(0), // 50: tetragon.CapabilitiesType
- (*wrapperspb.Int32Value)(nil), // 51: google.protobuf.Int32Value
- (SecureBitsType)(0), // 52: tetragon.SecureBitsType
- (ProcessPrivilegesChanged)(0), // 53: tetragon.ProcessPrivilegesChanged
- (*wrapperspb.BoolValue)(nil), // 54: google.protobuf.BoolValue
+ (*ProcessLsm)(nil), // 36: tetragon.ProcessLsm
+ (*KernelModule)(nil), // 37: tetragon.KernelModule
+ (*Test)(nil), // 38: tetragon.Test
+ (*GetHealthStatusRequest)(nil), // 39: tetragon.GetHealthStatusRequest
+ (*HealthStatus)(nil), // 40: tetragon.HealthStatus
+ (*GetHealthStatusResponse)(nil), // 41: tetragon.GetHealthStatusResponse
+ (*ProcessLoader)(nil), // 42: tetragon.ProcessLoader
+ (*RuntimeHookRequest)(nil), // 43: tetragon.RuntimeHookRequest
+ (*RuntimeHookResponse)(nil), // 44: tetragon.RuntimeHookResponse
+ (*CreateContainer)(nil), // 45: tetragon.CreateContainer
+ (*StackTraceEntry)(nil), // 46: tetragon.StackTraceEntry
+ nil, // 47: tetragon.Pod.PodLabelsEntry
+ nil, // 48: tetragon.CreateContainer.AnnotationsEntry
+ (*timestamppb.Timestamp)(nil), // 49: google.protobuf.Timestamp
+ (*wrapperspb.UInt32Value)(nil), // 50: google.protobuf.UInt32Value
+ (CapabilitiesType)(0), // 51: tetragon.CapabilitiesType
+ (*wrapperspb.Int32Value)(nil), // 52: google.protobuf.Int32Value
+ (SecureBitsType)(0), // 53: tetragon.SecureBitsType
+ (ProcessPrivilegesChanged)(0), // 54: tetragon.ProcessPrivilegesChanged
+ (*wrapperspb.BoolValue)(nil), // 55: google.protobuf.BoolValue
}
var file_tetragon_tetragon_proto_depIdxs = []int32{
4, // 0: tetragon.Container.image:type_name -> tetragon.Image
- 48, // 1: tetragon.Container.start_time:type_name -> google.protobuf.Timestamp
- 49, // 2: tetragon.Container.pid:type_name -> google.protobuf.UInt32Value
+ 49, // 1: tetragon.Container.start_time:type_name -> google.protobuf.Timestamp
+ 50, // 2: tetragon.Container.pid:type_name -> google.protobuf.UInt32Value
5, // 3: tetragon.Pod.container:type_name -> tetragon.Container
- 46, // 4: tetragon.Pod.pod_labels:type_name -> tetragon.Pod.PodLabelsEntry
- 50, // 5: tetragon.Capabilities.permitted:type_name -> tetragon.CapabilitiesType
- 50, // 6: tetragon.Capabilities.effective:type_name -> tetragon.CapabilitiesType
- 50, // 7: tetragon.Capabilities.inheritable:type_name -> tetragon.CapabilitiesType
+ 47, // 4: tetragon.Pod.pod_labels:type_name -> tetragon.Pod.PodLabelsEntry
+ 51, // 5: tetragon.Capabilities.permitted:type_name -> tetragon.CapabilitiesType
+ 51, // 6: tetragon.Capabilities.effective:type_name -> tetragon.CapabilitiesType
+ 51, // 7: tetragon.Capabilities.inheritable:type_name -> tetragon.CapabilitiesType
8, // 8: tetragon.Namespaces.uts:type_name -> tetragon.Namespace
8, // 9: tetragon.Namespaces.ipc:type_name -> tetragon.Namespace
8, // 10: tetragon.Namespaces.mnt:type_name -> tetragon.Namespace
@@ -4841,35 +4971,35 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
8, // 15: tetragon.Namespaces.time_for_children:type_name -> tetragon.Namespace
8, // 16: tetragon.Namespaces.cgroup:type_name -> tetragon.Namespace
8, // 17: tetragon.Namespaces.user:type_name -> tetragon.Namespace
- 51, // 18: tetragon.UserNamespace.level:type_name -> google.protobuf.Int32Value
- 49, // 19: tetragon.UserNamespace.uid:type_name -> google.protobuf.UInt32Value
- 49, // 20: tetragon.UserNamespace.gid:type_name -> google.protobuf.UInt32Value
+ 52, // 18: tetragon.UserNamespace.level:type_name -> google.protobuf.Int32Value
+ 50, // 19: tetragon.UserNamespace.uid:type_name -> google.protobuf.UInt32Value
+ 50, // 20: tetragon.UserNamespace.gid:type_name -> google.protobuf.UInt32Value
8, // 21: tetragon.UserNamespace.ns:type_name -> tetragon.Namespace
- 49, // 22: tetragon.ProcessCredentials.uid:type_name -> google.protobuf.UInt32Value
- 49, // 23: tetragon.ProcessCredentials.gid:type_name -> google.protobuf.UInt32Value
- 49, // 24: tetragon.ProcessCredentials.euid:type_name -> google.protobuf.UInt32Value
- 49, // 25: tetragon.ProcessCredentials.egid:type_name -> google.protobuf.UInt32Value
- 49, // 26: tetragon.ProcessCredentials.suid:type_name -> google.protobuf.UInt32Value
- 49, // 27: tetragon.ProcessCredentials.sgid:type_name -> google.protobuf.UInt32Value
- 49, // 28: tetragon.ProcessCredentials.fsuid:type_name -> google.protobuf.UInt32Value
- 49, // 29: tetragon.ProcessCredentials.fsgid:type_name -> google.protobuf.UInt32Value
- 52, // 30: tetragon.ProcessCredentials.securebits:type_name -> tetragon.SecureBitsType
+ 50, // 22: tetragon.ProcessCredentials.uid:type_name -> google.protobuf.UInt32Value
+ 50, // 23: tetragon.ProcessCredentials.gid:type_name -> google.protobuf.UInt32Value
+ 50, // 24: tetragon.ProcessCredentials.euid:type_name -> google.protobuf.UInt32Value
+ 50, // 25: tetragon.ProcessCredentials.egid:type_name -> google.protobuf.UInt32Value
+ 50, // 26: tetragon.ProcessCredentials.suid:type_name -> google.protobuf.UInt32Value
+ 50, // 27: tetragon.ProcessCredentials.sgid:type_name -> google.protobuf.UInt32Value
+ 50, // 28: tetragon.ProcessCredentials.fsuid:type_name -> google.protobuf.UInt32Value
+ 50, // 29: tetragon.ProcessCredentials.fsgid:type_name -> google.protobuf.UInt32Value
+ 53, // 30: tetragon.ProcessCredentials.securebits:type_name -> tetragon.SecureBitsType
7, // 31: tetragon.ProcessCredentials.caps:type_name -> tetragon.Capabilities
10, // 32: tetragon.ProcessCredentials.user_ns:type_name -> tetragon.UserNamespace
- 49, // 33: tetragon.InodeProperties.links:type_name -> google.protobuf.UInt32Value
+ 50, // 33: tetragon.InodeProperties.links:type_name -> google.protobuf.UInt32Value
12, // 34: tetragon.FileProperties.inode:type_name -> tetragon.InodeProperties
- 49, // 35: tetragon.BinaryProperties.setuid:type_name -> google.protobuf.UInt32Value
- 49, // 36: tetragon.BinaryProperties.setgid:type_name -> google.protobuf.UInt32Value
- 53, // 37: tetragon.BinaryProperties.privileges_changed:type_name -> tetragon.ProcessPrivilegesChanged
+ 50, // 35: tetragon.BinaryProperties.setuid:type_name -> google.protobuf.UInt32Value
+ 50, // 36: tetragon.BinaryProperties.setgid:type_name -> google.protobuf.UInt32Value
+ 54, // 37: tetragon.BinaryProperties.privileges_changed:type_name -> tetragon.ProcessPrivilegesChanged
13, // 38: tetragon.BinaryProperties.file:type_name -> tetragon.FileProperties
- 49, // 39: tetragon.Process.pid:type_name -> google.protobuf.UInt32Value
- 49, // 40: tetragon.Process.uid:type_name -> google.protobuf.UInt32Value
- 48, // 41: tetragon.Process.start_time:type_name -> google.protobuf.Timestamp
- 49, // 42: tetragon.Process.auid:type_name -> google.protobuf.UInt32Value
+ 50, // 39: tetragon.Process.pid:type_name -> google.protobuf.UInt32Value
+ 50, // 40: tetragon.Process.uid:type_name -> google.protobuf.UInt32Value
+ 49, // 41: tetragon.Process.start_time:type_name -> google.protobuf.Timestamp
+ 50, // 42: tetragon.Process.auid:type_name -> google.protobuf.UInt32Value
6, // 43: tetragon.Process.pod:type_name -> tetragon.Pod
7, // 44: tetragon.Process.cap:type_name -> tetragon.Capabilities
9, // 45: tetragon.Process.ns:type_name -> tetragon.Namespaces
- 49, // 46: tetragon.Process.tid:type_name -> google.protobuf.UInt32Value
+ 50, // 46: tetragon.Process.tid:type_name -> google.protobuf.UInt32Value
11, // 47: tetragon.Process.process_credentials:type_name -> tetragon.ProcessCredentials
14, // 48: tetragon.Process.binary_properties:type_name -> tetragon.BinaryProperties
15, // 49: tetragon.Process.user:type_name -> tetragon.UserRecord
@@ -4878,14 +5008,14 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
16, // 52: tetragon.ProcessExec.ancestors:type_name -> tetragon.Process
16, // 53: tetragon.ProcessExit.process:type_name -> tetragon.Process
16, // 54: tetragon.ProcessExit.parent:type_name -> tetragon.Process
- 48, // 55: tetragon.ProcessExit.time:type_name -> google.protobuf.Timestamp
- 50, // 56: tetragon.KprobeCred.permitted:type_name -> tetragon.CapabilitiesType
- 50, // 57: tetragon.KprobeCred.effective:type_name -> tetragon.CapabilitiesType
- 50, // 58: tetragon.KprobeCred.inheritable:type_name -> tetragon.CapabilitiesType
- 51, // 59: tetragon.KprobeCapability.value:type_name -> google.protobuf.Int32Value
- 51, // 60: tetragon.KprobeUserNamespace.level:type_name -> google.protobuf.Int32Value
- 49, // 61: tetragon.KprobeUserNamespace.owner:type_name -> google.protobuf.UInt32Value
- 49, // 62: tetragon.KprobeUserNamespace.group:type_name -> google.protobuf.UInt32Value
+ 49, // 55: tetragon.ProcessExit.time:type_name -> google.protobuf.Timestamp
+ 51, // 56: tetragon.KprobeCred.permitted:type_name -> tetragon.CapabilitiesType
+ 51, // 57: tetragon.KprobeCred.effective:type_name -> tetragon.CapabilitiesType
+ 51, // 58: tetragon.KprobeCred.inheritable:type_name -> tetragon.CapabilitiesType
+ 52, // 59: tetragon.KprobeCapability.value:type_name -> google.protobuf.Int32Value
+ 52, // 60: tetragon.KprobeUserNamespace.level:type_name -> google.protobuf.Int32Value
+ 50, // 61: tetragon.KprobeUserNamespace.owner:type_name -> google.protobuf.UInt32Value
+ 50, // 62: tetragon.KprobeUserNamespace.group:type_name -> google.protobuf.UInt32Value
8, // 63: tetragon.KprobeUserNamespace.ns:type_name -> tetragon.Namespace
20, // 64: tetragon.KprobeArgument.skb_arg:type_name -> tetragon.KprobeSkb
22, // 65: tetragon.KprobeArgument.path_arg:type_name -> tetragon.KprobePath
@@ -4900,7 +5030,7 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
27, // 74: tetragon.KprobeArgument.capability_arg:type_name -> tetragon.KprobeCapability
11, // 75: tetragon.KprobeArgument.process_credentials_arg:type_name -> tetragon.ProcessCredentials
10, // 76: tetragon.KprobeArgument.user_ns_arg:type_name -> tetragon.UserNamespace
- 36, // 77: tetragon.KprobeArgument.module_arg:type_name -> tetragon.KernelModule
+ 37, // 77: tetragon.KprobeArgument.module_arg:type_name -> tetragon.KernelModule
26, // 78: tetragon.KprobeArgument.linux_binprm_arg:type_name -> tetragon.KprobeLinuxBinprm
21, // 79: tetragon.KprobeArgument.net_dev_arg:type_name -> tetragon.KprobeNetDev
16, // 80: tetragon.ProcessKprobe.process:type_name -> tetragon.Process
@@ -4908,9 +5038,9 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
32, // 82: tetragon.ProcessKprobe.args:type_name -> tetragon.KprobeArgument
32, // 83: tetragon.ProcessKprobe.return:type_name -> tetragon.KprobeArgument
0, // 84: tetragon.ProcessKprobe.action:type_name -> tetragon.KprobeAction
- 45, // 85: tetragon.ProcessKprobe.kernel_stack_trace:type_name -> tetragon.StackTraceEntry
+ 46, // 85: tetragon.ProcessKprobe.kernel_stack_trace:type_name -> tetragon.StackTraceEntry
0, // 86: tetragon.ProcessKprobe.return_action:type_name -> tetragon.KprobeAction
- 45, // 87: tetragon.ProcessKprobe.user_stack_trace:type_name -> tetragon.StackTraceEntry
+ 46, // 87: tetragon.ProcessKprobe.user_stack_trace:type_name -> tetragon.StackTraceEntry
16, // 88: tetragon.ProcessTracepoint.process:type_name -> tetragon.Process
16, // 89: tetragon.ProcessTracepoint.parent:type_name -> tetragon.Process
32, // 90: tetragon.ProcessTracepoint.args:type_name -> tetragon.KprobeArgument
@@ -4918,20 +5048,24 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
16, // 92: tetragon.ProcessUprobe.process:type_name -> tetragon.Process
16, // 93: tetragon.ProcessUprobe.parent:type_name -> tetragon.Process
32, // 94: tetragon.ProcessUprobe.args:type_name -> tetragon.KprobeArgument
- 54, // 95: tetragon.KernelModule.signature_ok:type_name -> google.protobuf.BoolValue
- 3, // 96: tetragon.KernelModule.tainted:type_name -> tetragon.TaintedBitsType
- 1, // 97: tetragon.GetHealthStatusRequest.event_set:type_name -> tetragon.HealthStatusType
- 1, // 98: tetragon.HealthStatus.event:type_name -> tetragon.HealthStatusType
- 2, // 99: tetragon.HealthStatus.status:type_name -> tetragon.HealthStatusResult
- 39, // 100: tetragon.GetHealthStatusResponse.health_status:type_name -> tetragon.HealthStatus
- 16, // 101: tetragon.ProcessLoader.process:type_name -> tetragon.Process
- 44, // 102: tetragon.RuntimeHookRequest.createContainer:type_name -> tetragon.CreateContainer
- 47, // 103: tetragon.CreateContainer.annotations:type_name -> tetragon.CreateContainer.AnnotationsEntry
- 104, // [104:104] is the sub-list for method output_type
- 104, // [104:104] is the sub-list for method input_type
- 104, // [104:104] is the sub-list for extension type_name
- 104, // [104:104] is the sub-list for extension extendee
- 0, // [0:104] is the sub-list for field type_name
+ 16, // 95: tetragon.ProcessLsm.process:type_name -> tetragon.Process
+ 16, // 96: tetragon.ProcessLsm.parent:type_name -> tetragon.Process
+ 32, // 97: tetragon.ProcessLsm.args:type_name -> tetragon.KprobeArgument
+ 0, // 98: tetragon.ProcessLsm.action:type_name -> tetragon.KprobeAction
+ 55, // 99: tetragon.KernelModule.signature_ok:type_name -> google.protobuf.BoolValue
+ 3, // 100: tetragon.KernelModule.tainted:type_name -> tetragon.TaintedBitsType
+ 1, // 101: tetragon.GetHealthStatusRequest.event_set:type_name -> tetragon.HealthStatusType
+ 1, // 102: tetragon.HealthStatus.event:type_name -> tetragon.HealthStatusType
+ 2, // 103: tetragon.HealthStatus.status:type_name -> tetragon.HealthStatusResult
+ 40, // 104: tetragon.GetHealthStatusResponse.health_status:type_name -> tetragon.HealthStatus
+ 16, // 105: tetragon.ProcessLoader.process:type_name -> tetragon.Process
+ 45, // 106: tetragon.RuntimeHookRequest.createContainer:type_name -> tetragon.CreateContainer
+ 48, // 107: tetragon.CreateContainer.annotations:type_name -> tetragon.CreateContainer.AnnotationsEntry
+ 108, // [108:108] is the sub-list for method output_type
+ 108, // [108:108] is the sub-list for method input_type
+ 108, // [108:108] is the sub-list for extension type_name
+ 108, // [108:108] is the sub-list for extension extendee
+ 0, // [0:108] is the sub-list for field type_name
}
func init() { file_tetragon_tetragon_proto_init() }
@@ -5326,7 +5460,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*KernelModule); i {
+ switch v := v.(*ProcessLsm); i {
case 0:
return &v.state
case 1:
@@ -5338,7 +5472,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*Test); i {
+ switch v := v.(*KernelModule); i {
case 0:
return &v.state
case 1:
@@ -5350,7 +5484,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*GetHealthStatusRequest); i {
+ switch v := v.(*Test); i {
case 0:
return &v.state
case 1:
@@ -5362,7 +5496,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*HealthStatus); i {
+ switch v := v.(*GetHealthStatusRequest); i {
case 0:
return &v.state
case 1:
@@ -5374,7 +5508,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*GetHealthStatusResponse); i {
+ switch v := v.(*HealthStatus); i {
case 0:
return &v.state
case 1:
@@ -5386,7 +5520,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*ProcessLoader); i {
+ switch v := v.(*GetHealthStatusResponse); i {
case 0:
return &v.state
case 1:
@@ -5398,7 +5532,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*RuntimeHookRequest); i {
+ switch v := v.(*ProcessLoader); i {
case 0:
return &v.state
case 1:
@@ -5410,7 +5544,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*RuntimeHookResponse); i {
+ switch v := v.(*RuntimeHookRequest); i {
case 0:
return &v.state
case 1:
@@ -5422,7 +5556,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*CreateContainer); i {
+ switch v := v.(*RuntimeHookResponse); i {
case 0:
return &v.state
case 1:
@@ -5434,6 +5568,18 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[41].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*CreateContainer); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_tetragon_tetragon_proto_msgTypes[42].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*StackTraceEntry); i {
case 0:
return &v.state
@@ -5474,7 +5620,7 @@ func file_tetragon_tetragon_proto_init() {
(*KprobeArgument_LinuxBinprmArg)(nil),
(*KprobeArgument_NetDevArg)(nil),
}
- file_tetragon_tetragon_proto_msgTypes[38].OneofWrappers = []interface{}{
+ file_tetragon_tetragon_proto_msgTypes[39].OneofWrappers = []interface{}{
(*RuntimeHookRequest_CreateContainer)(nil),
}
type x struct{}
@@ -5483,7 +5629,7 @@ func file_tetragon_tetragon_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_tetragon_tetragon_proto_rawDesc,
NumEnums: 4,
- NumMessages: 44,
+ NumMessages: 45,
NumExtensions: 0,
NumServices: 0,
},
diff --git a/api/v1/tetragon/tetragon.pb.json.go b/api/v1/tetragon/tetragon.pb.json.go
index caedb88f5ec..fece138cc0d 100644
--- a/api/v1/tetragon/tetragon.pb.json.go
+++ b/api/v1/tetragon/tetragon.pb.json.go
@@ -519,6 +519,22 @@ func (msg *ProcessUprobe) UnmarshalJSON(b []byte) error {
}.Unmarshal(b, msg)
}
+// MarshalJSON implements json.Marshaler
+func (msg *ProcessLsm) MarshalJSON() ([]byte, error) {
+ return protojson.MarshalOptions{
+ UseEnumNumbers: false,
+ EmitUnpopulated: false,
+ UseProtoNames: true,
+ }.Marshal(msg)
+}
+
+// UnmarshalJSON implements json.Unmarshaler
+func (msg *ProcessLsm) UnmarshalJSON(b []byte) error {
+ return protojson.UnmarshalOptions{
+ DiscardUnknown: false,
+ }.Unmarshal(b, msg)
+}
+
// MarshalJSON implements json.Marshaler
func (msg *KernelModule) MarshalJSON() ([]byte, error) {
return protojson.MarshalOptions{
diff --git a/api/v1/tetragon/tetragon.proto b/api/v1/tetragon/tetragon.proto
index 801f46c0b3f..34a6df09557 100644
--- a/api/v1/tetragon/tetragon.proto
+++ b/api/v1/tetragon/tetragon.proto
@@ -532,6 +532,23 @@ message ProcessUprobe {
repeated string tags = 8;
}
+message ProcessLsm {
+ Process process = 1;
+ Process parent = 2;
+ // LSM hook name.
+ string function_name = 3;
+ // Name of the policy that created that LSM hook.
+ string policy_name = 5;
+ // Short message of the Tracing Policy to inform users what is going on.
+ string message = 6;
+ // Arguments definition of the observed LSM hook.
+ repeated KprobeArgument args = 7;
+ // Action performed when the LSM hook matched.
+ KprobeAction action = 8;
+ // Tags of the Tracing Policy to categorize the event.
+ repeated string tags = 9;
+}
+
message KernelModule {
// Kernel module name
string name = 1;
diff --git a/api/v1/tetragon/types.pb.go b/api/v1/tetragon/types.pb.go
index f418b3eaca8..81f84cc6a27 100644
--- a/api/v1/tetragon/types.pb.go
+++ b/api/v1/tetragon/types.pb.go
@@ -129,6 +129,26 @@ func (event *ProcessUprobe) SetParent(p *Process) {
event.Parent = p
}
+// Encapsulate implements the Event interface.
+// Returns the event wrapped by its GetEventsResponse_* type.
+func (event *ProcessLsm) Encapsulate() IsGetEventsResponse_Event {
+ return &GetEventsResponse_ProcessLsm{
+ ProcessLsm: event,
+ }
+}
+
+// SetProcess implements the ProcessEvent interface.
+// Sets the Process field of an event.
+func (event *ProcessLsm) SetProcess(p *Process) {
+ event.Process = p
+}
+
+// SetParent implements the ParentEvent interface.
+// Sets the Parent field of an event.
+func (event *ProcessLsm) SetParent(p *Process) {
+ event.Parent = p
+}
+
// Encapsulate implements the Event interface.
// Returns the event wrapped by its GetEventsResponse_* type.
func (event *Test) Encapsulate() IsGetEventsResponse_Event {
@@ -184,6 +204,8 @@ func UnwrapGetEventsResponse(response *GetEventsResponse) interface{} {
return ev.ProcessTracepoint
case *GetEventsResponse_ProcessUprobe:
return ev.ProcessUprobe
+ case *GetEventsResponse_ProcessLsm:
+ return ev.ProcessLsm
case *GetEventsResponse_Test:
return ev.Test
case *GetEventsResponse_ProcessLoader:
diff --git a/bpf/Makefile b/bpf/Makefile
index ff53d8866e5..68b6360ee29 100644
--- a/bpf/Makefile
+++ b/bpf/Makefile
@@ -15,6 +15,7 @@ PROCESS = bpf_execve_event.o bpf_execve_event_v53.o bpf_fork.o bpf_exit.o bpf_ge
bpf_multi_kprobe_v53.o bpf_multi_retkprobe_v53.o \
bpf_generic_tracepoint.o bpf_generic_tracepoint_v53.o \
bpf_generic_uprobe.o bpf_generic_uprobe_v53.o \
+ bpf_generic_lsm.o bpf_generic_lsm_v511.o \
bpf_execve_event_v61.o \
bpf_generic_kprobe_v61.o bpf_generic_retkprobe_v61.o \
bpf_generic_tracepoint_v61.o \
@@ -26,6 +27,7 @@ PROCESS = bpf_execve_event.o bpf_execve_event_v53.o bpf_fork.o bpf_exit.o bpf_ge
bpf_generic_tracepoint_v511.o \
bpf_multi_kprobe_v511.o bpf_multi_retkprobe_v511.o \
bpf_generic_uprobe_v511.o \
+ bpf_generic_lsm_v61.o \
bpf_loader.o \
bpf_cgroup.o \
bpf_enforcer.o bpf_multi_enforcer.o bpf_fmodret_enforcer.o
@@ -69,6 +71,7 @@ deps/bpf_multi_retkprobe_$$(VAR).d: process/bpf_generic_retkprobe.c
deps/bpf_generic_tracepoint_$$(VAR).d: process/bpf_generic_tracepoint.c
deps/bpf_generic_uprobe_$$(VAR).d: process/bpf_generic_uprobe.c
deps/bpf_multi_uprobe_$$(VAR).d: process/bpf_generic_uprobe.c
+deps/bpf_generic_lsm_$$(VAR).d: process/bpf_generic_lsm.c
endef
# Generic build targets for each sub-dir
diff --git a/bpf/lib/msg_types.h b/bpf/lib/msg_types.h
index 4dd54b39440..962c213c747 100644
--- a/bpf/lib/msg_types.h
+++ b/bpf/lib/msg_types.h
@@ -12,6 +12,7 @@ enum msg_ops {
MSG_OP_GENERIC_KPROBE = 13,
MSG_OP_GENERIC_TRACEPOINT = 14,
MSG_OP_GENERIC_UPROBE = 15,
+ MSG_OP_GENERIC_LSM = 16,
MSG_OP_TEST = 254,
diff --git a/bpf/process/bpf_generic_lsm.c b/bpf/process/bpf_generic_lsm.c
new file mode 100644
index 00000000000..313e0638a8a
--- /dev/null
+++ b/bpf/process/bpf_generic_lsm.c
@@ -0,0 +1,162 @@
+// SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
+/* Copyright Authors of Cilium */
+
+#include "vmlinux.h"
+#include "api.h"
+
+#define GENERIC_LSM
+
+#include "compiler.h"
+#include "bpf_event.h"
+#include "bpf_task.h"
+#include "retprobe_map.h"
+#include "types/operations.h"
+#include "types/basic.h"
+#include "generic_calls.h"
+#include "pfilter.h"
+
+char _license[] __attribute__((section("license"), used)) = "Dual BSD/GPL";
+
+struct {
+ __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
+ __uint(max_entries, 1);
+ __type(key, __u32);
+ __type(value, struct msg_generic_kprobe);
+} process_call_heap SEC(".maps");
+
+struct {
+ __uint(type, BPF_MAP_TYPE_PROG_ARRAY);
+ __uint(max_entries, 13);
+ __uint(key_size, sizeof(__u32));
+ __uint(value_size, sizeof(__u32));
+} lsm_calls SEC(".maps");
+
+struct filter_map_value {
+ unsigned char buf[FILTER_SIZE];
+};
+
+/* Arrays of size 1 will be rewritten to direct loads in verifier */
+struct {
+ __uint(type, BPF_MAP_TYPE_ARRAY);
+ __uint(max_entries, 1);
+ __type(key, int);
+ __type(value, struct filter_map_value);
+} filter_map SEC(".maps");
+
+struct {
+ __uint(type, BPF_MAP_TYPE_ARRAY);
+ __uint(max_entries, 1);
+ __type(key, __u32);
+ __type(value, struct event_config);
+} config_map SEC(".maps");
+
+static struct generic_maps maps = {
+ .heap = (struct bpf_map_def *)&process_call_heap,
+ .calls = (struct bpf_map_def *)&lsm_calls,
+ .filter = (struct bpf_map_def *)&filter_map,
+};
+
+FUNC_INLINE int
+generic_lsm_start_process_filter(void *ctx)
+{
+ struct msg_generic_kprobe *msg;
+ struct event_config *config;
+ struct task_struct *task;
+ int i, zero = 0;
+
+ msg = map_lookup_elem(&process_call_heap, &zero);
+ if (!msg)
+ return 0;
+ /* Initialize selector index to 0 */
+ msg->sel.curr = 0;
+#pragma unroll
+ for (i = 0; i < MAX_CONFIGURED_SELECTORS; i++)
+ msg->sel.active[i] = 0;
+ /* Initialize accept field to reject */
+ msg->sel.pass = false;
+ msg->tailcall_index_process = 0;
+ msg->tailcall_index_selector = 0;
+ task = (struct task_struct *)get_current_task();
+ /* Initialize namespaces to apply filters on them */
+ get_namespaces(&msg->ns, task);
+ /* Initialize capabilities to apply filters on them */
+ get_current_subj_caps(&msg->caps, task);
+#ifdef __NS_CHANGES_FILTER
+ msg->sel.match_ns = 0;
+#endif
+#ifdef __CAP_CHANGES_FILTER
+ msg->sel.match_cap = 0;
+#endif
+ msg->idx = get_index(ctx);
+ // setup index and function id
+ config = map_lookup_elem(&config_map, &msg->idx);
+ if (!config)
+ return 0;
+ msg->func_id = config->func_id;
+ msg->retprobe_id = 0;
+ /* Tail call into filters. */
+ tail_call(ctx, &lsm_calls, TAIL_CALL_FILTER);
+ return 0;
+}
+
+#define MAIN "lsm/generic_lsm"
+
+__attribute__((section((MAIN)), used)) int
+generic_lsm_event(struct pt_regs *ctx)
+{
+ return generic_lsm_start_process_filter(ctx);
+}
+
+__attribute__((section("lsm/0"), used)) int
+generic_lsm_setup_event(void *ctx)
+{
+ return generic_process_event_and_setup(
+ ctx, (struct bpf_map_def *)&process_call_heap,
+ (struct bpf_map_def *)&lsm_calls,
+ (struct bpf_map_def *)&config_map, 0);
+}
+
+__attribute__((section("lsm/1"), used)) int
+generic_lsm_process_event(void *ctx)
+{
+ return generic_process_event(ctx,
+ (struct bpf_map_def *)&process_call_heap,
+ (struct bpf_map_def *)&lsm_calls,
+ (struct bpf_map_def *)&config_map, 0);
+}
+
+__attribute__((section("lsm/2"), used)) int
+generic_lsm_process_filter(void *ctx)
+{
+ int ret;
+
+ ret = generic_process_filter((struct bpf_map_def *)&process_call_heap,
+ (struct bpf_map_def *)&filter_map);
+ if (ret == PFILTER_CONTINUE)
+ tail_call(ctx, &lsm_calls, TAIL_CALL_FILTER);
+ else if (ret == PFILTER_ACCEPT)
+ tail_call(ctx, &lsm_calls, 0);
+ return PFILTER_REJECT;
+}
+
+__attribute__((section("lsm/3"), used)) int
+generic_lsm_filter_arg(void *ctx)
+{
+ return filter_read_arg(ctx, (struct bpf_map_def *)&process_call_heap,
+ (struct bpf_map_def *)&filter_map,
+ (struct bpf_map_def *)&lsm_calls,
+ (struct bpf_map_def *)&config_map,
+ true);
+}
+
+__attribute__((section("lsm/4"), used)) int
+generic_lsm_actions(void *ctx)
+{
+ return generic_actions(ctx, &maps);
+}
+
+__attribute__((section("lsm/5"), used)) int
+generic_lsm_output(void *ctx)
+{
+ return generic_output(ctx, (struct bpf_map_def *)&process_call_heap, MSG_OP_GENERIC_LSM);
+}
diff --git a/bpf/process/generic_calls.h b/bpf/process/generic_calls.h
index 505d8b2c3d3..7d378f54c56 100644
--- a/bpf/process/generic_calls.h
+++ b/bpf/process/generic_calls.h
@@ -172,6 +172,16 @@ generic_process_event_and_setup(struct pt_regs *ctx,
retprobe_map_set(e->func_id, e->retprobe_id, e->common.ktime, 1);
#endif
+#ifdef GENERIC_LSM
+ /* no arguments for uprobes for now */
+ e->a0 = PT_REGS_PARM1_CORE(ctx);
+ e->a1 = PT_REGS_PARM2_CORE(ctx);
+ e->a2 = PT_REGS_PARM3_CORE(ctx);
+ e->a3 = PT_REGS_PARM4_CORE(ctx);
+ e->a4 = PT_REGS_PARM5_CORE(ctx);
+ generic_process_init(e, MSG_OP_GENERIC_LSM, config);
+#endif
+
#ifdef GENERIC_UPROBE
/* no arguments for uprobes for now */
e->a0 = PT_REGS_PARM1_CORE(ctx);
diff --git a/bpf/process/types/basic.h b/bpf/process/types/basic.h
index acb78562a2f..af9ae76a8df 100644
--- a/bpf/process/types/basic.h
+++ b/bpf/process/types/basic.h
@@ -2108,7 +2108,7 @@ struct {
__uint(value_size, sizeof(__u64) * PERF_MAX_STACK_DEPTH);
} stack_trace_map SEC(".maps");
-#if defined GENERIC_TRACEPOINT || defined GENERIC_KPROBE
+#if defined GENERIC_TRACEPOINT || defined GENERIC_KPROBE || defined GENERIC_LSM
FUNC_INLINE void do_action_notify_enforcer(int error, int signal)
{
do_enforcer_action(error, signal);
diff --git a/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go b/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go
index f11dc36ba6c..b903f651925 100644
--- a/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go
+++ b/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go
@@ -41,6 +41,7 @@ const (
EventType_PROCESS_TRACEPOINT EventType = 10
EventType_PROCESS_LOADER EventType = 11
EventType_PROCESS_UPROBE EventType = 12
+ EventType_PROCESS_LSM EventType = 13
EventType_PROCESS_THROTTLE EventType = 27
EventType_TEST EventType = 40000
EventType_RATE_LIMIT_INFO EventType = 40001
@@ -56,6 +57,7 @@ var (
10: "PROCESS_TRACEPOINT",
11: "PROCESS_LOADER",
12: "PROCESS_UPROBE",
+ 13: "PROCESS_LSM",
27: "PROCESS_THROTTLE",
40000: "TEST",
40001: "RATE_LIMIT_INFO",
@@ -68,6 +70,7 @@ var (
"PROCESS_TRACEPOINT": 10,
"PROCESS_LOADER": 11,
"PROCESS_UPROBE": 12,
+ "PROCESS_LSM": 13,
"PROCESS_THROTTLE": 27,
"TEST": 40000,
"RATE_LIMIT_INFO": 40001,
@@ -944,6 +947,7 @@ type GetEventsResponse struct {
// *GetEventsResponse_ProcessTracepoint
// *GetEventsResponse_ProcessLoader
// *GetEventsResponse_ProcessUprobe
+ // *GetEventsResponse_ProcessLsm
// *GetEventsResponse_ProcessThrottle
// *GetEventsResponse_Test
// *GetEventsResponse_RateLimitInfo
@@ -1040,6 +1044,13 @@ func (x *GetEventsResponse) GetProcessUprobe() *ProcessUprobe {
return nil
}
+func (x *GetEventsResponse) GetProcessLsm() *ProcessLsm {
+ if x, ok := x.GetEvent().(*GetEventsResponse_ProcessLsm); ok {
+ return x.ProcessLsm
+ }
+ return nil
+}
+
func (x *GetEventsResponse) GetProcessThrottle() *ProcessThrottle {
if x, ok := x.GetEvent().(*GetEventsResponse_ProcessThrottle); ok {
return x.ProcessThrottle
@@ -1117,6 +1128,10 @@ type GetEventsResponse_ProcessUprobe struct {
ProcessUprobe *ProcessUprobe `protobuf:"bytes,12,opt,name=process_uprobe,json=processUprobe,proto3,oneof"`
}
+type GetEventsResponse_ProcessLsm struct {
+ ProcessLsm *ProcessLsm `protobuf:"bytes,13,opt,name=process_lsm,json=processLsm,proto3,oneof"`
+}
+
type GetEventsResponse_ProcessThrottle struct {
ProcessThrottle *ProcessThrottle `protobuf:"bytes,27,opt,name=process_throttle,json=processThrottle,proto3,oneof"`
}
@@ -1141,6 +1156,8 @@ func (*GetEventsResponse_ProcessLoader) isGetEventsResponse_Event() {}
func (*GetEventsResponse_ProcessUprobe) isGetEventsResponse_Event() {}
+func (*GetEventsResponse_ProcessLsm) isGetEventsResponse_Event() {}
+
func (*GetEventsResponse_ProcessThrottle) isGetEventsResponse_Event() {}
func (*GetEventsResponse_Test) isGetEventsResponse_Event() {}
@@ -1274,7 +1291,7 @@ var file_tetragon_events_proto_rawDesc = []byte{
0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e,
0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79,
0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x02, 0x20, 0x01,
- 0x28, 0x09, 0x52, 0x06, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xf3, 0x05, 0x0a, 0x11, 0x47,
+ 0x28, 0x09, 0x52, 0x06, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xac, 0x06, 0x0a, 0x11, 0x47,
0x65, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
0x12, 0x3a, 0x0a, 0x0c, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x65, 0x78, 0x65, 0x63,
0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f,
@@ -1300,49 +1317,54 @@ var file_tetragon_events_proto_rawDesc = []byte{
0x6f, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x75, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x18, 0x0c, 0x20, 0x01,
0x28, 0x0b, 0x32, 0x17, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72,
0x6f, 0x63, 0x65, 0x73, 0x73, 0x55, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x48, 0x00, 0x52, 0x0d, 0x70,
- 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x55, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x46, 0x0a, 0x10,
- 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65,
- 0x18, 0x1b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f,
- 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c,
- 0x65, 0x48, 0x00, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x6f,
- 0x74, 0x74, 0x6c, 0x65, 0x12, 0x26, 0x0a, 0x04, 0x74, 0x65, 0x73, 0x74, 0x18, 0xc0, 0xb8, 0x02,
- 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e,
- 0x54, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x04, 0x74, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, 0x0f,
- 0x72, 0x61, 0x74, 0x65, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18,
- 0xc1, 0xb8, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67,
- 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, 0x66, 0x6f,
- 0x48, 0x00, 0x52, 0x0d, 0x72, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, 0x66,
- 0x6f, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0xe8,
- 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12,
- 0x2f, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0xe9, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
- 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
- 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65,
- 0x12, 0x45, 0x0a, 0x10, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
- 0x69, 0x6e, 0x66, 0x6f, 0x18, 0xea, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65,
- 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x41, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69,
- 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74,
- 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x42, 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74,
- 0x2a, 0xc7, 0x01, 0x0a, 0x09, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x09,
- 0x0a, 0x05, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f,
- 0x43, 0x45, 0x53, 0x53, 0x5f, 0x45, 0x58, 0x45, 0x43, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x50,
- 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x45, 0x58, 0x49, 0x54, 0x10, 0x05, 0x12, 0x12, 0x0a,
- 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x10,
- 0x09, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x54, 0x52, 0x41,
- 0x43, 0x45, 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x10, 0x0a, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f,
- 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4c, 0x4f, 0x41, 0x44, 0x45, 0x52, 0x10, 0x0b, 0x12, 0x12, 0x0a,
- 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x55, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x10,
- 0x0c, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x54, 0x48, 0x52,
- 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x10, 0x1b, 0x12, 0x0a, 0x0a, 0x04, 0x54, 0x45, 0x53, 0x54, 0x10,
- 0xc0, 0xb8, 0x02, 0x12, 0x15, 0x0a, 0x0f, 0x52, 0x41, 0x54, 0x45, 0x5f, 0x4c, 0x49, 0x4d, 0x49,
- 0x54, 0x5f, 0x49, 0x4e, 0x46, 0x4f, 0x10, 0xc1, 0xb8, 0x02, 0x2a, 0x2d, 0x0a, 0x11, 0x46, 0x69,
- 0x65, 0x6c, 0x64, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12,
- 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x43, 0x4c, 0x55, 0x44, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07,
- 0x45, 0x58, 0x43, 0x4c, 0x55, 0x44, 0x45, 0x10, 0x01, 0x2a, 0x4b, 0x0a, 0x0c, 0x54, 0x68, 0x72,
- 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x48, 0x52,
- 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12,
- 0x12, 0x0a, 0x0e, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x52,
- 0x54, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f,
- 0x53, 0x54, 0x4f, 0x50, 0x10, 0x02, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+ 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x55, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x37, 0x0a, 0x0b,
+ 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x73, 0x6d, 0x18, 0x0d, 0x20, 0x01, 0x28,
+ 0x0b, 0x32, 0x14, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f,
+ 0x63, 0x65, 0x73, 0x73, 0x4c, 0x73, 0x6d, 0x48, 0x00, 0x52, 0x0a, 0x70, 0x72, 0x6f, 0x63, 0x65,
+ 0x73, 0x73, 0x4c, 0x73, 0x6d, 0x12, 0x46, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73,
+ 0x5f, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x0b, 0x32,
+ 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65,
+ 0x73, 0x73, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x48, 0x00, 0x52, 0x0f, 0x70, 0x72,
+ 0x6f, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x12, 0x26, 0x0a,
+ 0x04, 0x74, 0x65, 0x73, 0x74, 0x18, 0xc0, 0xb8, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e,
+ 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x54, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52,
+ 0x04, 0x74, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, 0x0f, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x6c, 0x69,
+ 0x6d, 0x69, 0x74, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0xc1, 0xb8, 0x02, 0x20, 0x01, 0x28, 0x0b,
+ 0x32, 0x17, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x74, 0x65,
+ 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x48, 0x00, 0x52, 0x0d, 0x72, 0x61, 0x74,
+ 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x6f,
+ 0x64, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0xe8, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
+ 0x6e, 0x6f, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2f, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65,
+ 0x18, 0xe9, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+ 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74,
+ 0x61, 0x6d, 0x70, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x45, 0x0a, 0x10, 0x61, 0x67, 0x67,
+ 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0xea, 0x07,
+ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e,
+ 0x41, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52,
+ 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f,
+ 0x42, 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x2a, 0xd8, 0x01, 0x0a, 0x09, 0x45, 0x76,
+ 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x55, 0x4e, 0x44, 0x45, 0x46,
+ 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x45, 0x58,
+ 0x45, 0x43, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f,
+ 0x45, 0x58, 0x49, 0x54, 0x10, 0x05, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53,
+ 0x53, 0x5f, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x10, 0x09, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52,
+ 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x54, 0x52, 0x41, 0x43, 0x45, 0x50, 0x4f, 0x49, 0x4e, 0x54,
+ 0x10, 0x0a, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4c, 0x4f,
+ 0x41, 0x44, 0x45, 0x52, 0x10, 0x0b, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53,
+ 0x53, 0x5f, 0x55, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x52,
+ 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4c, 0x53, 0x4d, 0x10, 0x0d, 0x12, 0x14, 0x0a, 0x10, 0x50,
+ 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x10,
+ 0x1b, 0x12, 0x0a, 0x0a, 0x04, 0x54, 0x45, 0x53, 0x54, 0x10, 0xc0, 0xb8, 0x02, 0x12, 0x15, 0x0a,
+ 0x0f, 0x52, 0x41, 0x54, 0x45, 0x5f, 0x4c, 0x49, 0x4d, 0x49, 0x54, 0x5f, 0x49, 0x4e, 0x46, 0x4f,
+ 0x10, 0xc1, 0xb8, 0x02, 0x2a, 0x2d, 0x0a, 0x11, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x46, 0x69, 0x6c,
+ 0x74, 0x65, 0x72, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x43,
+ 0x4c, 0x55, 0x44, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x58, 0x43, 0x4c, 0x55, 0x44,
+ 0x45, 0x10, 0x01, 0x2a, 0x4b, 0x0a, 0x0c, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x54,
+ 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f,
+ 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x54, 0x48, 0x52,
+ 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x52, 0x54, 0x10, 0x01, 0x12, 0x11, 0x0a,
+ 0x0d, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f, 0x53, 0x54, 0x4f, 0x50, 0x10, 0x02,
+ 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@@ -1384,8 +1406,9 @@ var file_tetragon_events_proto_goTypes = []interface{}{
(*ProcessTracepoint)(nil), // 21: tetragon.ProcessTracepoint
(*ProcessLoader)(nil), // 22: tetragon.ProcessLoader
(*ProcessUprobe)(nil), // 23: tetragon.ProcessUprobe
- (*Test)(nil), // 24: tetragon.Test
- (*timestamppb.Timestamp)(nil), // 25: google.protobuf.Timestamp
+ (*ProcessLsm)(nil), // 24: tetragon.ProcessLsm
+ (*Test)(nil), // 25: tetragon.Test
+ (*timestamppb.Timestamp)(nil), // 26: google.protobuf.Timestamp
}
var file_tetragon_events_proto_depIdxs = []int32{
14, // 0: tetragon.Filter.health_check:type_name -> google.protobuf.BoolValue
@@ -1415,16 +1438,17 @@ var file_tetragon_events_proto_depIdxs = []int32{
21, // 24: tetragon.GetEventsResponse.process_tracepoint:type_name -> tetragon.ProcessTracepoint
22, // 25: tetragon.GetEventsResponse.process_loader:type_name -> tetragon.ProcessLoader
23, // 26: tetragon.GetEventsResponse.process_uprobe:type_name -> tetragon.ProcessUprobe
- 12, // 27: tetragon.GetEventsResponse.process_throttle:type_name -> tetragon.ProcessThrottle
- 24, // 28: tetragon.GetEventsResponse.test:type_name -> tetragon.Test
- 11, // 29: tetragon.GetEventsResponse.rate_limit_info:type_name -> tetragon.RateLimitInfo
- 25, // 30: tetragon.GetEventsResponse.time:type_name -> google.protobuf.Timestamp
- 10, // 31: tetragon.GetEventsResponse.aggregation_info:type_name -> tetragon.AggregationInfo
- 32, // [32:32] is the sub-list for method output_type
- 32, // [32:32] is the sub-list for method input_type
- 32, // [32:32] is the sub-list for extension type_name
- 32, // [32:32] is the sub-list for extension extendee
- 0, // [0:32] is the sub-list for field type_name
+ 24, // 27: tetragon.GetEventsResponse.process_lsm:type_name -> tetragon.ProcessLsm
+ 12, // 28: tetragon.GetEventsResponse.process_throttle:type_name -> tetragon.ProcessThrottle
+ 25, // 29: tetragon.GetEventsResponse.test:type_name -> tetragon.Test
+ 11, // 30: tetragon.GetEventsResponse.rate_limit_info:type_name -> tetragon.RateLimitInfo
+ 26, // 31: tetragon.GetEventsResponse.time:type_name -> google.protobuf.Timestamp
+ 10, // 32: tetragon.GetEventsResponse.aggregation_info:type_name -> tetragon.AggregationInfo
+ 33, // [33:33] is the sub-list for method output_type
+ 33, // [33:33] is the sub-list for method input_type
+ 33, // [33:33] is the sub-list for extension type_name
+ 33, // [33:33] is the sub-list for extension extendee
+ 0, // [0:33] is the sub-list for field type_name
}
func init() { file_tetragon_events_proto_init() }
@@ -1575,6 +1599,7 @@ func file_tetragon_events_proto_init() {
(*GetEventsResponse_ProcessTracepoint)(nil),
(*GetEventsResponse_ProcessLoader)(nil),
(*GetEventsResponse_ProcessUprobe)(nil),
+ (*GetEventsResponse_ProcessLsm)(nil),
(*GetEventsResponse_ProcessThrottle)(nil),
(*GetEventsResponse_Test)(nil),
(*GetEventsResponse_RateLimitInfo)(nil),
diff --git a/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto b/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto
index f2bd554645f..155bd489665 100644
--- a/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto
+++ b/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto
@@ -25,6 +25,7 @@ enum EventType {
PROCESS_TRACEPOINT = 10;
PROCESS_LOADER = 11;
PROCESS_UPROBE = 12;
+ PROCESS_LSM = 13;
PROCESS_THROTTLE = 27;
TEST = 40000;
@@ -183,6 +184,7 @@ message GetEventsResponse {
ProcessTracepoint process_tracepoint = 10;
ProcessLoader process_loader = 11;
ProcessUprobe process_uprobe = 12;
+ ProcessLsm process_lsm = 13;
ProcessThrottle process_throttle = 27;
Test test = 40000;
diff --git a/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.go b/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.go
index ace6dfcfc1c..8a5d6be212e 100644
--- a/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.go
+++ b/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.go
@@ -3475,6 +3475,115 @@ func (x *ProcessUprobe) GetTags() []string {
return nil
}
+type ProcessLsm struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Process *Process `protobuf:"bytes,1,opt,name=process,proto3" json:"process,omitempty"`
+ Parent *Process `protobuf:"bytes,2,opt,name=parent,proto3" json:"parent,omitempty"`
+ // LSM hook name.
+ FunctionName string `protobuf:"bytes,3,opt,name=function_name,json=functionName,proto3" json:"function_name,omitempty"`
+ // Name of the policy that created that LSM hook.
+ PolicyName string `protobuf:"bytes,5,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"`
+ // Short message of the Tracing Policy to inform users what is going on.
+ Message string `protobuf:"bytes,6,opt,name=message,proto3" json:"message,omitempty"`
+ // Arguments definition of the observed LSM hook.
+ Args []*KprobeArgument `protobuf:"bytes,7,rep,name=args,proto3" json:"args,omitempty"`
+ // Action performed when the LSM hook matched.
+ Action KprobeAction `protobuf:"varint,8,opt,name=action,proto3,enum=tetragon.KprobeAction" json:"action,omitempty"`
+ // Tags of the Tracing Policy to categorize the event.
+ Tags []string `protobuf:"bytes,9,rep,name=tags,proto3" json:"tags,omitempty"`
+}
+
+func (x *ProcessLsm) Reset() {
+ *x = ProcessLsm{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_tetragon_tetragon_proto_msgTypes[32]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *ProcessLsm) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProcessLsm) ProtoMessage() {}
+
+func (x *ProcessLsm) ProtoReflect() protoreflect.Message {
+ mi := &file_tetragon_tetragon_proto_msgTypes[32]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProcessLsm.ProtoReflect.Descriptor instead.
+func (*ProcessLsm) Descriptor() ([]byte, []int) {
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{32}
+}
+
+func (x *ProcessLsm) GetProcess() *Process {
+ if x != nil {
+ return x.Process
+ }
+ return nil
+}
+
+func (x *ProcessLsm) GetParent() *Process {
+ if x != nil {
+ return x.Parent
+ }
+ return nil
+}
+
+func (x *ProcessLsm) GetFunctionName() string {
+ if x != nil {
+ return x.FunctionName
+ }
+ return ""
+}
+
+func (x *ProcessLsm) GetPolicyName() string {
+ if x != nil {
+ return x.PolicyName
+ }
+ return ""
+}
+
+func (x *ProcessLsm) GetMessage() string {
+ if x != nil {
+ return x.Message
+ }
+ return ""
+}
+
+func (x *ProcessLsm) GetArgs() []*KprobeArgument {
+ if x != nil {
+ return x.Args
+ }
+ return nil
+}
+
+func (x *ProcessLsm) GetAction() KprobeAction {
+ if x != nil {
+ return x.Action
+ }
+ return KprobeAction_KPROBE_ACTION_UNKNOWN
+}
+
+func (x *ProcessLsm) GetTags() []string {
+ if x != nil {
+ return x.Tags
+ }
+ return nil
+}
+
type KernelModule struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
@@ -3492,7 +3601,7 @@ type KernelModule struct {
func (x *KernelModule) Reset() {
*x = KernelModule{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[32]
+ mi := &file_tetragon_tetragon_proto_msgTypes[33]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3505,7 +3614,7 @@ func (x *KernelModule) String() string {
func (*KernelModule) ProtoMessage() {}
func (x *KernelModule) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[32]
+ mi := &file_tetragon_tetragon_proto_msgTypes[33]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3518,7 +3627,7 @@ func (x *KernelModule) ProtoReflect() protoreflect.Message {
// Deprecated: Use KernelModule.ProtoReflect.Descriptor instead.
func (*KernelModule) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{32}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{33}
}
func (x *KernelModule) GetName() string {
@@ -3556,7 +3665,7 @@ type Test struct {
func (x *Test) Reset() {
*x = Test{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[33]
+ mi := &file_tetragon_tetragon_proto_msgTypes[34]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3569,7 +3678,7 @@ func (x *Test) String() string {
func (*Test) ProtoMessage() {}
func (x *Test) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[33]
+ mi := &file_tetragon_tetragon_proto_msgTypes[34]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3582,7 +3691,7 @@ func (x *Test) ProtoReflect() protoreflect.Message {
// Deprecated: Use Test.ProtoReflect.Descriptor instead.
func (*Test) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{33}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{34}
}
func (x *Test) GetArg0() uint64 {
@@ -3624,7 +3733,7 @@ type GetHealthStatusRequest struct {
func (x *GetHealthStatusRequest) Reset() {
*x = GetHealthStatusRequest{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[34]
+ mi := &file_tetragon_tetragon_proto_msgTypes[35]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3637,7 +3746,7 @@ func (x *GetHealthStatusRequest) String() string {
func (*GetHealthStatusRequest) ProtoMessage() {}
func (x *GetHealthStatusRequest) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[34]
+ mi := &file_tetragon_tetragon_proto_msgTypes[35]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3650,7 +3759,7 @@ func (x *GetHealthStatusRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use GetHealthStatusRequest.ProtoReflect.Descriptor instead.
func (*GetHealthStatusRequest) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{34}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{35}
}
func (x *GetHealthStatusRequest) GetEventSet() []HealthStatusType {
@@ -3673,7 +3782,7 @@ type HealthStatus struct {
func (x *HealthStatus) Reset() {
*x = HealthStatus{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[35]
+ mi := &file_tetragon_tetragon_proto_msgTypes[36]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3686,7 +3795,7 @@ func (x *HealthStatus) String() string {
func (*HealthStatus) ProtoMessage() {}
func (x *HealthStatus) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[35]
+ mi := &file_tetragon_tetragon_proto_msgTypes[36]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3699,7 +3808,7 @@ func (x *HealthStatus) ProtoReflect() protoreflect.Message {
// Deprecated: Use HealthStatus.ProtoReflect.Descriptor instead.
func (*HealthStatus) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{35}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{36}
}
func (x *HealthStatus) GetEvent() HealthStatusType {
@@ -3734,7 +3843,7 @@ type GetHealthStatusResponse struct {
func (x *GetHealthStatusResponse) Reset() {
*x = GetHealthStatusResponse{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[36]
+ mi := &file_tetragon_tetragon_proto_msgTypes[37]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3747,7 +3856,7 @@ func (x *GetHealthStatusResponse) String() string {
func (*GetHealthStatusResponse) ProtoMessage() {}
func (x *GetHealthStatusResponse) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[36]
+ mi := &file_tetragon_tetragon_proto_msgTypes[37]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3760,7 +3869,7 @@ func (x *GetHealthStatusResponse) ProtoReflect() protoreflect.Message {
// Deprecated: Use GetHealthStatusResponse.ProtoReflect.Descriptor instead.
func (*GetHealthStatusResponse) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{36}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{37}
}
func (x *GetHealthStatusResponse) GetHealthStatus() []*HealthStatus {
@@ -3784,7 +3893,7 @@ type ProcessLoader struct {
func (x *ProcessLoader) Reset() {
*x = ProcessLoader{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[37]
+ mi := &file_tetragon_tetragon_proto_msgTypes[38]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3797,7 +3906,7 @@ func (x *ProcessLoader) String() string {
func (*ProcessLoader) ProtoMessage() {}
func (x *ProcessLoader) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[37]
+ mi := &file_tetragon_tetragon_proto_msgTypes[38]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3810,7 +3919,7 @@ func (x *ProcessLoader) ProtoReflect() protoreflect.Message {
// Deprecated: Use ProcessLoader.ProtoReflect.Descriptor instead.
func (*ProcessLoader) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{37}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{38}
}
func (x *ProcessLoader) GetProcess() *Process {
@@ -3849,7 +3958,7 @@ type RuntimeHookRequest struct {
func (x *RuntimeHookRequest) Reset() {
*x = RuntimeHookRequest{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[38]
+ mi := &file_tetragon_tetragon_proto_msgTypes[39]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3862,7 +3971,7 @@ func (x *RuntimeHookRequest) String() string {
func (*RuntimeHookRequest) ProtoMessage() {}
func (x *RuntimeHookRequest) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[38]
+ mi := &file_tetragon_tetragon_proto_msgTypes[39]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3875,7 +3984,7 @@ func (x *RuntimeHookRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use RuntimeHookRequest.ProtoReflect.Descriptor instead.
func (*RuntimeHookRequest) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{38}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{39}
}
func (m *RuntimeHookRequest) GetEvent() isRuntimeHookRequest_Event {
@@ -3911,7 +4020,7 @@ type RuntimeHookResponse struct {
func (x *RuntimeHookResponse) Reset() {
*x = RuntimeHookResponse{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[39]
+ mi := &file_tetragon_tetragon_proto_msgTypes[40]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3924,7 +4033,7 @@ func (x *RuntimeHookResponse) String() string {
func (*RuntimeHookResponse) ProtoMessage() {}
func (x *RuntimeHookResponse) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[39]
+ mi := &file_tetragon_tetragon_proto_msgTypes[40]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3937,7 +4046,7 @@ func (x *RuntimeHookResponse) ProtoReflect() protoreflect.Message {
// Deprecated: Use RuntimeHookResponse.ProtoReflect.Descriptor instead.
func (*RuntimeHookResponse) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{39}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{40}
}
// CreateContainer informs the agent that a container was created
@@ -3965,7 +4074,7 @@ type CreateContainer struct {
func (x *CreateContainer) Reset() {
*x = CreateContainer{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[40]
+ mi := &file_tetragon_tetragon_proto_msgTypes[41]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3978,7 +4087,7 @@ func (x *CreateContainer) String() string {
func (*CreateContainer) ProtoMessage() {}
func (x *CreateContainer) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[40]
+ mi := &file_tetragon_tetragon_proto_msgTypes[41]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3991,7 +4100,7 @@ func (x *CreateContainer) ProtoReflect() protoreflect.Message {
// Deprecated: Use CreateContainer.ProtoReflect.Descriptor instead.
func (*CreateContainer) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{40}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{41}
}
func (x *CreateContainer) GetCgroupsPath() string {
@@ -4040,7 +4149,7 @@ type StackTraceEntry struct {
func (x *StackTraceEntry) Reset() {
*x = StackTraceEntry{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[41]
+ mi := &file_tetragon_tetragon_proto_msgTypes[42]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4053,7 +4162,7 @@ func (x *StackTraceEntry) String() string {
func (*StackTraceEntry) ProtoMessage() {}
func (x *StackTraceEntry) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[41]
+ mi := &file_tetragon_tetragon_proto_msgTypes[42]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4066,7 +4175,7 @@ func (x *StackTraceEntry) ProtoReflect() protoreflect.Message {
// Deprecated: Use StackTraceEntry.ProtoReflect.Descriptor instead.
func (*StackTraceEntry) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{41}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{42}
}
func (x *StackTraceEntry) GetAddress() uint64 {
@@ -4619,136 +4728,156 @@ var file_tetragon_tetragon_proto_rawDesc = []byte{
0x61, 0x72, 0x67, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x74, 0x65, 0x74,
0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x4b, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x72, 0x67, 0x75,
0x6d, 0x65, 0x6e, 0x74, 0x52, 0x04, 0x61, 0x72, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x61,
- 0x67, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x04, 0x74, 0x61, 0x67, 0x73, 0x22, 0x96,
- 0x01, 0x0a, 0x0c, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x12,
- 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
- 0x61, 0x6d, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65,
- 0x5f, 0x6f, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c,
- 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65,
- 0x4f, 0x6b, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20,
- 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x54,
- 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07,
- 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x22, 0x56, 0x0a, 0x04, 0x54, 0x65, 0x73, 0x74, 0x12,
- 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x30, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61,
- 0x72, 0x67, 0x30, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x31, 0x18, 0x02, 0x20, 0x01, 0x28,
- 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x31, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x32, 0x18,
- 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x32, 0x12, 0x12, 0x0a, 0x04, 0x61,
- 0x72, 0x67, 0x33, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x33, 0x22,
- 0x51, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74,
- 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x37, 0x0a, 0x09, 0x65, 0x76, 0x65,
- 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74,
- 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74,
- 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x08, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x53,
- 0x65, 0x74, 0x22, 0x90, 0x01, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61,
- 0x74, 0x75, 0x73, 0x12, 0x30, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01,
- 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65,
- 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05,
- 0x65, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18,
- 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e,
- 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73,
- 0x75, 0x6c, 0x74, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x64,
- 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65,
- 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x56, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x48, 0x65, 0x61, 0x6c,
- 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
- 0x12, 0x3b, 0x0a, 0x0d, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75,
- 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67,
- 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52,
- 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x6a, 0x0a,
- 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x12, 0x2b,
- 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
- 0x11, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65,
- 0x73, 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70,
- 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12,
- 0x18, 0x0a, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c,
- 0x52, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x22, 0x64, 0x0a, 0x12, 0x52, 0x75, 0x6e,
- 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
- 0x45, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e,
- 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61,
- 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69,
- 0x6e, 0x65, 0x72, 0x48, 0x00, 0x52, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e,
- 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x42, 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x22,
- 0x15, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, 0x6b, 0x52, 0x65,
- 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x81, 0x02, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61, 0x74,
- 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x67,
- 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07,
- 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72,
- 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x12, 0x4c, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61,
- 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x74, 0x65,
- 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e,
- 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f,
- 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74,
- 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65,
- 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e,
- 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e,
- 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
- 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
- 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x73, 0x0a, 0x0f, 0x53, 0x74,
- 0x61, 0x63, 0x6b, 0x54, 0x72, 0x61, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a,
- 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07,
- 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65,
- 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12,
- 0x16, 0x0a, 0x06, 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x06, 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x6f, 0x64, 0x75, 0x6c,
- 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x2a,
- 0x95, 0x03, 0x0a, 0x0c, 0x4b, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e,
- 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f,
- 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4b,
- 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x4f, 0x53,
- 0x54, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43,
- 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x4f, 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10, 0x02, 0x12,
- 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e,
- 0x5f, 0x53, 0x49, 0x47, 0x4b, 0x49, 0x4c, 0x4c, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x50,
- 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x46, 0x4f,
- 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10, 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x50, 0x52, 0x4f,
- 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x52, 0x49,
- 0x44, 0x45, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41,
- 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x46, 0x44, 0x10, 0x06, 0x12, 0x18,
+ 0x67, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x04, 0x74, 0x61, 0x67, 0x73, 0x22, 0xb6,
+ 0x02, 0x0a, 0x0a, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x73, 0x6d, 0x12, 0x2b, 0x0a,
+ 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11,
+ 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73,
+ 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x12, 0x29, 0x0a, 0x06, 0x70, 0x61,
+ 0x72, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x65, 0x74,
+ 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x06, 0x70,
+ 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f,
+ 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x66, 0x75,
+ 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x6f,
+ 0x6c, 0x69, 0x63, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
+ 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d,
+ 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65,
+ 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x2c, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, 0x18, 0x07, 0x20,
+ 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x4b,
+ 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x04, 0x61,
+ 0x72, 0x67, 0x73, 0x12, 0x2e, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20,
+ 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x4b,
+ 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74,
+ 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x61, 0x67, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28,
+ 0x09, 0x52, 0x04, 0x74, 0x61, 0x67, 0x73, 0x22, 0x96, 0x01, 0x0a, 0x0c, 0x4b, 0x65, 0x72, 0x6e,
+ 0x65, 0x6c, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+ 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3d, 0x0a, 0x0c,
+ 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6f, 0x6b, 0x18, 0x02, 0x20, 0x01,
+ 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+ 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b,
+ 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x4f, 0x6b, 0x12, 0x33, 0x0a, 0x07, 0x74,
+ 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x74,
+ 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42,
+ 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64,
+ 0x22, 0x56, 0x0a, 0x04, 0x54, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x30,
+ 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x30, 0x12, 0x12, 0x0a, 0x04,
+ 0x61, 0x72, 0x67, 0x31, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x31,
+ 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x32, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04,
+ 0x61, 0x72, 0x67, 0x32, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x33, 0x18, 0x04, 0x20, 0x01,
+ 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x33, 0x22, 0x51, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x48,
+ 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
+ 0x73, 0x74, 0x12, 0x37, 0x0a, 0x09, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18,
+ 0x01, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e,
+ 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70,
+ 0x65, 0x52, 0x08, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x74, 0x22, 0x90, 0x01, 0x0a, 0x0c,
+ 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x30, 0x0a, 0x05,
+ 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65,
+ 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61,
+ 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x34,
+ 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c,
+ 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68,
+ 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x06, 0x73, 0x74,
+ 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18,
+ 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x56,
+ 0x0a, 0x17, 0x47, 0x65, 0x74, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75,
+ 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3b, 0x0a, 0x0d, 0x68, 0x65, 0x61,
+ 0x6c, 0x74, 0x68, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
+ 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c,
+ 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68,
+ 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x6a, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73,
+ 0x73, 0x4c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65,
+ 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61,
+ 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f,
+ 0x63, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01,
+ 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x75, 0x69, 0x6c,
+ 0x64, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64,
+ 0x69, 0x64, 0x22, 0x64, 0x0a, 0x12, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f,
+ 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x61,
+ 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28,
+ 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65,
+ 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x48, 0x00, 0x52, 0x0f,
+ 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x42,
+ 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x22, 0x15, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74,
+ 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+ 0x81, 0x02, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69,
+ 0x6e, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61,
+ 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70,
+ 0x73, 0x50, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72,
+ 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x12,
+ 0x4c, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03,
+ 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e,
+ 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e,
+ 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79,
+ 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a,
+ 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x04,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e,
+ 0x61, 0x6d, 0x65, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f,
+ 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c,
+ 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a,
+ 0x02, 0x38, 0x01, 0x22, 0x73, 0x0a, 0x0f, 0x53, 0x74, 0x61, 0x63, 0x6b, 0x54, 0x72, 0x61, 0x63,
+ 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73,
+ 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
+ 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04,
+ 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x79, 0x6d, 0x62,
+ 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c,
+ 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
+ 0x52, 0x06, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x2a, 0x95, 0x03, 0x0a, 0x0c, 0x4b, 0x70, 0x72,
+ 0x6f, 0x62, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52,
+ 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f,
+ 0x57, 0x4e, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41,
+ 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16,
+ 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x4f,
+ 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f,
+ 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4b, 0x49, 0x4c,
+ 0x4c, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43,
+ 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x46, 0x4f, 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10,
+ 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49,
+ 0x4f, 0x4e, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x52, 0x49, 0x44, 0x45, 0x10, 0x05, 0x12, 0x18, 0x0a,
+ 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43,
+ 0x4f, 0x50, 0x59, 0x46, 0x44, 0x10, 0x06, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42,
+ 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x47, 0x45, 0x54, 0x55, 0x52, 0x4c, 0x10,
+ 0x07, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49,
+ 0x4f, 0x4e, 0x5f, 0x44, 0x4e, 0x53, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x08, 0x12, 0x18,
0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
- 0x47, 0x45, 0x54, 0x55, 0x52, 0x4c, 0x10, 0x07, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f,
- 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x4e, 0x53, 0x4c, 0x4f, 0x4f,
- 0x4b, 0x55, 0x50, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f,
- 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x09, 0x12,
- 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e,
- 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c, 0x10, 0x0a, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52,
- 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x52, 0x41, 0x43, 0x4b,
- 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0b, 0x12, 0x1d, 0x0a, 0x19, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45,
- 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53,
- 0x4f, 0x43, 0x4b, 0x10, 0x0c, 0x12, 0x20, 0x0a, 0x1c, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f,
- 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x45, 0x4e, 0x46,
- 0x4f, 0x52, 0x43, 0x45, 0x52, 0x10, 0x0d, 0x2a, 0x4f, 0x0a, 0x10, 0x48, 0x65, 0x61, 0x6c, 0x74,
- 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1c, 0x0a, 0x18, 0x48,
- 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, 0x50,
- 0x45, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x48, 0x45, 0x41,
- 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
- 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x10, 0x01, 0x2a, 0x7c, 0x0a, 0x12, 0x48, 0x65, 0x61, 0x6c,
- 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x17,
- 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f,
- 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54,
- 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47,
- 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41,
- 0x54, 0x55, 0x53, 0x5f, 0x53, 0x54, 0x4f, 0x50, 0x50, 0x45, 0x44, 0x10, 0x02, 0x12, 0x17, 0x0a,
- 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x45,
- 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x2a, 0x8d, 0x02, 0x0a, 0x0f, 0x54, 0x61, 0x69, 0x6e, 0x74,
- 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x41,
- 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x45, 0x54, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x54,
- 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52, 0x4f, 0x50, 0x52, 0x49, 0x45, 0x54, 0x41, 0x52, 0x59,
- 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x49,
- 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45,
- 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43,
- 0x45, 0x44, 0x5f, 0x55, 0x4e, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45,
- 0x10, 0x04, 0x12, 0x18, 0x0a, 0x13, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x53, 0x54, 0x41, 0x47,
- 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x08, 0x12, 0x1d, 0x0a, 0x18,
- 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4f, 0x55, 0x54, 0x5f, 0x4f, 0x46, 0x5f, 0x54, 0x52, 0x45,
- 0x45, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x20, 0x12, 0x1a, 0x0a, 0x15, 0x54,
- 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x45, 0x44, 0x5f, 0x4d, 0x4f,
- 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x40, 0x12, 0x24, 0x0a, 0x1e, 0x54, 0x41, 0x49, 0x4e, 0x54,
- 0x5f, 0x4b, 0x45, 0x52, 0x4e, 0x45, 0x4c, 0x5f, 0x4c, 0x49, 0x56, 0x45, 0x5f, 0x50, 0x41, 0x54,
- 0x43, 0x48, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x80, 0x02, 0x12, 0x17, 0x0a,
- 0x11, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4d, 0x4f, 0x44, 0x55,
- 0x4c, 0x45, 0x10, 0x80, 0x80, 0x10, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+ 0x4e, 0x4f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x09, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f,
+ 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c,
+ 0x10, 0x0a, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54,
+ 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0b, 0x12,
+ 0x1d, 0x0a, 0x19, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e,
+ 0x5f, 0x55, 0x4e, 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0c, 0x12, 0x20,
+ 0x0a, 0x1c, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
+ 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x45, 0x4e, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x52, 0x10, 0x0d,
+ 0x2a, 0x4f, 0x0a, 0x10, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
+ 0x54, 0x79, 0x70, 0x65, 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53,
+ 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46,
+ 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41,
+ 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x10,
+ 0x01, 0x2a, 0x7c, 0x0a, 0x12, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75,
+ 0x73, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54,
+ 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00,
+ 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55,
+ 0x53, 0x5f, 0x52, 0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x48,
+ 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x54, 0x4f,
+ 0x50, 0x50, 0x45, 0x44, 0x10, 0x02, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48,
+ 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x2a,
+ 0x8d, 0x02, 0x0a, 0x0f, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54,
+ 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53,
+ 0x45, 0x54, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52,
+ 0x4f, 0x50, 0x52, 0x49, 0x45, 0x54, 0x41, 0x52, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45,
+ 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43,
+ 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x54,
+ 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x55, 0x4e, 0x4c, 0x4f,
+ 0x41, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x04, 0x12, 0x18, 0x0a, 0x13, 0x54,
+ 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55,
+ 0x4c, 0x45, 0x10, 0x80, 0x08, 0x12, 0x1d, 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4f,
+ 0x55, 0x54, 0x5f, 0x4f, 0x46, 0x5f, 0x54, 0x52, 0x45, 0x45, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c,
+ 0x45, 0x10, 0x80, 0x20, 0x12, 0x1a, 0x0a, 0x15, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e,
+ 0x53, 0x49, 0x47, 0x4e, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x40,
+ 0x12, 0x24, 0x0a, 0x1e, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4b, 0x45, 0x52, 0x4e, 0x45, 0x4c,
+ 0x5f, 0x4c, 0x49, 0x56, 0x45, 0x5f, 0x50, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x4d, 0x4f, 0x44, 0x55,
+ 0x4c, 0x45, 0x10, 0x80, 0x80, 0x02, 0x12, 0x17, 0x0a, 0x11, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f,
+ 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x80, 0x10, 0x62,
+ 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@@ -4764,7 +4893,7 @@ func file_tetragon_tetragon_proto_rawDescGZIP() []byte {
}
var file_tetragon_tetragon_proto_enumTypes = make([]protoimpl.EnumInfo, 4)
-var file_tetragon_tetragon_proto_msgTypes = make([]protoimpl.MessageInfo, 44)
+var file_tetragon_tetragon_proto_msgTypes = make([]protoimpl.MessageInfo, 45)
var file_tetragon_tetragon_proto_goTypes = []interface{}{
(KprobeAction)(0), // 0: tetragon.KprobeAction
(HealthStatusType)(0), // 1: tetragon.HealthStatusType
@@ -4802,35 +4931,36 @@ var file_tetragon_tetragon_proto_goTypes = []interface{}{
(*ProcessKprobe)(nil), // 33: tetragon.ProcessKprobe
(*ProcessTracepoint)(nil), // 34: tetragon.ProcessTracepoint
(*ProcessUprobe)(nil), // 35: tetragon.ProcessUprobe
- (*KernelModule)(nil), // 36: tetragon.KernelModule
- (*Test)(nil), // 37: tetragon.Test
- (*GetHealthStatusRequest)(nil), // 38: tetragon.GetHealthStatusRequest
- (*HealthStatus)(nil), // 39: tetragon.HealthStatus
- (*GetHealthStatusResponse)(nil), // 40: tetragon.GetHealthStatusResponse
- (*ProcessLoader)(nil), // 41: tetragon.ProcessLoader
- (*RuntimeHookRequest)(nil), // 42: tetragon.RuntimeHookRequest
- (*RuntimeHookResponse)(nil), // 43: tetragon.RuntimeHookResponse
- (*CreateContainer)(nil), // 44: tetragon.CreateContainer
- (*StackTraceEntry)(nil), // 45: tetragon.StackTraceEntry
- nil, // 46: tetragon.Pod.PodLabelsEntry
- nil, // 47: tetragon.CreateContainer.AnnotationsEntry
- (*timestamppb.Timestamp)(nil), // 48: google.protobuf.Timestamp
- (*wrapperspb.UInt32Value)(nil), // 49: google.protobuf.UInt32Value
- (CapabilitiesType)(0), // 50: tetragon.CapabilitiesType
- (*wrapperspb.Int32Value)(nil), // 51: google.protobuf.Int32Value
- (SecureBitsType)(0), // 52: tetragon.SecureBitsType
- (ProcessPrivilegesChanged)(0), // 53: tetragon.ProcessPrivilegesChanged
- (*wrapperspb.BoolValue)(nil), // 54: google.protobuf.BoolValue
+ (*ProcessLsm)(nil), // 36: tetragon.ProcessLsm
+ (*KernelModule)(nil), // 37: tetragon.KernelModule
+ (*Test)(nil), // 38: tetragon.Test
+ (*GetHealthStatusRequest)(nil), // 39: tetragon.GetHealthStatusRequest
+ (*HealthStatus)(nil), // 40: tetragon.HealthStatus
+ (*GetHealthStatusResponse)(nil), // 41: tetragon.GetHealthStatusResponse
+ (*ProcessLoader)(nil), // 42: tetragon.ProcessLoader
+ (*RuntimeHookRequest)(nil), // 43: tetragon.RuntimeHookRequest
+ (*RuntimeHookResponse)(nil), // 44: tetragon.RuntimeHookResponse
+ (*CreateContainer)(nil), // 45: tetragon.CreateContainer
+ (*StackTraceEntry)(nil), // 46: tetragon.StackTraceEntry
+ nil, // 47: tetragon.Pod.PodLabelsEntry
+ nil, // 48: tetragon.CreateContainer.AnnotationsEntry
+ (*timestamppb.Timestamp)(nil), // 49: google.protobuf.Timestamp
+ (*wrapperspb.UInt32Value)(nil), // 50: google.protobuf.UInt32Value
+ (CapabilitiesType)(0), // 51: tetragon.CapabilitiesType
+ (*wrapperspb.Int32Value)(nil), // 52: google.protobuf.Int32Value
+ (SecureBitsType)(0), // 53: tetragon.SecureBitsType
+ (ProcessPrivilegesChanged)(0), // 54: tetragon.ProcessPrivilegesChanged
+ (*wrapperspb.BoolValue)(nil), // 55: google.protobuf.BoolValue
}
var file_tetragon_tetragon_proto_depIdxs = []int32{
4, // 0: tetragon.Container.image:type_name -> tetragon.Image
- 48, // 1: tetragon.Container.start_time:type_name -> google.protobuf.Timestamp
- 49, // 2: tetragon.Container.pid:type_name -> google.protobuf.UInt32Value
+ 49, // 1: tetragon.Container.start_time:type_name -> google.protobuf.Timestamp
+ 50, // 2: tetragon.Container.pid:type_name -> google.protobuf.UInt32Value
5, // 3: tetragon.Pod.container:type_name -> tetragon.Container
- 46, // 4: tetragon.Pod.pod_labels:type_name -> tetragon.Pod.PodLabelsEntry
- 50, // 5: tetragon.Capabilities.permitted:type_name -> tetragon.CapabilitiesType
- 50, // 6: tetragon.Capabilities.effective:type_name -> tetragon.CapabilitiesType
- 50, // 7: tetragon.Capabilities.inheritable:type_name -> tetragon.CapabilitiesType
+ 47, // 4: tetragon.Pod.pod_labels:type_name -> tetragon.Pod.PodLabelsEntry
+ 51, // 5: tetragon.Capabilities.permitted:type_name -> tetragon.CapabilitiesType
+ 51, // 6: tetragon.Capabilities.effective:type_name -> tetragon.CapabilitiesType
+ 51, // 7: tetragon.Capabilities.inheritable:type_name -> tetragon.CapabilitiesType
8, // 8: tetragon.Namespaces.uts:type_name -> tetragon.Namespace
8, // 9: tetragon.Namespaces.ipc:type_name -> tetragon.Namespace
8, // 10: tetragon.Namespaces.mnt:type_name -> tetragon.Namespace
@@ -4841,35 +4971,35 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
8, // 15: tetragon.Namespaces.time_for_children:type_name -> tetragon.Namespace
8, // 16: tetragon.Namespaces.cgroup:type_name -> tetragon.Namespace
8, // 17: tetragon.Namespaces.user:type_name -> tetragon.Namespace
- 51, // 18: tetragon.UserNamespace.level:type_name -> google.protobuf.Int32Value
- 49, // 19: tetragon.UserNamespace.uid:type_name -> google.protobuf.UInt32Value
- 49, // 20: tetragon.UserNamespace.gid:type_name -> google.protobuf.UInt32Value
+ 52, // 18: tetragon.UserNamespace.level:type_name -> google.protobuf.Int32Value
+ 50, // 19: tetragon.UserNamespace.uid:type_name -> google.protobuf.UInt32Value
+ 50, // 20: tetragon.UserNamespace.gid:type_name -> google.protobuf.UInt32Value
8, // 21: tetragon.UserNamespace.ns:type_name -> tetragon.Namespace
- 49, // 22: tetragon.ProcessCredentials.uid:type_name -> google.protobuf.UInt32Value
- 49, // 23: tetragon.ProcessCredentials.gid:type_name -> google.protobuf.UInt32Value
- 49, // 24: tetragon.ProcessCredentials.euid:type_name -> google.protobuf.UInt32Value
- 49, // 25: tetragon.ProcessCredentials.egid:type_name -> google.protobuf.UInt32Value
- 49, // 26: tetragon.ProcessCredentials.suid:type_name -> google.protobuf.UInt32Value
- 49, // 27: tetragon.ProcessCredentials.sgid:type_name -> google.protobuf.UInt32Value
- 49, // 28: tetragon.ProcessCredentials.fsuid:type_name -> google.protobuf.UInt32Value
- 49, // 29: tetragon.ProcessCredentials.fsgid:type_name -> google.protobuf.UInt32Value
- 52, // 30: tetragon.ProcessCredentials.securebits:type_name -> tetragon.SecureBitsType
+ 50, // 22: tetragon.ProcessCredentials.uid:type_name -> google.protobuf.UInt32Value
+ 50, // 23: tetragon.ProcessCredentials.gid:type_name -> google.protobuf.UInt32Value
+ 50, // 24: tetragon.ProcessCredentials.euid:type_name -> google.protobuf.UInt32Value
+ 50, // 25: tetragon.ProcessCredentials.egid:type_name -> google.protobuf.UInt32Value
+ 50, // 26: tetragon.ProcessCredentials.suid:type_name -> google.protobuf.UInt32Value
+ 50, // 27: tetragon.ProcessCredentials.sgid:type_name -> google.protobuf.UInt32Value
+ 50, // 28: tetragon.ProcessCredentials.fsuid:type_name -> google.protobuf.UInt32Value
+ 50, // 29: tetragon.ProcessCredentials.fsgid:type_name -> google.protobuf.UInt32Value
+ 53, // 30: tetragon.ProcessCredentials.securebits:type_name -> tetragon.SecureBitsType
7, // 31: tetragon.ProcessCredentials.caps:type_name -> tetragon.Capabilities
10, // 32: tetragon.ProcessCredentials.user_ns:type_name -> tetragon.UserNamespace
- 49, // 33: tetragon.InodeProperties.links:type_name -> google.protobuf.UInt32Value
+ 50, // 33: tetragon.InodeProperties.links:type_name -> google.protobuf.UInt32Value
12, // 34: tetragon.FileProperties.inode:type_name -> tetragon.InodeProperties
- 49, // 35: tetragon.BinaryProperties.setuid:type_name -> google.protobuf.UInt32Value
- 49, // 36: tetragon.BinaryProperties.setgid:type_name -> google.protobuf.UInt32Value
- 53, // 37: tetragon.BinaryProperties.privileges_changed:type_name -> tetragon.ProcessPrivilegesChanged
+ 50, // 35: tetragon.BinaryProperties.setuid:type_name -> google.protobuf.UInt32Value
+ 50, // 36: tetragon.BinaryProperties.setgid:type_name -> google.protobuf.UInt32Value
+ 54, // 37: tetragon.BinaryProperties.privileges_changed:type_name -> tetragon.ProcessPrivilegesChanged
13, // 38: tetragon.BinaryProperties.file:type_name -> tetragon.FileProperties
- 49, // 39: tetragon.Process.pid:type_name -> google.protobuf.UInt32Value
- 49, // 40: tetragon.Process.uid:type_name -> google.protobuf.UInt32Value
- 48, // 41: tetragon.Process.start_time:type_name -> google.protobuf.Timestamp
- 49, // 42: tetragon.Process.auid:type_name -> google.protobuf.UInt32Value
+ 50, // 39: tetragon.Process.pid:type_name -> google.protobuf.UInt32Value
+ 50, // 40: tetragon.Process.uid:type_name -> google.protobuf.UInt32Value
+ 49, // 41: tetragon.Process.start_time:type_name -> google.protobuf.Timestamp
+ 50, // 42: tetragon.Process.auid:type_name -> google.protobuf.UInt32Value
6, // 43: tetragon.Process.pod:type_name -> tetragon.Pod
7, // 44: tetragon.Process.cap:type_name -> tetragon.Capabilities
9, // 45: tetragon.Process.ns:type_name -> tetragon.Namespaces
- 49, // 46: tetragon.Process.tid:type_name -> google.protobuf.UInt32Value
+ 50, // 46: tetragon.Process.tid:type_name -> google.protobuf.UInt32Value
11, // 47: tetragon.Process.process_credentials:type_name -> tetragon.ProcessCredentials
14, // 48: tetragon.Process.binary_properties:type_name -> tetragon.BinaryProperties
15, // 49: tetragon.Process.user:type_name -> tetragon.UserRecord
@@ -4878,14 +5008,14 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
16, // 52: tetragon.ProcessExec.ancestors:type_name -> tetragon.Process
16, // 53: tetragon.ProcessExit.process:type_name -> tetragon.Process
16, // 54: tetragon.ProcessExit.parent:type_name -> tetragon.Process
- 48, // 55: tetragon.ProcessExit.time:type_name -> google.protobuf.Timestamp
- 50, // 56: tetragon.KprobeCred.permitted:type_name -> tetragon.CapabilitiesType
- 50, // 57: tetragon.KprobeCred.effective:type_name -> tetragon.CapabilitiesType
- 50, // 58: tetragon.KprobeCred.inheritable:type_name -> tetragon.CapabilitiesType
- 51, // 59: tetragon.KprobeCapability.value:type_name -> google.protobuf.Int32Value
- 51, // 60: tetragon.KprobeUserNamespace.level:type_name -> google.protobuf.Int32Value
- 49, // 61: tetragon.KprobeUserNamespace.owner:type_name -> google.protobuf.UInt32Value
- 49, // 62: tetragon.KprobeUserNamespace.group:type_name -> google.protobuf.UInt32Value
+ 49, // 55: tetragon.ProcessExit.time:type_name -> google.protobuf.Timestamp
+ 51, // 56: tetragon.KprobeCred.permitted:type_name -> tetragon.CapabilitiesType
+ 51, // 57: tetragon.KprobeCred.effective:type_name -> tetragon.CapabilitiesType
+ 51, // 58: tetragon.KprobeCred.inheritable:type_name -> tetragon.CapabilitiesType
+ 52, // 59: tetragon.KprobeCapability.value:type_name -> google.protobuf.Int32Value
+ 52, // 60: tetragon.KprobeUserNamespace.level:type_name -> google.protobuf.Int32Value
+ 50, // 61: tetragon.KprobeUserNamespace.owner:type_name -> google.protobuf.UInt32Value
+ 50, // 62: tetragon.KprobeUserNamespace.group:type_name -> google.protobuf.UInt32Value
8, // 63: tetragon.KprobeUserNamespace.ns:type_name -> tetragon.Namespace
20, // 64: tetragon.KprobeArgument.skb_arg:type_name -> tetragon.KprobeSkb
22, // 65: tetragon.KprobeArgument.path_arg:type_name -> tetragon.KprobePath
@@ -4900,7 +5030,7 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
27, // 74: tetragon.KprobeArgument.capability_arg:type_name -> tetragon.KprobeCapability
11, // 75: tetragon.KprobeArgument.process_credentials_arg:type_name -> tetragon.ProcessCredentials
10, // 76: tetragon.KprobeArgument.user_ns_arg:type_name -> tetragon.UserNamespace
- 36, // 77: tetragon.KprobeArgument.module_arg:type_name -> tetragon.KernelModule
+ 37, // 77: tetragon.KprobeArgument.module_arg:type_name -> tetragon.KernelModule
26, // 78: tetragon.KprobeArgument.linux_binprm_arg:type_name -> tetragon.KprobeLinuxBinprm
21, // 79: tetragon.KprobeArgument.net_dev_arg:type_name -> tetragon.KprobeNetDev
16, // 80: tetragon.ProcessKprobe.process:type_name -> tetragon.Process
@@ -4908,9 +5038,9 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
32, // 82: tetragon.ProcessKprobe.args:type_name -> tetragon.KprobeArgument
32, // 83: tetragon.ProcessKprobe.return:type_name -> tetragon.KprobeArgument
0, // 84: tetragon.ProcessKprobe.action:type_name -> tetragon.KprobeAction
- 45, // 85: tetragon.ProcessKprobe.kernel_stack_trace:type_name -> tetragon.StackTraceEntry
+ 46, // 85: tetragon.ProcessKprobe.kernel_stack_trace:type_name -> tetragon.StackTraceEntry
0, // 86: tetragon.ProcessKprobe.return_action:type_name -> tetragon.KprobeAction
- 45, // 87: tetragon.ProcessKprobe.user_stack_trace:type_name -> tetragon.StackTraceEntry
+ 46, // 87: tetragon.ProcessKprobe.user_stack_trace:type_name -> tetragon.StackTraceEntry
16, // 88: tetragon.ProcessTracepoint.process:type_name -> tetragon.Process
16, // 89: tetragon.ProcessTracepoint.parent:type_name -> tetragon.Process
32, // 90: tetragon.ProcessTracepoint.args:type_name -> tetragon.KprobeArgument
@@ -4918,20 +5048,24 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
16, // 92: tetragon.ProcessUprobe.process:type_name -> tetragon.Process
16, // 93: tetragon.ProcessUprobe.parent:type_name -> tetragon.Process
32, // 94: tetragon.ProcessUprobe.args:type_name -> tetragon.KprobeArgument
- 54, // 95: tetragon.KernelModule.signature_ok:type_name -> google.protobuf.BoolValue
- 3, // 96: tetragon.KernelModule.tainted:type_name -> tetragon.TaintedBitsType
- 1, // 97: tetragon.GetHealthStatusRequest.event_set:type_name -> tetragon.HealthStatusType
- 1, // 98: tetragon.HealthStatus.event:type_name -> tetragon.HealthStatusType
- 2, // 99: tetragon.HealthStatus.status:type_name -> tetragon.HealthStatusResult
- 39, // 100: tetragon.GetHealthStatusResponse.health_status:type_name -> tetragon.HealthStatus
- 16, // 101: tetragon.ProcessLoader.process:type_name -> tetragon.Process
- 44, // 102: tetragon.RuntimeHookRequest.createContainer:type_name -> tetragon.CreateContainer
- 47, // 103: tetragon.CreateContainer.annotations:type_name -> tetragon.CreateContainer.AnnotationsEntry
- 104, // [104:104] is the sub-list for method output_type
- 104, // [104:104] is the sub-list for method input_type
- 104, // [104:104] is the sub-list for extension type_name
- 104, // [104:104] is the sub-list for extension extendee
- 0, // [0:104] is the sub-list for field type_name
+ 16, // 95: tetragon.ProcessLsm.process:type_name -> tetragon.Process
+ 16, // 96: tetragon.ProcessLsm.parent:type_name -> tetragon.Process
+ 32, // 97: tetragon.ProcessLsm.args:type_name -> tetragon.KprobeArgument
+ 0, // 98: tetragon.ProcessLsm.action:type_name -> tetragon.KprobeAction
+ 55, // 99: tetragon.KernelModule.signature_ok:type_name -> google.protobuf.BoolValue
+ 3, // 100: tetragon.KernelModule.tainted:type_name -> tetragon.TaintedBitsType
+ 1, // 101: tetragon.GetHealthStatusRequest.event_set:type_name -> tetragon.HealthStatusType
+ 1, // 102: tetragon.HealthStatus.event:type_name -> tetragon.HealthStatusType
+ 2, // 103: tetragon.HealthStatus.status:type_name -> tetragon.HealthStatusResult
+ 40, // 104: tetragon.GetHealthStatusResponse.health_status:type_name -> tetragon.HealthStatus
+ 16, // 105: tetragon.ProcessLoader.process:type_name -> tetragon.Process
+ 45, // 106: tetragon.RuntimeHookRequest.createContainer:type_name -> tetragon.CreateContainer
+ 48, // 107: tetragon.CreateContainer.annotations:type_name -> tetragon.CreateContainer.AnnotationsEntry
+ 108, // [108:108] is the sub-list for method output_type
+ 108, // [108:108] is the sub-list for method input_type
+ 108, // [108:108] is the sub-list for extension type_name
+ 108, // [108:108] is the sub-list for extension extendee
+ 0, // [0:108] is the sub-list for field type_name
}
func init() { file_tetragon_tetragon_proto_init() }
@@ -5326,7 +5460,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*KernelModule); i {
+ switch v := v.(*ProcessLsm); i {
case 0:
return &v.state
case 1:
@@ -5338,7 +5472,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*Test); i {
+ switch v := v.(*KernelModule); i {
case 0:
return &v.state
case 1:
@@ -5350,7 +5484,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*GetHealthStatusRequest); i {
+ switch v := v.(*Test); i {
case 0:
return &v.state
case 1:
@@ -5362,7 +5496,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*HealthStatus); i {
+ switch v := v.(*GetHealthStatusRequest); i {
case 0:
return &v.state
case 1:
@@ -5374,7 +5508,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*GetHealthStatusResponse); i {
+ switch v := v.(*HealthStatus); i {
case 0:
return &v.state
case 1:
@@ -5386,7 +5520,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*ProcessLoader); i {
+ switch v := v.(*GetHealthStatusResponse); i {
case 0:
return &v.state
case 1:
@@ -5398,7 +5532,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*RuntimeHookRequest); i {
+ switch v := v.(*ProcessLoader); i {
case 0:
return &v.state
case 1:
@@ -5410,7 +5544,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*RuntimeHookResponse); i {
+ switch v := v.(*RuntimeHookRequest); i {
case 0:
return &v.state
case 1:
@@ -5422,7 +5556,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*CreateContainer); i {
+ switch v := v.(*RuntimeHookResponse); i {
case 0:
return &v.state
case 1:
@@ -5434,6 +5568,18 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[41].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*CreateContainer); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_tetragon_tetragon_proto_msgTypes[42].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*StackTraceEntry); i {
case 0:
return &v.state
@@ -5474,7 +5620,7 @@ func file_tetragon_tetragon_proto_init() {
(*KprobeArgument_LinuxBinprmArg)(nil),
(*KprobeArgument_NetDevArg)(nil),
}
- file_tetragon_tetragon_proto_msgTypes[38].OneofWrappers = []interface{}{
+ file_tetragon_tetragon_proto_msgTypes[39].OneofWrappers = []interface{}{
(*RuntimeHookRequest_CreateContainer)(nil),
}
type x struct{}
@@ -5483,7 +5629,7 @@ func file_tetragon_tetragon_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_tetragon_tetragon_proto_rawDesc,
NumEnums: 4,
- NumMessages: 44,
+ NumMessages: 45,
NumExtensions: 0,
NumServices: 0,
},
diff --git a/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.json.go b/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.json.go
index caedb88f5ec..fece138cc0d 100644
--- a/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.json.go
+++ b/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.json.go
@@ -519,6 +519,22 @@ func (msg *ProcessUprobe) UnmarshalJSON(b []byte) error {
}.Unmarshal(b, msg)
}
+// MarshalJSON implements json.Marshaler
+func (msg *ProcessLsm) MarshalJSON() ([]byte, error) {
+ return protojson.MarshalOptions{
+ UseEnumNumbers: false,
+ EmitUnpopulated: false,
+ UseProtoNames: true,
+ }.Marshal(msg)
+}
+
+// UnmarshalJSON implements json.Unmarshaler
+func (msg *ProcessLsm) UnmarshalJSON(b []byte) error {
+ return protojson.UnmarshalOptions{
+ DiscardUnknown: false,
+ }.Unmarshal(b, msg)
+}
+
// MarshalJSON implements json.Marshaler
func (msg *KernelModule) MarshalJSON() ([]byte, error) {
return protojson.MarshalOptions{
diff --git a/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.proto b/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.proto
index 801f46c0b3f..34a6df09557 100644
--- a/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.proto
+++ b/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.proto
@@ -532,6 +532,23 @@ message ProcessUprobe {
repeated string tags = 8;
}
+message ProcessLsm {
+ Process process = 1;
+ Process parent = 2;
+ // LSM hook name.
+ string function_name = 3;
+ // Name of the policy that created that LSM hook.
+ string policy_name = 5;
+ // Short message of the Tracing Policy to inform users what is going on.
+ string message = 6;
+ // Arguments definition of the observed LSM hook.
+ repeated KprobeArgument args = 7;
+ // Action performed when the LSM hook matched.
+ KprobeAction action = 8;
+ // Tags of the Tracing Policy to categorize the event.
+ repeated string tags = 9;
+}
+
message KernelModule {
// Kernel module name
string name = 1;
diff --git a/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/types.pb.go b/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/types.pb.go
index f418b3eaca8..81f84cc6a27 100644
--- a/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/types.pb.go
+++ b/contrib/rthooks/tetragon-oci-hook/vendor/github.com/cilium/tetragon/api/v1/tetragon/types.pb.go
@@ -129,6 +129,26 @@ func (event *ProcessUprobe) SetParent(p *Process) {
event.Parent = p
}
+// Encapsulate implements the Event interface.
+// Returns the event wrapped by its GetEventsResponse_* type.
+func (event *ProcessLsm) Encapsulate() IsGetEventsResponse_Event {
+ return &GetEventsResponse_ProcessLsm{
+ ProcessLsm: event,
+ }
+}
+
+// SetProcess implements the ProcessEvent interface.
+// Sets the Process field of an event.
+func (event *ProcessLsm) SetProcess(p *Process) {
+ event.Process = p
+}
+
+// SetParent implements the ParentEvent interface.
+// Sets the Parent field of an event.
+func (event *ProcessLsm) SetParent(p *Process) {
+ event.Parent = p
+}
+
// Encapsulate implements the Event interface.
// Returns the event wrapped by its GetEventsResponse_* type.
func (event *Test) Encapsulate() IsGetEventsResponse_Event {
@@ -184,6 +204,8 @@ func UnwrapGetEventsResponse(response *GetEventsResponse) interface{} {
return ev.ProcessTracepoint
case *GetEventsResponse_ProcessUprobe:
return ev.ProcessUprobe
+ case *GetEventsResponse_ProcessLsm:
+ return ev.ProcessLsm
case *GetEventsResponse_Test:
return ev.Test
case *GetEventsResponse_ProcessLoader:
diff --git a/contrib/verify/verify.sh b/contrib/verify/verify.sh
index 3f17a3e6fed..83df093958c 100755
--- a/contrib/verify/verify.sh
+++ b/contrib/verify/verify.sh
@@ -78,6 +78,11 @@ for obj in "$TETRAGONDIR"/*.o; do
continue
fi
+ # Skip if LSM BPF is not enabled
+ if [[ "$B" == bpf_generic_lsm* && $(cat /boot/config-$(uname -r) | grep CONFIG_BPF_LSM) != "CONFIG_BPF_LSM=y" ]]; then
+ continue
+ fi
+
echo -e -n "Verifying $BLUEUNDER$obj$NOCOLOR... "
OUT="/tmp/tetragon-verify-$B"
diff --git a/docs/content/en/docs/reference/grpc-api.md b/docs/content/en/docs/reference/grpc-api.md
index 91c15dda93d..ccec113bbfa 100644
--- a/docs/content/en/docs/reference/grpc-api.md
+++ b/docs/content/en/docs/reference/grpc-api.md
@@ -549,6 +549,21 @@ loader sensor event triggered for loaded binary/library
| path | [string](#string) | | |
| buildid | [bytes](#bytes) | | |
+
+
+### ProcessLsm
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| process | [Process](#tetragon-Process) | | |
+| parent | [Process](#tetragon-Process) | | |
+| function_name | [string](#string) | | LSM hook name. |
+| policy_name | [string](#string) | | Name of the policy that created that LSM hook. |
+| message | [string](#string) | | Short message of the Tracing Policy to inform users what is going on. |
+| args | [KprobeArgument](#tetragon-KprobeArgument) | repeated | Arguments definition of the observed LSM hook. |
+| action | [KprobeAction](#tetragon-KprobeAction) | | Action performed when the LSM hook matched. |
+| tags | [string](#string) | repeated | Tags of the Tracing Policy to categorize the event. |
+
### ProcessTracepoint
@@ -794,6 +809,7 @@ Capability set to filter over. NOTE: you may specify only ONE set here.
| process_tracepoint | [ProcessTracepoint](#tetragon-ProcessTracepoint) | | ProcessTracepoint contains information about the pre-defined tracepoint and the process that invoked them. |
| process_loader | [ProcessLoader](#tetragon-ProcessLoader) | | |
| process_uprobe | [ProcessUprobe](#tetragon-ProcessUprobe) | | |
+| process_lsm | [ProcessLsm](#tetragon-ProcessLsm) | | |
| process_throttle | [ProcessThrottle](#tetragon-ProcessThrottle) | | |
| test | [Test](#tetragon-Test) | | |
| rate_limit_info | [RateLimitInfo](#tetragon-RateLimitInfo) | | |
@@ -845,6 +861,7 @@ GetEventsResponse event oneof.
| PROCESS_TRACEPOINT | 10 | |
| PROCESS_LOADER | 11 | |
| PROCESS_UPROBE | 12 | |
+| PROCESS_LSM | 13 | |
| PROCESS_THROTTLE | 27 | |
| TEST | 40000 | |
| RATE_LIMIT_INFO | 40001 | |
diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md
index 4485b1d7316..f684058dfaa 100644
--- a/docs/content/en/docs/reference/helm-chart.md
+++ b/docs/content/en/docs/reference/helm-chart.md
@@ -62,7 +62,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u
| tetragon.enableProcessCred | bool | `false` | |
| tetragon.enableProcessNs | bool | `false` | |
| tetragon.enabled | bool | `true` | |
-| tetragon.exportAllowList | string | `"{\"event_set\":[\"PROCESS_EXEC\", \"PROCESS_EXIT\", \"PROCESS_KPROBE\", \"PROCESS_UPROBE\", \"PROCESS_TRACEPOINT\"]}"` | |
+| tetragon.exportAllowList | string | `"{\"event_set\":[\"PROCESS_EXEC\", \"PROCESS_EXIT\", \"PROCESS_KPROBE\", \"PROCESS_UPROBE\", \"PROCESS_TRACEPOINT\", \"PROCESS_LSM\"]}"` | |
| tetragon.exportDenyList | string | `"{\"health_check\":true}\n{\"namespace\":[\"\", \"cilium\", \"kube-system\"]}"` | |
| tetragon.exportFileCompress | bool | `false` | |
| tetragon.exportFileMaxBackups | int | `5` | |
diff --git a/docs/content/en/docs/reference/metrics.md b/docs/content/en/docs/reference/metrics.md
index ff0ee4cc92c..c61e608ca3d 100644
--- a/docs/content/en/docs/reference/metrics.md
+++ b/docs/content/en/docs/reference/metrics.md
@@ -59,7 +59,7 @@ The total of errors encountered while fetching process exec information from the
| label | values |
| ----- | ------ |
| `error` | `nil_process_pid` |
-| `event_type` | `PROCESS_EXEC, PROCESS_EXIT, PROCESS_KPROBE, PROCESS_LOADER, PROCESS_THROTTLE, PROCESS_TRACEPOINT, PROCESS_UPROBE, RATE_LIMIT_INFO` |
+| `event_type` | `PROCESS_EXEC, PROCESS_EXIT, PROCESS_KPROBE, PROCESS_LOADER, PROCESS_LSM, PROCESS_THROTTLE, PROCESS_TRACEPOINT, PROCESS_UPROBE, RATE_LIMIT_INFO` |
### `tetragon_event_cache_parent_info_errors_total`
@@ -67,7 +67,7 @@ The total of times we failed to fetch cached parent info for a given event type.
| label | values |
| ----- | ------ |
-| `event_type` | `PROCESS_EXEC, PROCESS_EXIT, PROCESS_KPROBE, PROCESS_LOADER, PROCESS_THROTTLE, PROCESS_TRACEPOINT, PROCESS_UPROBE, RATE_LIMIT_INFO` |
+| `event_type` | `PROCESS_EXEC, PROCESS_EXIT, PROCESS_KPROBE, PROCESS_LOADER, PROCESS_LSM, PROCESS_THROTTLE, PROCESS_TRACEPOINT, PROCESS_UPROBE, RATE_LIMIT_INFO` |
### `tetragon_event_cache_pod_info_errors_total`
@@ -75,7 +75,7 @@ The total of times we failed to fetch cached pod info for a given event type.
| label | values |
| ----- | ------ |
-| `event_type` | `PROCESS_EXEC, PROCESS_EXIT, PROCESS_KPROBE, PROCESS_LOADER, PROCESS_THROTTLE, PROCESS_TRACEPOINT, PROCESS_UPROBE, RATE_LIMIT_INFO` |
+| `event_type` | `PROCESS_EXEC, PROCESS_EXIT, PROCESS_KPROBE, PROCESS_LOADER, PROCESS_LSM, PROCESS_THROTTLE, PROCESS_TRACEPOINT, PROCESS_UPROBE, RATE_LIMIT_INFO` |
### `tetragon_event_cache_process_info_errors_total`
@@ -83,7 +83,7 @@ The total of times we failed to fetch cached process info for a given event type
| label | values |
| ----- | ------ |
-| `event_type` | `PROCESS_EXEC, PROCESS_EXIT, PROCESS_KPROBE, PROCESS_LOADER, PROCESS_THROTTLE, PROCESS_TRACEPOINT, PROCESS_UPROBE, RATE_LIMIT_INFO` |
+| `event_type` | `PROCESS_EXEC, PROCESS_EXIT, PROCESS_KPROBE, PROCESS_LOADER, PROCESS_LSM, PROCESS_THROTTLE, PROCESS_TRACEPOINT, PROCESS_UPROBE, RATE_LIMIT_INFO` |
### `tetragon_event_cache_retries_total`
@@ -425,7 +425,7 @@ The total number of Tetragon events
| `binary` | `example-binary` |
| `namespace` | `example-namespace` |
| `pod ` | `example-pod` |
-| `type ` | `PROCESS_EXEC, PROCESS_EXIT, PROCESS_KPROBE, PROCESS_LOADER, PROCESS_THROTTLE, PROCESS_TRACEPOINT, PROCESS_UPROBE, RATE_LIMIT_INFO` |
+| `type ` | `PROCESS_EXEC, PROCESS_EXIT, PROCESS_KPROBE, PROCESS_LOADER, PROCESS_LSM, PROCESS_THROTTLE, PROCESS_TRACEPOINT, PROCESS_UPROBE, RATE_LIMIT_INFO` |
| `workload` | `example-workload` |
### `tetragon_policy_events_total`
diff --git a/install/kubernetes/tetragon/README.md b/install/kubernetes/tetragon/README.md
index 47ecd29e112..9f04562e11d 100644
--- a/install/kubernetes/tetragon/README.md
+++ b/install/kubernetes/tetragon/README.md
@@ -44,7 +44,7 @@ Helm chart for Tetragon
| tetragon.enableProcessCred | bool | `false` | |
| tetragon.enableProcessNs | bool | `false` | |
| tetragon.enabled | bool | `true` | |
-| tetragon.exportAllowList | string | `"{\"event_set\":[\"PROCESS_EXEC\", \"PROCESS_EXIT\", \"PROCESS_KPROBE\", \"PROCESS_UPROBE\", \"PROCESS_TRACEPOINT\"]}"` | |
+| tetragon.exportAllowList | string | `"{\"event_set\":[\"PROCESS_EXEC\", \"PROCESS_EXIT\", \"PROCESS_KPROBE\", \"PROCESS_UPROBE\", \"PROCESS_TRACEPOINT\", \"PROCESS_LSM\"]}"` | |
| tetragon.exportDenyList | string | `"{\"health_check\":true}\n{\"namespace\":[\"\", \"cilium\", \"kube-system\"]}"` | |
| tetragon.exportFileCompress | bool | `false` | |
| tetragon.exportFileMaxBackups | int | `5` | |
diff --git a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml
index f8699a4f451..d3b14464c16 100644
--- a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml
+++ b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpolicies.yaml
@@ -801,6 +801,574 @@ spec:
loader:
description: Enable loader events
type: boolean
+ lsmhooks:
+ description: A list of uprobe specs.
+ items:
+ properties:
+ args:
+ description: A list of function arguments to include in the
+ trace output.
+ items:
+ properties:
+ index:
+ description: Position of the argument.
+ format: int32
+ minimum: 0
+ type: integer
+ label:
+ description: Label to output in the JSON
+ type: string
+ maxData:
+ default: false
+ description: Read maximum possible data (currently 327360).
+ This field is only used for char_buff data. When this
+ value is false (default), the bpf program will fetch
+ at most 4096 bytes. In later kernels (>=5.4) tetragon
+ supports fetching up to 327360 bytes if this flag is
+ turned on
+ type: boolean
+ returnCopy:
+ default: false
+ description: This field is used only for char_buf and
+ char_iovec types. It indicates that this argument should
+ be read later (when the kretprobe for the symbol is
+ triggered) because it might not be populated when the
+ kprobe is triggered at the entrance of the function.
+ For example, a buffer supplied to read(2) won't have
+ content until kretprobe is triggered.
+ type: boolean
+ sizeArgIndex:
+ description: Specifies the position of the corresponding
+ size argument for this argument. This field is used
+ only for char_buf and char_iovec types.
+ format: int32
+ minimum: 0
+ type: integer
+ type:
+ default: auto
+ description: Argument type.
+ enum:
+ - auto
+ - int
+ - int8
+ - uint8
+ - int16
+ - uint16
+ - uint32
+ - int32
+ - uint64
+ - int64
+ - char_buf
+ - char_iovec
+ - size_t
+ - skb
+ - sock
+ - string
+ - fd
+ - file
+ - filename
+ - path
+ - nop
+ - bpf_attr
+ - perf_event
+ - bpf_map
+ - user_namespace
+ - capability
+ - kiocb
+ - iov_iter
+ - cred
+ - load_info
+ - module
+ - syscall64
+ - kernel_cap_t
+ - cap_inheritable
+ - cap_permitted
+ - cap_effective
+ - linux_binprm
+ - data_loc
+ - net_device
+ type: string
+ required:
+ - index
+ - type
+ type: object
+ type: array
+ hook:
+ description: Name of the function to apply the kprobe spec to.
+ type: string
+ message:
+ description: A short message of 256 characters max that will
+ be included in the event output to inform users what is going
+ on.
+ type: string
+ selectors:
+ description: Selectors to apply before producing trace output.
+ Selectors are ORed.
+ items:
+ description: KProbeSelector selects function calls for kprobe
+ based on PIDs and function arguments. The results of MatchPIDs
+ and MatchArgs are ANDed.
+ properties:
+ matchActions:
+ description: A list of actions to execute when this selector
+ matches
+ items:
+ properties:
+ action:
+ description: Action to execute.
+ enum:
+ - Post
+ - FollowFD
+ - UnfollowFD
+ - Sigkill
+ - CopyFD
+ - Override
+ - GetUrl
+ - DnsLookup
+ - NoPost
+ - Signal
+ - TrackSock
+ - UntrackSock
+ - NotifyEnforcer
+ type: string
+ argError:
+ description: error value for override action
+ format: int32
+ type: integer
+ argFd:
+ description: An arg index for the fd for fdInstall
+ action
+ format: int32
+ type: integer
+ argFqdn:
+ description: A FQDN to lookup for the dnsLookup
+ action
+ type: string
+ argName:
+ description: An arg index for the filename for fdInstall
+ action
+ format: int32
+ type: integer
+ argSig:
+ description: A signal number for signal action
+ format: int32
+ type: integer
+ argSock:
+ description: An arg index for the sock for trackSock
+ and untrackSock actions
+ format: int32
+ type: integer
+ argUrl:
+ description: A URL for the getUrl action
+ type: string
+ kernelStackTrace:
+ description: Enable kernel stack trace export. Only
+ valid with the post action.
+ type: boolean
+ rateLimit:
+ description: A time period within which repeated
+ messages will not be posted. Can be specified
+ in seconds (default or with 's' suffix), minutes
+ ('m' suffix) or hours ('h' suffix). Only valid
+ with the post action.
+ type: string
+ rateLimitScope:
+ description: The scope of the provided rate limit
+ argument. Can be "thread" (default), "process"
+ (all threads for the same process), or "global".
+ If "thread" is selected then rate limiting applies
+ per thread; if "process" is selected then rate
+ limiting applies per process; if "global" is selected
+ then rate limiting applies regardless of which
+ process or thread caused the action. Only valid
+ with the post action and with a rateLimit specified.
+ type: string
+ userStackTrace:
+ description: Enable user stack trace export. Only
+ valid with the post action.
+ type: boolean
+ required:
+ - action
+ type: object
+ type: array
+ matchArgs:
+ description: A list of argument filters. MatchArgs are
+ ANDed.
+ items:
+ properties:
+ index:
+ description: Position of the argument to apply fhe
+ filter to.
+ format: int32
+ minimum: 0
+ type: integer
+ operator:
+ description: Filter operation.
+ enum:
+ - Equal
+ - NotEqual
+ - Prefix
+ - NotPrefix
+ - Postfix
+ - NotPostfix
+ - GreaterThan
+ - LessThan
+ - GT
+ - LT
+ - Mask
+ - SPort
+ - NotSPort
+ - SPortPriv
+ - NotSportPriv
+ - DPort
+ - NotDPort
+ - DPortPriv
+ - NotDPortPriv
+ - SAddr
+ - NotSAddr
+ - DAddr
+ - NotDAddr
+ - Protocol
+ - Family
+ - State
+ - InMap
+ - NotInMap
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - index
+ - operator
+ type: object
+ type: array
+ matchBinaries:
+ description: A list of binary exec name filters.
+ items:
+ properties:
+ operator:
+ description: Filter operation.
+ enum:
+ - In
+ - NotIn
+ - Prefix
+ - NotPrefix
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchCapabilities:
+ description: A list of capabilities and IDs
+ items:
+ properties:
+ isNamespaceCapability:
+ default: false
+ description: Indicates whether these caps are namespace
+ caps.
+ type: boolean
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ type:
+ default: Effective
+ description: Type of capabilities
+ enum:
+ - Effective
+ - Inheritable
+ - Permitted
+ type: string
+ values:
+ description: Capabilities to match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchCapabilityChanges:
+ description: IDs for capabilities changes
+ items:
+ properties:
+ isNamespaceCapability:
+ default: false
+ description: Indicates whether these caps are namespace
+ caps.
+ type: boolean
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ type:
+ default: Effective
+ description: Type of capabilities
+ enum:
+ - Effective
+ - Inheritable
+ - Permitted
+ type: string
+ values:
+ description: Capabilities to match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchNamespaceChanges:
+ description: IDs for namespace changes
+ items:
+ properties:
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Namespace types (e.g., Mnt, Pid) to
+ match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchNamespaces:
+ description: A list of namespaces and IDs
+ items:
+ properties:
+ namespace:
+ description: Namespace selector name.
+ enum:
+ - Uts
+ - Ipc
+ - Mnt
+ - Pid
+ - PidForChildren
+ - Net
+ - Time
+ - TimeForChildren
+ - Cgroup
+ - User
+ type: string
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Namespace IDs (or host_ns for host
+ namespace) of namespaces to match.
+ items:
+ type: string
+ type: array
+ required:
+ - namespace
+ - operator
+ - values
+ type: object
+ type: array
+ matchPIDs:
+ description: A list of process ID filters. MatchPIDs are
+ ANDed.
+ items:
+ properties:
+ followForks:
+ default: false
+ description: Matches any descendant processes of
+ the matching PIDs.
+ type: boolean
+ isNamespacePID:
+ default: false
+ description: Indicates whether PIDs are namespace
+ PIDs.
+ type: boolean
+ operator:
+ description: PID selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Process IDs to match.
+ items:
+ format: int32
+ type: integer
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchReturnActions:
+ description: A list of actions to execute when MatchReturnArgs
+ selector matches
+ items:
+ properties:
+ action:
+ description: Action to execute.
+ enum:
+ - Post
+ - FollowFD
+ - UnfollowFD
+ - Sigkill
+ - CopyFD
+ - Override
+ - GetUrl
+ - DnsLookup
+ - NoPost
+ - Signal
+ - TrackSock
+ - UntrackSock
+ - NotifyEnforcer
+ type: string
+ argError:
+ description: error value for override action
+ format: int32
+ type: integer
+ argFd:
+ description: An arg index for the fd for fdInstall
+ action
+ format: int32
+ type: integer
+ argFqdn:
+ description: A FQDN to lookup for the dnsLookup
+ action
+ type: string
+ argName:
+ description: An arg index for the filename for fdInstall
+ action
+ format: int32
+ type: integer
+ argSig:
+ description: A signal number for signal action
+ format: int32
+ type: integer
+ argSock:
+ description: An arg index for the sock for trackSock
+ and untrackSock actions
+ format: int32
+ type: integer
+ argUrl:
+ description: A URL for the getUrl action
+ type: string
+ kernelStackTrace:
+ description: Enable kernel stack trace export. Only
+ valid with the post action.
+ type: boolean
+ rateLimit:
+ description: A time period within which repeated
+ messages will not be posted. Can be specified
+ in seconds (default or with 's' suffix), minutes
+ ('m' suffix) or hours ('h' suffix). Only valid
+ with the post action.
+ type: string
+ rateLimitScope:
+ description: The scope of the provided rate limit
+ argument. Can be "thread" (default), "process"
+ (all threads for the same process), or "global".
+ If "thread" is selected then rate limiting applies
+ per thread; if "process" is selected then rate
+ limiting applies per process; if "global" is selected
+ then rate limiting applies regardless of which
+ process or thread caused the action. Only valid
+ with the post action and with a rateLimit specified.
+ type: string
+ userStackTrace:
+ description: Enable user stack trace export. Only
+ valid with the post action.
+ type: boolean
+ required:
+ - action
+ type: object
+ type: array
+ matchReturnArgs:
+ description: A list of argument filters. MatchArgs are
+ ANDed.
+ items:
+ properties:
+ index:
+ description: Position of the argument to apply fhe
+ filter to.
+ format: int32
+ minimum: 0
+ type: integer
+ operator:
+ description: Filter operation.
+ enum:
+ - Equal
+ - NotEqual
+ - Prefix
+ - NotPrefix
+ - Postfix
+ - NotPostfix
+ - GreaterThan
+ - LessThan
+ - GT
+ - LT
+ - Mask
+ - SPort
+ - NotSPort
+ - SPortPriv
+ - NotSportPriv
+ - DPort
+ - NotDPort
+ - DPortPriv
+ - NotDPortPriv
+ - SAddr
+ - NotSAddr
+ - DAddr
+ - NotDAddr
+ - Protocol
+ - Family
+ - State
+ - InMap
+ - NotInMap
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - index
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ tags:
+ description: Tags to categorize the event, will be include in
+ the event output. Maximum of 16 Tags are supported.
+ items:
+ type: string
+ maxItems: 16
+ type: array
+ required:
+ - hook
+ type: object
+ type: array
options:
description: A list of overloaded options
items:
diff --git a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml
index 19b141f0b64..595c2db0235 100644
--- a/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml
+++ b/install/kubernetes/tetragon/crds-yaml/cilium.io_tracingpoliciesnamespaced.yaml
@@ -801,6 +801,574 @@ spec:
loader:
description: Enable loader events
type: boolean
+ lsmhooks:
+ description: A list of uprobe specs.
+ items:
+ properties:
+ args:
+ description: A list of function arguments to include in the
+ trace output.
+ items:
+ properties:
+ index:
+ description: Position of the argument.
+ format: int32
+ minimum: 0
+ type: integer
+ label:
+ description: Label to output in the JSON
+ type: string
+ maxData:
+ default: false
+ description: Read maximum possible data (currently 327360).
+ This field is only used for char_buff data. When this
+ value is false (default), the bpf program will fetch
+ at most 4096 bytes. In later kernels (>=5.4) tetragon
+ supports fetching up to 327360 bytes if this flag is
+ turned on
+ type: boolean
+ returnCopy:
+ default: false
+ description: This field is used only for char_buf and
+ char_iovec types. It indicates that this argument should
+ be read later (when the kretprobe for the symbol is
+ triggered) because it might not be populated when the
+ kprobe is triggered at the entrance of the function.
+ For example, a buffer supplied to read(2) won't have
+ content until kretprobe is triggered.
+ type: boolean
+ sizeArgIndex:
+ description: Specifies the position of the corresponding
+ size argument for this argument. This field is used
+ only for char_buf and char_iovec types.
+ format: int32
+ minimum: 0
+ type: integer
+ type:
+ default: auto
+ description: Argument type.
+ enum:
+ - auto
+ - int
+ - int8
+ - uint8
+ - int16
+ - uint16
+ - uint32
+ - int32
+ - uint64
+ - int64
+ - char_buf
+ - char_iovec
+ - size_t
+ - skb
+ - sock
+ - string
+ - fd
+ - file
+ - filename
+ - path
+ - nop
+ - bpf_attr
+ - perf_event
+ - bpf_map
+ - user_namespace
+ - capability
+ - kiocb
+ - iov_iter
+ - cred
+ - load_info
+ - module
+ - syscall64
+ - kernel_cap_t
+ - cap_inheritable
+ - cap_permitted
+ - cap_effective
+ - linux_binprm
+ - data_loc
+ - net_device
+ type: string
+ required:
+ - index
+ - type
+ type: object
+ type: array
+ hook:
+ description: Name of the function to apply the kprobe spec to.
+ type: string
+ message:
+ description: A short message of 256 characters max that will
+ be included in the event output to inform users what is going
+ on.
+ type: string
+ selectors:
+ description: Selectors to apply before producing trace output.
+ Selectors are ORed.
+ items:
+ description: KProbeSelector selects function calls for kprobe
+ based on PIDs and function arguments. The results of MatchPIDs
+ and MatchArgs are ANDed.
+ properties:
+ matchActions:
+ description: A list of actions to execute when this selector
+ matches
+ items:
+ properties:
+ action:
+ description: Action to execute.
+ enum:
+ - Post
+ - FollowFD
+ - UnfollowFD
+ - Sigkill
+ - CopyFD
+ - Override
+ - GetUrl
+ - DnsLookup
+ - NoPost
+ - Signal
+ - TrackSock
+ - UntrackSock
+ - NotifyEnforcer
+ type: string
+ argError:
+ description: error value for override action
+ format: int32
+ type: integer
+ argFd:
+ description: An arg index for the fd for fdInstall
+ action
+ format: int32
+ type: integer
+ argFqdn:
+ description: A FQDN to lookup for the dnsLookup
+ action
+ type: string
+ argName:
+ description: An arg index for the filename for fdInstall
+ action
+ format: int32
+ type: integer
+ argSig:
+ description: A signal number for signal action
+ format: int32
+ type: integer
+ argSock:
+ description: An arg index for the sock for trackSock
+ and untrackSock actions
+ format: int32
+ type: integer
+ argUrl:
+ description: A URL for the getUrl action
+ type: string
+ kernelStackTrace:
+ description: Enable kernel stack trace export. Only
+ valid with the post action.
+ type: boolean
+ rateLimit:
+ description: A time period within which repeated
+ messages will not be posted. Can be specified
+ in seconds (default or with 's' suffix), minutes
+ ('m' suffix) or hours ('h' suffix). Only valid
+ with the post action.
+ type: string
+ rateLimitScope:
+ description: The scope of the provided rate limit
+ argument. Can be "thread" (default), "process"
+ (all threads for the same process), or "global".
+ If "thread" is selected then rate limiting applies
+ per thread; if "process" is selected then rate
+ limiting applies per process; if "global" is selected
+ then rate limiting applies regardless of which
+ process or thread caused the action. Only valid
+ with the post action and with a rateLimit specified.
+ type: string
+ userStackTrace:
+ description: Enable user stack trace export. Only
+ valid with the post action.
+ type: boolean
+ required:
+ - action
+ type: object
+ type: array
+ matchArgs:
+ description: A list of argument filters. MatchArgs are
+ ANDed.
+ items:
+ properties:
+ index:
+ description: Position of the argument to apply fhe
+ filter to.
+ format: int32
+ minimum: 0
+ type: integer
+ operator:
+ description: Filter operation.
+ enum:
+ - Equal
+ - NotEqual
+ - Prefix
+ - NotPrefix
+ - Postfix
+ - NotPostfix
+ - GreaterThan
+ - LessThan
+ - GT
+ - LT
+ - Mask
+ - SPort
+ - NotSPort
+ - SPortPriv
+ - NotSportPriv
+ - DPort
+ - NotDPort
+ - DPortPriv
+ - NotDPortPriv
+ - SAddr
+ - NotSAddr
+ - DAddr
+ - NotDAddr
+ - Protocol
+ - Family
+ - State
+ - InMap
+ - NotInMap
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - index
+ - operator
+ type: object
+ type: array
+ matchBinaries:
+ description: A list of binary exec name filters.
+ items:
+ properties:
+ operator:
+ description: Filter operation.
+ enum:
+ - In
+ - NotIn
+ - Prefix
+ - NotPrefix
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchCapabilities:
+ description: A list of capabilities and IDs
+ items:
+ properties:
+ isNamespaceCapability:
+ default: false
+ description: Indicates whether these caps are namespace
+ caps.
+ type: boolean
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ type:
+ default: Effective
+ description: Type of capabilities
+ enum:
+ - Effective
+ - Inheritable
+ - Permitted
+ type: string
+ values:
+ description: Capabilities to match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchCapabilityChanges:
+ description: IDs for capabilities changes
+ items:
+ properties:
+ isNamespaceCapability:
+ default: false
+ description: Indicates whether these caps are namespace
+ caps.
+ type: boolean
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ type:
+ default: Effective
+ description: Type of capabilities
+ enum:
+ - Effective
+ - Inheritable
+ - Permitted
+ type: string
+ values:
+ description: Capabilities to match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchNamespaceChanges:
+ description: IDs for namespace changes
+ items:
+ properties:
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Namespace types (e.g., Mnt, Pid) to
+ match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchNamespaces:
+ description: A list of namespaces and IDs
+ items:
+ properties:
+ namespace:
+ description: Namespace selector name.
+ enum:
+ - Uts
+ - Ipc
+ - Mnt
+ - Pid
+ - PidForChildren
+ - Net
+ - Time
+ - TimeForChildren
+ - Cgroup
+ - User
+ type: string
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Namespace IDs (or host_ns for host
+ namespace) of namespaces to match.
+ items:
+ type: string
+ type: array
+ required:
+ - namespace
+ - operator
+ - values
+ type: object
+ type: array
+ matchPIDs:
+ description: A list of process ID filters. MatchPIDs are
+ ANDed.
+ items:
+ properties:
+ followForks:
+ default: false
+ description: Matches any descendant processes of
+ the matching PIDs.
+ type: boolean
+ isNamespacePID:
+ default: false
+ description: Indicates whether PIDs are namespace
+ PIDs.
+ type: boolean
+ operator:
+ description: PID selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Process IDs to match.
+ items:
+ format: int32
+ type: integer
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchReturnActions:
+ description: A list of actions to execute when MatchReturnArgs
+ selector matches
+ items:
+ properties:
+ action:
+ description: Action to execute.
+ enum:
+ - Post
+ - FollowFD
+ - UnfollowFD
+ - Sigkill
+ - CopyFD
+ - Override
+ - GetUrl
+ - DnsLookup
+ - NoPost
+ - Signal
+ - TrackSock
+ - UntrackSock
+ - NotifyEnforcer
+ type: string
+ argError:
+ description: error value for override action
+ format: int32
+ type: integer
+ argFd:
+ description: An arg index for the fd for fdInstall
+ action
+ format: int32
+ type: integer
+ argFqdn:
+ description: A FQDN to lookup for the dnsLookup
+ action
+ type: string
+ argName:
+ description: An arg index for the filename for fdInstall
+ action
+ format: int32
+ type: integer
+ argSig:
+ description: A signal number for signal action
+ format: int32
+ type: integer
+ argSock:
+ description: An arg index for the sock for trackSock
+ and untrackSock actions
+ format: int32
+ type: integer
+ argUrl:
+ description: A URL for the getUrl action
+ type: string
+ kernelStackTrace:
+ description: Enable kernel stack trace export. Only
+ valid with the post action.
+ type: boolean
+ rateLimit:
+ description: A time period within which repeated
+ messages will not be posted. Can be specified
+ in seconds (default or with 's' suffix), minutes
+ ('m' suffix) or hours ('h' suffix). Only valid
+ with the post action.
+ type: string
+ rateLimitScope:
+ description: The scope of the provided rate limit
+ argument. Can be "thread" (default), "process"
+ (all threads for the same process), or "global".
+ If "thread" is selected then rate limiting applies
+ per thread; if "process" is selected then rate
+ limiting applies per process; if "global" is selected
+ then rate limiting applies regardless of which
+ process or thread caused the action. Only valid
+ with the post action and with a rateLimit specified.
+ type: string
+ userStackTrace:
+ description: Enable user stack trace export. Only
+ valid with the post action.
+ type: boolean
+ required:
+ - action
+ type: object
+ type: array
+ matchReturnArgs:
+ description: A list of argument filters. MatchArgs are
+ ANDed.
+ items:
+ properties:
+ index:
+ description: Position of the argument to apply fhe
+ filter to.
+ format: int32
+ minimum: 0
+ type: integer
+ operator:
+ description: Filter operation.
+ enum:
+ - Equal
+ - NotEqual
+ - Prefix
+ - NotPrefix
+ - Postfix
+ - NotPostfix
+ - GreaterThan
+ - LessThan
+ - GT
+ - LT
+ - Mask
+ - SPort
+ - NotSPort
+ - SPortPriv
+ - NotSportPriv
+ - DPort
+ - NotDPort
+ - DPortPriv
+ - NotDPortPriv
+ - SAddr
+ - NotSAddr
+ - DAddr
+ - NotDAddr
+ - Protocol
+ - Family
+ - State
+ - InMap
+ - NotInMap
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - index
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ tags:
+ description: Tags to categorize the event, will be include in
+ the event output. Maximum of 16 Tags are supported.
+ items:
+ type: string
+ maxItems: 16
+ type: array
+ required:
+ - hook
+ type: object
+ type: array
options:
description: A list of overloaded options
items:
diff --git a/install/kubernetes/tetragon/values.yaml b/install/kubernetes/tetragon/values.yaml
index 23348909d88..053da80b180 100644
--- a/install/kubernetes/tetragon/values.yaml
+++ b/install/kubernetes/tetragon/values.yaml
@@ -89,7 +89,7 @@ tetragon:
# exportAllowList: |
# {"namespace":["default"],"event_set":["PROCESS_EXEC"]}
exportAllowList: |-
- {"event_set":["PROCESS_EXEC", "PROCESS_EXIT", "PROCESS_KPROBE", "PROCESS_UPROBE", "PROCESS_TRACEPOINT"]}
+ {"event_set":["PROCESS_EXEC", "PROCESS_EXIT", "PROCESS_KPROBE", "PROCESS_UPROBE", "PROCESS_TRACEPOINT", "PROCESS_LSM"]}
# Denylist for JSON export. For example, to exclude exec events that look similar to
# Kubernetes health checks and all the events from kube-system namespace and the host:
#
diff --git a/pkg/api/ops/ops.go b/pkg/api/ops/ops.go
index d62111ed9a0..783660f0e0a 100644
--- a/pkg/api/ops/ops.go
+++ b/pkg/api/ops/ops.go
@@ -23,6 +23,7 @@ const (
MSG_OP_GENERIC_KPROBE = 13
MSG_OP_GENERIC_TRACEPOINT = 14
MSG_OP_GENERIC_UPROBE = 15
+ MSG_OP_GENERIC_LSM = 16
// MSG_OP_CLONE notifies user-space that a clone() event has occurred.
MSG_OP_CLONE = 23
diff --git a/pkg/bpf/detect.go b/pkg/bpf/detect.go
index bbed59a3074..95472fe75e4 100644
--- a/pkg/bpf/detect.go
+++ b/pkg/bpf/detect.go
@@ -218,8 +218,12 @@ func HasProgramLargeSize() bool {
return features.HaveLargeInstructions() == nil
}
+func HasLSMPrograms() bool {
+ return features.HaveProgramType(ebpf.LSM) == nil
+}
+
func LogFeatures() string {
- return fmt.Sprintf("override_return: %t, buildid: %t, kprobe_multi: %t, uprobe_multi %t, fmodret: %t, fmodret_syscall: %t, signal: %t, large: %t",
+ return fmt.Sprintf("override_return: %t, buildid: %t, kprobe_multi: %t, uprobe_multi %t, fmodret: %t, fmodret_syscall: %t, signal: %t, large: %t, lsm: %t",
HasOverrideHelper(), HasBuildId(), HasKprobeMulti(), HasUprobeMulti(),
- HasModifyReturn(), HasModifyReturnSyscall(), HasSignalHelper(), HasProgramLargeSize())
+ HasModifyReturn(), HasModifyReturnSyscall(), HasSignalHelper(), HasProgramLargeSize(), HasLSMPrograms())
}
diff --git a/pkg/grpc/tracing/tracing.go b/pkg/grpc/tracing/tracing.go
index 1b35fdba258..82681888853 100644
--- a/pkg/grpc/tracing/tracing.go
+++ b/pkg/grpc/tracing/tracing.go
@@ -815,6 +815,119 @@ func (msg *MsgGenericUprobeUnix) Cast(o interface{}) notify.Message {
return &t
}
+type MsgGenericLsmUnix struct {
+ Msg *tracingapi.MsgGenericKprobe
+ Hook string
+ Args []tracingapi.MsgGenericKprobeArg
+ PolicyName string
+ Message string
+ KernelStackTrace [unix.PERF_MAX_STACK_DEPTH]uint64
+ UserStackTrace [unix.PERF_MAX_STACK_DEPTH]uint64
+ Tags []string
+}
+
+func (msg *MsgGenericLsmUnix) Notify() bool {
+ return true
+}
+
+func (msg *MsgGenericLsmUnix) RetryInternal(ev notify.Event, timestamp uint64) (*process.ProcessInternal, error) {
+ return eventcache.HandleGenericInternal(ev, msg.Msg.ProcessKey.Pid, &msg.Msg.Tid, timestamp)
+}
+
+func (msg *MsgGenericLsmUnix) Retry(internal *process.ProcessInternal, ev notify.Event) error {
+ return eventcache.HandleGenericEvent(internal, ev, &msg.Msg.Tid)
+}
+
+func (msg *MsgGenericLsmUnix) HandleMessage() *tetragon.GetEventsResponse {
+ k := GetProcessLsm(msg)
+ if k == nil {
+ return nil
+ }
+ return &tetragon.GetEventsResponse{
+ Event: &tetragon.GetEventsResponse_ProcessLsm{ProcessLsm: k},
+ NodeName: nodeName,
+ Time: ktime.ToProto(msg.Msg.Common.Ktime),
+ }
+}
+
+func (msg *MsgGenericLsmUnix) Cast(o interface{}) notify.Message {
+ t := o.(MsgGenericLsmUnix)
+ return &t
+}
+
+func (msg *MsgGenericLsmUnix) PolicyInfo() tracingpolicy.PolicyInfo {
+ return tracingpolicy.PolicyInfo{
+ Name: msg.PolicyName,
+ Hook: fmt.Sprintf("lsm:%s", msg.Hook),
+ }
+}
+
+func GetProcessLsm(event *MsgGenericLsmUnix) *tetragon.ProcessLsm {
+ var tetragonParent, tetragonProcess *tetragon.Process
+ var tetragonArgs []*tetragon.KprobeArgument
+
+ proc, parent := process.GetParentProcessInternal(event.Msg.ProcessKey.Pid, event.Msg.ProcessKey.Ktime)
+ if proc == nil {
+ tetragonProcess = &tetragon.Process{
+ Pid: &wrapperspb.UInt32Value{Value: event.Msg.ProcessKey.Pid},
+ StartTime: ktime.ToProto(event.Msg.ProcessKey.Ktime),
+ }
+ } else {
+ tetragonProcess = proc.UnsafeGetProcess()
+ if err := proc.AnnotateProcess(option.Config.EnableProcessCred, option.Config.EnableProcessNs); err != nil {
+ logger.GetLogger().WithError(err).WithField("processId", tetragonProcess.Pid).Debugf("Failed to annotate process with capabilities and namespaces info")
+ }
+ }
+ if parent != nil {
+ tetragonParent = parent.UnsafeGetProcess()
+ }
+
+ for _, arg := range event.Args {
+ a := getKprobeArgument(arg)
+ tetragonArgs = append(tetragonArgs, a)
+ }
+
+ tetragonEvent := &tetragon.ProcessLsm{
+ Process: tetragonProcess,
+ Parent: tetragonParent,
+ FunctionName: event.Hook,
+ Args: tetragonArgs,
+ Action: kprobeAction(event.Msg.ActionId),
+ PolicyName: event.PolicyName,
+ Message: event.Message,
+ Tags: event.Tags,
+ }
+
+ if tetragonProcess.Pid == nil {
+ eventcachemetrics.EventCacheError(eventcachemetrics.NilProcessPid, notify.EventType(tetragonEvent)).Inc()
+ return nil
+ }
+
+ if ec := eventcache.Get(); ec != nil &&
+ (ec.Needed(tetragonProcess) ||
+ (tetragonProcess.Pid.Value > 1 && ec.Needed(tetragonParent))) {
+ ec.Add(nil, tetragonEvent, event.Msg.Common.Ktime, event.Msg.ProcessKey.Ktime, event)
+ return nil
+ }
+
+ if proc != nil {
+ // At kprobes we report the per thread fields, so take a copy
+ // of the thread leader from the cache then update the corresponding
+ // per thread fields.
+ //
+ // The cost to get this is relatively high because it requires a
+ // deep copy of all the fields of the thread leader from the cache in
+ // order to safely modify them, to not corrupt gRPC streams.
+ tetragonEvent.Process = proc.GetProcessCopy()
+ process.UpdateEventProcessTid(tetragonEvent.Process, &event.Msg.Tid)
+ }
+ if parent != nil {
+ tetragonEvent.Parent = tetragonParent
+ }
+
+ return tetragonEvent
+}
+
type MsgProcessThrottleUnix struct {
Type tetragon.ThrottleType
Cgroup string
diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml
index f8699a4f451..d3b14464c16 100644
--- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml
+++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml
@@ -801,6 +801,574 @@ spec:
loader:
description: Enable loader events
type: boolean
+ lsmhooks:
+ description: A list of uprobe specs.
+ items:
+ properties:
+ args:
+ description: A list of function arguments to include in the
+ trace output.
+ items:
+ properties:
+ index:
+ description: Position of the argument.
+ format: int32
+ minimum: 0
+ type: integer
+ label:
+ description: Label to output in the JSON
+ type: string
+ maxData:
+ default: false
+ description: Read maximum possible data (currently 327360).
+ This field is only used for char_buff data. When this
+ value is false (default), the bpf program will fetch
+ at most 4096 bytes. In later kernels (>=5.4) tetragon
+ supports fetching up to 327360 bytes if this flag is
+ turned on
+ type: boolean
+ returnCopy:
+ default: false
+ description: This field is used only for char_buf and
+ char_iovec types. It indicates that this argument should
+ be read later (when the kretprobe for the symbol is
+ triggered) because it might not be populated when the
+ kprobe is triggered at the entrance of the function.
+ For example, a buffer supplied to read(2) won't have
+ content until kretprobe is triggered.
+ type: boolean
+ sizeArgIndex:
+ description: Specifies the position of the corresponding
+ size argument for this argument. This field is used
+ only for char_buf and char_iovec types.
+ format: int32
+ minimum: 0
+ type: integer
+ type:
+ default: auto
+ description: Argument type.
+ enum:
+ - auto
+ - int
+ - int8
+ - uint8
+ - int16
+ - uint16
+ - uint32
+ - int32
+ - uint64
+ - int64
+ - char_buf
+ - char_iovec
+ - size_t
+ - skb
+ - sock
+ - string
+ - fd
+ - file
+ - filename
+ - path
+ - nop
+ - bpf_attr
+ - perf_event
+ - bpf_map
+ - user_namespace
+ - capability
+ - kiocb
+ - iov_iter
+ - cred
+ - load_info
+ - module
+ - syscall64
+ - kernel_cap_t
+ - cap_inheritable
+ - cap_permitted
+ - cap_effective
+ - linux_binprm
+ - data_loc
+ - net_device
+ type: string
+ required:
+ - index
+ - type
+ type: object
+ type: array
+ hook:
+ description: Name of the function to apply the kprobe spec to.
+ type: string
+ message:
+ description: A short message of 256 characters max that will
+ be included in the event output to inform users what is going
+ on.
+ type: string
+ selectors:
+ description: Selectors to apply before producing trace output.
+ Selectors are ORed.
+ items:
+ description: KProbeSelector selects function calls for kprobe
+ based on PIDs and function arguments. The results of MatchPIDs
+ and MatchArgs are ANDed.
+ properties:
+ matchActions:
+ description: A list of actions to execute when this selector
+ matches
+ items:
+ properties:
+ action:
+ description: Action to execute.
+ enum:
+ - Post
+ - FollowFD
+ - UnfollowFD
+ - Sigkill
+ - CopyFD
+ - Override
+ - GetUrl
+ - DnsLookup
+ - NoPost
+ - Signal
+ - TrackSock
+ - UntrackSock
+ - NotifyEnforcer
+ type: string
+ argError:
+ description: error value for override action
+ format: int32
+ type: integer
+ argFd:
+ description: An arg index for the fd for fdInstall
+ action
+ format: int32
+ type: integer
+ argFqdn:
+ description: A FQDN to lookup for the dnsLookup
+ action
+ type: string
+ argName:
+ description: An arg index for the filename for fdInstall
+ action
+ format: int32
+ type: integer
+ argSig:
+ description: A signal number for signal action
+ format: int32
+ type: integer
+ argSock:
+ description: An arg index for the sock for trackSock
+ and untrackSock actions
+ format: int32
+ type: integer
+ argUrl:
+ description: A URL for the getUrl action
+ type: string
+ kernelStackTrace:
+ description: Enable kernel stack trace export. Only
+ valid with the post action.
+ type: boolean
+ rateLimit:
+ description: A time period within which repeated
+ messages will not be posted. Can be specified
+ in seconds (default or with 's' suffix), minutes
+ ('m' suffix) or hours ('h' suffix). Only valid
+ with the post action.
+ type: string
+ rateLimitScope:
+ description: The scope of the provided rate limit
+ argument. Can be "thread" (default), "process"
+ (all threads for the same process), or "global".
+ If "thread" is selected then rate limiting applies
+ per thread; if "process" is selected then rate
+ limiting applies per process; if "global" is selected
+ then rate limiting applies regardless of which
+ process or thread caused the action. Only valid
+ with the post action and with a rateLimit specified.
+ type: string
+ userStackTrace:
+ description: Enable user stack trace export. Only
+ valid with the post action.
+ type: boolean
+ required:
+ - action
+ type: object
+ type: array
+ matchArgs:
+ description: A list of argument filters. MatchArgs are
+ ANDed.
+ items:
+ properties:
+ index:
+ description: Position of the argument to apply fhe
+ filter to.
+ format: int32
+ minimum: 0
+ type: integer
+ operator:
+ description: Filter operation.
+ enum:
+ - Equal
+ - NotEqual
+ - Prefix
+ - NotPrefix
+ - Postfix
+ - NotPostfix
+ - GreaterThan
+ - LessThan
+ - GT
+ - LT
+ - Mask
+ - SPort
+ - NotSPort
+ - SPortPriv
+ - NotSportPriv
+ - DPort
+ - NotDPort
+ - DPortPriv
+ - NotDPortPriv
+ - SAddr
+ - NotSAddr
+ - DAddr
+ - NotDAddr
+ - Protocol
+ - Family
+ - State
+ - InMap
+ - NotInMap
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - index
+ - operator
+ type: object
+ type: array
+ matchBinaries:
+ description: A list of binary exec name filters.
+ items:
+ properties:
+ operator:
+ description: Filter operation.
+ enum:
+ - In
+ - NotIn
+ - Prefix
+ - NotPrefix
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchCapabilities:
+ description: A list of capabilities and IDs
+ items:
+ properties:
+ isNamespaceCapability:
+ default: false
+ description: Indicates whether these caps are namespace
+ caps.
+ type: boolean
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ type:
+ default: Effective
+ description: Type of capabilities
+ enum:
+ - Effective
+ - Inheritable
+ - Permitted
+ type: string
+ values:
+ description: Capabilities to match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchCapabilityChanges:
+ description: IDs for capabilities changes
+ items:
+ properties:
+ isNamespaceCapability:
+ default: false
+ description: Indicates whether these caps are namespace
+ caps.
+ type: boolean
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ type:
+ default: Effective
+ description: Type of capabilities
+ enum:
+ - Effective
+ - Inheritable
+ - Permitted
+ type: string
+ values:
+ description: Capabilities to match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchNamespaceChanges:
+ description: IDs for namespace changes
+ items:
+ properties:
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Namespace types (e.g., Mnt, Pid) to
+ match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchNamespaces:
+ description: A list of namespaces and IDs
+ items:
+ properties:
+ namespace:
+ description: Namespace selector name.
+ enum:
+ - Uts
+ - Ipc
+ - Mnt
+ - Pid
+ - PidForChildren
+ - Net
+ - Time
+ - TimeForChildren
+ - Cgroup
+ - User
+ type: string
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Namespace IDs (or host_ns for host
+ namespace) of namespaces to match.
+ items:
+ type: string
+ type: array
+ required:
+ - namespace
+ - operator
+ - values
+ type: object
+ type: array
+ matchPIDs:
+ description: A list of process ID filters. MatchPIDs are
+ ANDed.
+ items:
+ properties:
+ followForks:
+ default: false
+ description: Matches any descendant processes of
+ the matching PIDs.
+ type: boolean
+ isNamespacePID:
+ default: false
+ description: Indicates whether PIDs are namespace
+ PIDs.
+ type: boolean
+ operator:
+ description: PID selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Process IDs to match.
+ items:
+ format: int32
+ type: integer
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchReturnActions:
+ description: A list of actions to execute when MatchReturnArgs
+ selector matches
+ items:
+ properties:
+ action:
+ description: Action to execute.
+ enum:
+ - Post
+ - FollowFD
+ - UnfollowFD
+ - Sigkill
+ - CopyFD
+ - Override
+ - GetUrl
+ - DnsLookup
+ - NoPost
+ - Signal
+ - TrackSock
+ - UntrackSock
+ - NotifyEnforcer
+ type: string
+ argError:
+ description: error value for override action
+ format: int32
+ type: integer
+ argFd:
+ description: An arg index for the fd for fdInstall
+ action
+ format: int32
+ type: integer
+ argFqdn:
+ description: A FQDN to lookup for the dnsLookup
+ action
+ type: string
+ argName:
+ description: An arg index for the filename for fdInstall
+ action
+ format: int32
+ type: integer
+ argSig:
+ description: A signal number for signal action
+ format: int32
+ type: integer
+ argSock:
+ description: An arg index for the sock for trackSock
+ and untrackSock actions
+ format: int32
+ type: integer
+ argUrl:
+ description: A URL for the getUrl action
+ type: string
+ kernelStackTrace:
+ description: Enable kernel stack trace export. Only
+ valid with the post action.
+ type: boolean
+ rateLimit:
+ description: A time period within which repeated
+ messages will not be posted. Can be specified
+ in seconds (default or with 's' suffix), minutes
+ ('m' suffix) or hours ('h' suffix). Only valid
+ with the post action.
+ type: string
+ rateLimitScope:
+ description: The scope of the provided rate limit
+ argument. Can be "thread" (default), "process"
+ (all threads for the same process), or "global".
+ If "thread" is selected then rate limiting applies
+ per thread; if "process" is selected then rate
+ limiting applies per process; if "global" is selected
+ then rate limiting applies regardless of which
+ process or thread caused the action. Only valid
+ with the post action and with a rateLimit specified.
+ type: string
+ userStackTrace:
+ description: Enable user stack trace export. Only
+ valid with the post action.
+ type: boolean
+ required:
+ - action
+ type: object
+ type: array
+ matchReturnArgs:
+ description: A list of argument filters. MatchArgs are
+ ANDed.
+ items:
+ properties:
+ index:
+ description: Position of the argument to apply fhe
+ filter to.
+ format: int32
+ minimum: 0
+ type: integer
+ operator:
+ description: Filter operation.
+ enum:
+ - Equal
+ - NotEqual
+ - Prefix
+ - NotPrefix
+ - Postfix
+ - NotPostfix
+ - GreaterThan
+ - LessThan
+ - GT
+ - LT
+ - Mask
+ - SPort
+ - NotSPort
+ - SPortPriv
+ - NotSportPriv
+ - DPort
+ - NotDPort
+ - DPortPriv
+ - NotDPortPriv
+ - SAddr
+ - NotSAddr
+ - DAddr
+ - NotDAddr
+ - Protocol
+ - Family
+ - State
+ - InMap
+ - NotInMap
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - index
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ tags:
+ description: Tags to categorize the event, will be include in
+ the event output. Maximum of 16 Tags are supported.
+ items:
+ type: string
+ maxItems: 16
+ type: array
+ required:
+ - hook
+ type: object
+ type: array
options:
description: A list of overloaded options
items:
diff --git a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml
index 19b141f0b64..595c2db0235 100644
--- a/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml
+++ b/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml
@@ -801,6 +801,574 @@ spec:
loader:
description: Enable loader events
type: boolean
+ lsmhooks:
+ description: A list of uprobe specs.
+ items:
+ properties:
+ args:
+ description: A list of function arguments to include in the
+ trace output.
+ items:
+ properties:
+ index:
+ description: Position of the argument.
+ format: int32
+ minimum: 0
+ type: integer
+ label:
+ description: Label to output in the JSON
+ type: string
+ maxData:
+ default: false
+ description: Read maximum possible data (currently 327360).
+ This field is only used for char_buff data. When this
+ value is false (default), the bpf program will fetch
+ at most 4096 bytes. In later kernels (>=5.4) tetragon
+ supports fetching up to 327360 bytes if this flag is
+ turned on
+ type: boolean
+ returnCopy:
+ default: false
+ description: This field is used only for char_buf and
+ char_iovec types. It indicates that this argument should
+ be read later (when the kretprobe for the symbol is
+ triggered) because it might not be populated when the
+ kprobe is triggered at the entrance of the function.
+ For example, a buffer supplied to read(2) won't have
+ content until kretprobe is triggered.
+ type: boolean
+ sizeArgIndex:
+ description: Specifies the position of the corresponding
+ size argument for this argument. This field is used
+ only for char_buf and char_iovec types.
+ format: int32
+ minimum: 0
+ type: integer
+ type:
+ default: auto
+ description: Argument type.
+ enum:
+ - auto
+ - int
+ - int8
+ - uint8
+ - int16
+ - uint16
+ - uint32
+ - int32
+ - uint64
+ - int64
+ - char_buf
+ - char_iovec
+ - size_t
+ - skb
+ - sock
+ - string
+ - fd
+ - file
+ - filename
+ - path
+ - nop
+ - bpf_attr
+ - perf_event
+ - bpf_map
+ - user_namespace
+ - capability
+ - kiocb
+ - iov_iter
+ - cred
+ - load_info
+ - module
+ - syscall64
+ - kernel_cap_t
+ - cap_inheritable
+ - cap_permitted
+ - cap_effective
+ - linux_binprm
+ - data_loc
+ - net_device
+ type: string
+ required:
+ - index
+ - type
+ type: object
+ type: array
+ hook:
+ description: Name of the function to apply the kprobe spec to.
+ type: string
+ message:
+ description: A short message of 256 characters max that will
+ be included in the event output to inform users what is going
+ on.
+ type: string
+ selectors:
+ description: Selectors to apply before producing trace output.
+ Selectors are ORed.
+ items:
+ description: KProbeSelector selects function calls for kprobe
+ based on PIDs and function arguments. The results of MatchPIDs
+ and MatchArgs are ANDed.
+ properties:
+ matchActions:
+ description: A list of actions to execute when this selector
+ matches
+ items:
+ properties:
+ action:
+ description: Action to execute.
+ enum:
+ - Post
+ - FollowFD
+ - UnfollowFD
+ - Sigkill
+ - CopyFD
+ - Override
+ - GetUrl
+ - DnsLookup
+ - NoPost
+ - Signal
+ - TrackSock
+ - UntrackSock
+ - NotifyEnforcer
+ type: string
+ argError:
+ description: error value for override action
+ format: int32
+ type: integer
+ argFd:
+ description: An arg index for the fd for fdInstall
+ action
+ format: int32
+ type: integer
+ argFqdn:
+ description: A FQDN to lookup for the dnsLookup
+ action
+ type: string
+ argName:
+ description: An arg index for the filename for fdInstall
+ action
+ format: int32
+ type: integer
+ argSig:
+ description: A signal number for signal action
+ format: int32
+ type: integer
+ argSock:
+ description: An arg index for the sock for trackSock
+ and untrackSock actions
+ format: int32
+ type: integer
+ argUrl:
+ description: A URL for the getUrl action
+ type: string
+ kernelStackTrace:
+ description: Enable kernel stack trace export. Only
+ valid with the post action.
+ type: boolean
+ rateLimit:
+ description: A time period within which repeated
+ messages will not be posted. Can be specified
+ in seconds (default or with 's' suffix), minutes
+ ('m' suffix) or hours ('h' suffix). Only valid
+ with the post action.
+ type: string
+ rateLimitScope:
+ description: The scope of the provided rate limit
+ argument. Can be "thread" (default), "process"
+ (all threads for the same process), or "global".
+ If "thread" is selected then rate limiting applies
+ per thread; if "process" is selected then rate
+ limiting applies per process; if "global" is selected
+ then rate limiting applies regardless of which
+ process or thread caused the action. Only valid
+ with the post action and with a rateLimit specified.
+ type: string
+ userStackTrace:
+ description: Enable user stack trace export. Only
+ valid with the post action.
+ type: boolean
+ required:
+ - action
+ type: object
+ type: array
+ matchArgs:
+ description: A list of argument filters. MatchArgs are
+ ANDed.
+ items:
+ properties:
+ index:
+ description: Position of the argument to apply fhe
+ filter to.
+ format: int32
+ minimum: 0
+ type: integer
+ operator:
+ description: Filter operation.
+ enum:
+ - Equal
+ - NotEqual
+ - Prefix
+ - NotPrefix
+ - Postfix
+ - NotPostfix
+ - GreaterThan
+ - LessThan
+ - GT
+ - LT
+ - Mask
+ - SPort
+ - NotSPort
+ - SPortPriv
+ - NotSportPriv
+ - DPort
+ - NotDPort
+ - DPortPriv
+ - NotDPortPriv
+ - SAddr
+ - NotSAddr
+ - DAddr
+ - NotDAddr
+ - Protocol
+ - Family
+ - State
+ - InMap
+ - NotInMap
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - index
+ - operator
+ type: object
+ type: array
+ matchBinaries:
+ description: A list of binary exec name filters.
+ items:
+ properties:
+ operator:
+ description: Filter operation.
+ enum:
+ - In
+ - NotIn
+ - Prefix
+ - NotPrefix
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchCapabilities:
+ description: A list of capabilities and IDs
+ items:
+ properties:
+ isNamespaceCapability:
+ default: false
+ description: Indicates whether these caps are namespace
+ caps.
+ type: boolean
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ type:
+ default: Effective
+ description: Type of capabilities
+ enum:
+ - Effective
+ - Inheritable
+ - Permitted
+ type: string
+ values:
+ description: Capabilities to match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchCapabilityChanges:
+ description: IDs for capabilities changes
+ items:
+ properties:
+ isNamespaceCapability:
+ default: false
+ description: Indicates whether these caps are namespace
+ caps.
+ type: boolean
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ type:
+ default: Effective
+ description: Type of capabilities
+ enum:
+ - Effective
+ - Inheritable
+ - Permitted
+ type: string
+ values:
+ description: Capabilities to match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchNamespaceChanges:
+ description: IDs for namespace changes
+ items:
+ properties:
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Namespace types (e.g., Mnt, Pid) to
+ match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchNamespaces:
+ description: A list of namespaces and IDs
+ items:
+ properties:
+ namespace:
+ description: Namespace selector name.
+ enum:
+ - Uts
+ - Ipc
+ - Mnt
+ - Pid
+ - PidForChildren
+ - Net
+ - Time
+ - TimeForChildren
+ - Cgroup
+ - User
+ type: string
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Namespace IDs (or host_ns for host
+ namespace) of namespaces to match.
+ items:
+ type: string
+ type: array
+ required:
+ - namespace
+ - operator
+ - values
+ type: object
+ type: array
+ matchPIDs:
+ description: A list of process ID filters. MatchPIDs are
+ ANDed.
+ items:
+ properties:
+ followForks:
+ default: false
+ description: Matches any descendant processes of
+ the matching PIDs.
+ type: boolean
+ isNamespacePID:
+ default: false
+ description: Indicates whether PIDs are namespace
+ PIDs.
+ type: boolean
+ operator:
+ description: PID selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Process IDs to match.
+ items:
+ format: int32
+ type: integer
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchReturnActions:
+ description: A list of actions to execute when MatchReturnArgs
+ selector matches
+ items:
+ properties:
+ action:
+ description: Action to execute.
+ enum:
+ - Post
+ - FollowFD
+ - UnfollowFD
+ - Sigkill
+ - CopyFD
+ - Override
+ - GetUrl
+ - DnsLookup
+ - NoPost
+ - Signal
+ - TrackSock
+ - UntrackSock
+ - NotifyEnforcer
+ type: string
+ argError:
+ description: error value for override action
+ format: int32
+ type: integer
+ argFd:
+ description: An arg index for the fd for fdInstall
+ action
+ format: int32
+ type: integer
+ argFqdn:
+ description: A FQDN to lookup for the dnsLookup
+ action
+ type: string
+ argName:
+ description: An arg index for the filename for fdInstall
+ action
+ format: int32
+ type: integer
+ argSig:
+ description: A signal number for signal action
+ format: int32
+ type: integer
+ argSock:
+ description: An arg index for the sock for trackSock
+ and untrackSock actions
+ format: int32
+ type: integer
+ argUrl:
+ description: A URL for the getUrl action
+ type: string
+ kernelStackTrace:
+ description: Enable kernel stack trace export. Only
+ valid with the post action.
+ type: boolean
+ rateLimit:
+ description: A time period within which repeated
+ messages will not be posted. Can be specified
+ in seconds (default or with 's' suffix), minutes
+ ('m' suffix) or hours ('h' suffix). Only valid
+ with the post action.
+ type: string
+ rateLimitScope:
+ description: The scope of the provided rate limit
+ argument. Can be "thread" (default), "process"
+ (all threads for the same process), or "global".
+ If "thread" is selected then rate limiting applies
+ per thread; if "process" is selected then rate
+ limiting applies per process; if "global" is selected
+ then rate limiting applies regardless of which
+ process or thread caused the action. Only valid
+ with the post action and with a rateLimit specified.
+ type: string
+ userStackTrace:
+ description: Enable user stack trace export. Only
+ valid with the post action.
+ type: boolean
+ required:
+ - action
+ type: object
+ type: array
+ matchReturnArgs:
+ description: A list of argument filters. MatchArgs are
+ ANDed.
+ items:
+ properties:
+ index:
+ description: Position of the argument to apply fhe
+ filter to.
+ format: int32
+ minimum: 0
+ type: integer
+ operator:
+ description: Filter operation.
+ enum:
+ - Equal
+ - NotEqual
+ - Prefix
+ - NotPrefix
+ - Postfix
+ - NotPostfix
+ - GreaterThan
+ - LessThan
+ - GT
+ - LT
+ - Mask
+ - SPort
+ - NotSPort
+ - SPortPriv
+ - NotSportPriv
+ - DPort
+ - NotDPort
+ - DPortPriv
+ - NotDPortPriv
+ - SAddr
+ - NotSAddr
+ - DAddr
+ - NotDAddr
+ - Protocol
+ - Family
+ - State
+ - InMap
+ - NotInMap
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - index
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ tags:
+ description: Tags to categorize the event, will be include in
+ the event output. Maximum of 16 Tags are supported.
+ items:
+ type: string
+ maxItems: 16
+ type: array
+ required:
+ - hook
+ type: object
+ type: array
options:
description: A list of overloaded options
items:
diff --git a/pkg/k8s/apis/cilium.io/v1alpha1/tracing_policy_types.go b/pkg/k8s/apis/cilium.io/v1alpha1/tracing_policy_types.go
index e1db656a847..36b6d9f9197 100644
--- a/pkg/k8s/apis/cilium.io/v1alpha1/tracing_policy_types.go
+++ b/pkg/k8s/apis/cilium.io/v1alpha1/tracing_policy_types.go
@@ -85,6 +85,9 @@ type TracingPolicySpec struct {
// +kubebuilder:validation:Optional
// A list of uprobe specs.
UProbes []UProbeSpec `json:"uprobes,omitempty"`
+ // +kubebuilder:validation:Optional
+ // A list of uprobe specs.
+ LsmHooks []LsmHookSpec `json:"lsmhooks,omitempty"`
// +kubebuilder:validation:Optional
// PodSelector selects pods that this policy applies to
diff --git a/pkg/k8s/apis/cilium.io/v1alpha1/types.go b/pkg/k8s/apis/cilium.io/v1alpha1/types.go
index e491c37df3e..9d9c7744281 100644
--- a/pkg/k8s/apis/cilium.io/v1alpha1/types.go
+++ b/pkg/k8s/apis/cilium.io/v1alpha1/types.go
@@ -285,6 +285,26 @@ type UProbeSpec struct {
Tags []string `json:"tags,omitempty"`
}
+type LsmHookSpec struct {
+ // Name of the function to apply the kprobe spec to.
+ Hook string `json:"hook"`
+ // +kubebuilder:validation:Optional
+ // A short message of 256 characters max that will be included
+ // in the event output to inform users what is going on.
+ Message string `json:"message"`
+ // +kubebuilder:validation:Optional
+ // A list of function arguments to include in the trace output.
+ Args []KProbeArg `json:"args,omitempty"`
+ // +kubebuilder:validation:Optional
+ // Selectors to apply before producing trace output. Selectors are ORed.
+ Selectors []KProbeSelector `json:"selectors,omitempty"`
+ // +kubebuilder:validation:optional
+ // +kubebuilder:validation:MaxItems=16
+ // Tags to categorize the event, will be include in the event output.
+ // Maximum of 16 Tags are supported.
+ Tags []string `json:"tags,omitempty"`
+}
+
type ListSpec struct {
// Name of the list
Name string `json:"name"`
diff --git a/pkg/k8s/apis/cilium.io/v1alpha1/version.go b/pkg/k8s/apis/cilium.io/v1alpha1/version.go
index 0f2a4026011..203377ec2ee 100644
--- a/pkg/k8s/apis/cilium.io/v1alpha1/version.go
+++ b/pkg/k8s/apis/cilium.io/v1alpha1/version.go
@@ -7,4 +7,4 @@ package v1alpha1
// Used to determine if CRD needs to be updated in cluster
//
// Developers: Bump patch for each change in the CRD schema.
-const CustomResourceDefinitionSchemaVersion = "1.2.0"
+const CustomResourceDefinitionSchemaVersion = "1.2.1"
diff --git a/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go b/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go
index 2dc62a7bb93..afa464eb9be 100644
--- a/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go
@@ -275,6 +275,39 @@ func (in *ListSpec) DeepCopy() *ListSpec {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LsmHookSpec) DeepCopyInto(out *LsmHookSpec) {
+ *out = *in
+ if in.Args != nil {
+ in, out := &in.Args, &out.Args
+ *out = make([]KProbeArg, len(*in))
+ copy(*out, *in)
+ }
+ if in.Selectors != nil {
+ in, out := &in.Selectors, &out.Selectors
+ *out = make([]KProbeSelector, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.Tags != nil {
+ in, out := &in.Tags, &out.Tags
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LsmHookSpec.
+func (in *LsmHookSpec) DeepCopy() *LsmHookSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(LsmHookSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NamespaceChangesSelector) DeepCopyInto(out *NamespaceChangesSelector) {
*out = *in
@@ -647,6 +680,13 @@ func (in *TracingPolicySpec) DeepCopyInto(out *TracingPolicySpec) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
+ if in.LsmHooks != nil {
+ in, out := &in.LsmHooks, &out.LsmHooks
+ *out = make([]LsmHookSpec, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
if in.PodSelector != nil {
in, out := &in.PodSelector, &out.PodSelector
*out = new(v1.LabelSelector)
diff --git a/pkg/sensors/program/loader.go b/pkg/sensors/program/loader.go
index b709f5c711f..69d0d7eb89f 100644
--- a/pkg/sensors/program/loader.go
+++ b/pkg/sensors/program/loader.go
@@ -385,6 +385,8 @@ func TracingAttach() AttachFunc {
func LSMAttach() AttachFunc {
return func(_ *ebpf.Collection, _ *ebpf.CollectionSpec,
prog *ebpf.Program, spec *ebpf.ProgramSpec) (unloader.Unloader, error) {
+
+ logger.GetLogger().Warnf("LSM AttachTo: %s", spec.AttachTo)
linkFn := func() (link.Link, error) {
return link.AttachLSM(link.LSMOptions{
Program: prog,
@@ -623,8 +625,17 @@ func LoadTracingProgram(bpfDir string, load *Program, verbose int) error {
}
func LoadLSMProgram(bpfDir string, load *Program, verbose int) error {
+ var tc tailCall
+ for mName, mPath := range load.PinMap {
+ if mName == "lsm_calls" {
+ tc = tailCall{mPath.PinName, "lsm"}
+ break
+ }
+ }
opts := &LoadOpts{
- Attach: LSMAttach(),
+ Attach: LSMAttach(),
+ TcMap: tc.name,
+ TcPrefix: tc.prefix,
}
return loadProgram(bpfDir, load, opts, verbose)
}
@@ -769,6 +780,9 @@ func doLoadProgram(
refMaps := make(map[string]bool)
for _, prog := range spec.Programs {
+ if prog.AttachType == ebpf.AttachLSMMac {
+ prog.AttachTo = load.Attach
+ }
if prog.SectionName == load.Label {
progSpec = prog
}
diff --git a/pkg/sensors/sensors.go b/pkg/sensors/sensors.go
index e5125207379..e406e924779 100644
--- a/pkg/sensors/sensors.go
+++ b/pkg/sensors/sensors.go
@@ -119,6 +119,7 @@ var (
"raw_tp": program.LoadRawTracepointProgram,
"cgrp_socket": cgroup.LoadCgroupProgram,
"kprobe": program.LoadKprobeProgram,
+ "lsm": program.LoadLSMProgram,
}
)
diff --git a/pkg/sensors/tracing/genericlsm.go b/pkg/sensors/tracing/genericlsm.go
new file mode 100644
index 00000000000..f80f6cb0d5c
--- /dev/null
+++ b/pkg/sensors/tracing/genericlsm.go
@@ -0,0 +1,456 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Tetragon
+
+package tracing
+
+import (
+ "bytes"
+ "encoding/binary"
+ "errors"
+ "fmt"
+ "path"
+
+ "github.com/cilium/ebpf"
+ "github.com/cilium/tetragon/pkg/api/ops"
+ api "github.com/cilium/tetragon/pkg/api/tracingapi"
+ gt "github.com/cilium/tetragon/pkg/generictypes"
+ "github.com/cilium/tetragon/pkg/grpc/tracing"
+ "github.com/cilium/tetragon/pkg/idtable"
+ "github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1"
+ "github.com/cilium/tetragon/pkg/kernels"
+ "github.com/cilium/tetragon/pkg/logger"
+ "github.com/cilium/tetragon/pkg/observer"
+ "github.com/cilium/tetragon/pkg/option"
+ "github.com/cilium/tetragon/pkg/policyfilter"
+ "github.com/cilium/tetragon/pkg/selectors"
+ "github.com/cilium/tetragon/pkg/sensors"
+ "github.com/cilium/tetragon/pkg/sensors/program"
+)
+
+type observerLsmSensor struct {
+ name string
+}
+
+func init() {
+ lsm := &observerLsmSensor{
+ name: "lsm sensor",
+ }
+ sensors.RegisterProbeType("generic_lsm", lsm)
+ observer.RegisterEventHandlerAtInit(ops.MSG_OP_GENERIC_LSM, handleGenericLsm)
+}
+
+var (
+ // genericLsmTable is a global table that maintains information for
+ // generic LSM hooks
+ genericLsmTable idtable.Table
+)
+
+type genericLsm struct {
+ tableId idtable.EntryID
+ pinPathPrefix string
+ config *api.EventConfig
+ hook string
+ selectors *selectors.KernelSelectorState
+ // policyName is the name of the policy that this uprobe belongs to
+ policyName string
+ // message field of the Tracing Policy
+ message string
+ // argument data printers
+ argPrinters []argPrinter
+ // tags field of the Tracing Policy
+ tags []string
+}
+
+func (g *genericLsm) SetID(id idtable.EntryID) {
+ g.tableId = id
+}
+
+func genericLsmTableGet(id idtable.EntryID) (*genericLsm, error) {
+ entry, err := genericLsmTable.GetEntry(id)
+ if err != nil {
+ return nil, fmt.Errorf("getting entry from genericLsmTable failed with: %w", err)
+ }
+ val, ok := entry.(*genericLsm)
+ if !ok {
+ return nil, fmt.Errorf("getting entry from genericLsmTable failed with: got invalid type: %T (%v)", entry, entry)
+ }
+ return val, nil
+}
+
+func (k *observerLsmSensor) LoadProbe(args sensors.LoadProbeArgs) error {
+ if id, ok := args.Load.LoaderData.(idtable.EntryID); ok {
+ gl, err := genericLsmTableGet(id)
+ if err != nil {
+ return err
+ }
+ args.Load.MapLoad = append(args.Load.MapLoad, selectorsMaploads(gl.selectors, gl.pinPathPrefix, 0)...)
+ var configData bytes.Buffer
+ binary.Write(&configData, binary.LittleEndian, gl.config)
+ config := &program.MapLoad{
+ Index: 0,
+ Name: "config_map",
+ Load: func(m *ebpf.Map, index uint32) error {
+ return m.Update(index, configData.Bytes()[:], ebpf.UpdateAny)
+ },
+ }
+ args.Load.MapLoad = append(args.Load.MapLoad, config)
+
+ if err := program.LoadLSMProgram(args.BPFDir, args.Load, args.Verbose); err == nil {
+ logger.GetLogger().Infof("Loaded generic LSM program: %s -> %s", args.Load.Name, args.Load.Attach)
+ } else {
+ return err
+ }
+ } else {
+ return fmt.Errorf("invalid loadData type: expecting idtable.EntryID/[] and got: %T (%v)",
+ args.Load.LoaderData, args.Load.LoaderData)
+ }
+ return nil
+}
+
+func handleGenericLsm(r *bytes.Reader) ([]observer.Event, error) {
+ m := api.MsgGenericKprobe{}
+ err := binary.Read(r, binary.LittleEndian, &m)
+ if err != nil {
+ logger.GetLogger().WithError(err).Warnf("Failed to read process call msg")
+ return nil, fmt.Errorf("Failed to read process call msg")
+ }
+
+ gl, err := genericLsmTableGet(idtable.EntryID{ID: int(m.FuncId)})
+ if err != nil {
+ logger.GetLogger().WithError(err).Warnf("Failed to match id:%d", m.FuncId)
+ return nil, fmt.Errorf("Failed to match id")
+ }
+
+ unix := &tracing.MsgGenericLsmUnix{}
+ unix.Msg = &m
+ unix.Hook = gl.hook
+ unix.PolicyName = gl.policyName
+ unix.Message = gl.message
+ unix.Tags = gl.tags
+
+ printers := gl.argPrinters
+
+ // Get argument objects for specific printers/types
+ for _, a := range printers {
+ arg := getArg(r, a)
+ // nop or unknown type (already logged)
+ if arg == nil {
+ continue
+ }
+ unix.Args = append(unix.Args, arg)
+ }
+
+ return []observer.Event{unix}, err
+}
+
+func isValidLsmSelectors(selectors []v1alpha1.KProbeSelector) error {
+ for _, s := range selectors {
+ if len(s.MatchReturnArgs) > 0 {
+ return fmt.Errorf("MatchReturnArgs selector is not supported")
+ }
+ }
+ return nil
+}
+
+type addLsmIn struct {
+ sensorPath string
+ policyName string
+ policyID policyfilter.PolicyID
+ selMaps *selectors.KernelSelectorMaps
+}
+
+func addLsm(f *v1alpha1.LsmHookSpec, in *addLsmIn) (id idtable.EntryID, err error) {
+ var argSigPrinters []argPrinter
+ var argsBTFSet [api.MaxArgsSupported]bool
+
+ errFn := func(err error) (idtable.EntryID, error) {
+ return idtable.UninitializedEntryID, err
+ }
+
+ if err := isValidLsmSelectors(f.Selectors); err != nil {
+ return errFn(err)
+ }
+
+ config := &api.EventConfig{}
+ config.PolicyID = uint32(in.policyID)
+
+ msgField, err := getPolicyMessage(f.Message)
+ if errors.Is(err, ErrMsgSyntaxShort) || errors.Is(err, ErrMsgSyntaxEscape) {
+ return errFn(fmt.Errorf("Error: '%v'", err))
+ } else if errors.Is(err, ErrMsgSyntaxLong) {
+ logger.GetLogger().WithField("policy-name", in.policyName).Warnf("TracingPolicy 'message' field too long, truncated to %d characters", TpMaxMessageLen)
+ }
+
+ tagsField, err := getPolicyTags(f.Tags)
+ if err != nil {
+ return errFn(fmt.Errorf("Error: '%v'", err))
+ }
+
+ // Parse Arguments
+ for j, a := range f.Args {
+ argType := gt.GenericTypeFromString(a.Type)
+ if argType == gt.GenericInvalidType {
+ return errFn(fmt.Errorf("Arg(%d) type '%s' unsupported", j, a.Type))
+ }
+ if a.MaxData {
+ if argType != gt.GenericCharBuffer {
+ logger.GetLogger().Warnf("maxData flag is ignored (supported for char_buf type)")
+ }
+ if !kernels.EnableLargeProgs() {
+ logger.GetLogger().Warnf("maxData flag is ignored (supported from large programs)")
+ }
+ }
+ argMValue, err := getMetaValue(&a)
+ if err != nil {
+ return errFn(err)
+ }
+ if a.Index > 4 {
+ return errFn(fmt.Errorf("Error add arg: ArgType %s Index %d out of bounds",
+ a.Type, int(a.Index)))
+ }
+ config.Arg[a.Index] = int32(argType)
+ config.ArgM[a.Index] = uint32(argMValue)
+
+ argsBTFSet[a.Index] = true
+ argP := argPrinter{index: j, ty: argType, maxData: a.MaxData, label: a.Label}
+ argSigPrinters = append(argSigPrinters, argP)
+ }
+
+ config.ArgReturn = int32(0)
+ config.ArgReturnCopy = int32(0)
+
+ // Mark remaining arguments as 'nops' the kernel side will skip
+ // copying 'nop' args.
+ for j, a := range argsBTFSet {
+ if !a {
+ if j != api.ReturnArgIndex {
+ config.Arg[j] = gt.GenericNopType
+ config.ArgM[j] = 0
+ }
+ }
+ }
+
+ config.Syscall = 0
+
+ // create a new entry on the table, and pass its id to BPF-side
+ // so that we can do the matching at event-generation time
+ lsmEntry := genericLsm{
+ config: config,
+ argPrinters: argSigPrinters,
+ hook: f.Hook,
+ tableId: idtable.UninitializedEntryID,
+ policyName: in.policyName,
+ message: msgField,
+ tags: tagsField,
+ }
+
+ // Parse Filters into kernel filter logic
+ lsmEntry.selectors, err = selectors.InitKernelSelectorState(f.Selectors, f.Args, nil, nil, in.selMaps)
+ if err != nil {
+ return errFn(err)
+ }
+
+ genericLsmTable.AddEntry(&lsmEntry)
+ config.FuncId = uint32(lsmEntry.tableId.ID)
+
+ lsmEntry.pinPathPrefix = sensors.PathJoin(in.sensorPath, fmt.Sprintf("glsm-%d", lsmEntry.tableId.ID))
+
+ logger.GetLogger().
+ WithField("hook", lsmEntry.hook).
+ Infof("Added lsm Hook")
+
+ return lsmEntry.tableId, nil
+}
+
+func createGenericLsmSensor(
+ spec *v1alpha1.TracingPolicySpec,
+ name string,
+ policyID policyfilter.PolicyID,
+ policyName string,
+) (*sensors.Sensor, error) {
+ var progs []*program.Program
+ var maps []*program.Map
+ var ids []idtable.EntryID
+ var selMaps *selectors.KernelSelectorMaps
+ var err error
+
+ lsmHooks := spec.LsmHooks
+
+ in := addLsmIn{
+ sensorPath: name,
+ policyID: policyID,
+ policyName: policyName,
+ selMaps: selMaps,
+ }
+
+ for _, hook := range lsmHooks {
+ id, err := addLsm(&hook, &in)
+ if err != nil {
+ return nil, err
+ }
+ ids = append(ids, id)
+ }
+
+ for _, id := range ids {
+ gl, err := genericLsmTableGet(id)
+ if err != nil {
+ return nil, err
+ }
+ progs, maps = createLsmSensorFromEntry(gl, in.sensorPath, progs, maps)
+ }
+
+ if err != nil {
+ return nil, err
+ }
+
+ return &sensors.Sensor{
+ Name: name,
+ Progs: progs,
+ Maps: maps,
+ DestroyHook: func() error {
+ var errs error
+ for _, id := range ids {
+ _, err := genericLsmTable.RemoveEntry(id)
+ if err != nil {
+ errs = errors.Join(errs, err)
+ }
+ }
+ return errs
+ },
+ }, nil
+}
+
+func createLsmSensorFromEntry(lsmEntry *genericLsm, sensorPath string,
+ progs []*program.Program, maps []*program.Map) ([]*program.Program, []*program.Map) {
+
+ loadProgName := "bpf_generic_lsm_v61.o"
+ /*if kernels.EnableV61Progs() {
+ loadProgName = "bpf_generic_uprobe_v61.o"
+ } else if kernels.EnableLargeProgs() {
+ loadProgName = "bpf_generic_uprobe_v53.o"
+ }*/
+
+ pinPath := lsmEntry.pinPathPrefix
+ pinProg := sensors.PathJoin(pinPath, fmt.Sprintf("%s_prog", lsmEntry.hook))
+
+ load := program.Builder(
+ path.Join(option.Config.HubbleLib, loadProgName),
+ lsmEntry.hook,
+ "lsm/generic_lsm",
+ pinProg,
+ "generic_lsm").
+ SetLoaderData(lsmEntry.tableId)
+ progs = append(progs, load)
+
+ fdinstall := program.MapBuilderPin("fdinstall_map", sensors.PathJoin(sensorPath, "fdinstall_map"), load)
+ maps = append(maps, fdinstall)
+
+ configMap := program.MapBuilderPin("config_map", sensors.PathJoin(pinPath, "config_map"), load)
+ maps = append(maps, configMap)
+
+ tailCalls := program.MapBuilderPin("lsm_calls", sensors.PathJoin(pinPath, "lsm_calls"), load)
+ maps = append(maps, tailCalls)
+
+ filterMap := program.MapBuilderPin("filter_map", sensors.PathJoin(pinPath, "filter_map"), load)
+ maps = append(maps, filterMap)
+
+ maps = append(maps, filterMapsForLsm(load, pinPath, lsmEntry)...)
+
+ callHeap := program.MapBuilderPin("process_call_heap", sensors.PathJoin(pinPath, "process_call_heap"), load)
+ maps = append(maps, callHeap)
+
+ selMatchBinariesMap := program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), load)
+ maps = append(maps, selMatchBinariesMap)
+
+ matchBinariesPaths := program.MapBuilderPin("tg_mb_paths", sensors.PathJoin(pinPath, "tg_mb_paths"), load)
+ if !kernels.MinKernelVersion("5.9") {
+ // Versions before 5.9 do not allow inner maps to have different sizes.
+ // See: https://lore.kernel.org/bpf/20200828011800.1970018-1-kafai@fb.com/
+ matchBinariesPaths.SetInnerMaxEntries(lsmEntry.selectors.MatchBinariesPathsMaxEntries())
+ }
+ maps = append(maps, matchBinariesPaths)
+
+ stackTraceMap := program.MapBuilderPin("stack_trace_map", sensors.PathJoin(pinPath, "stack_trace_map"), load)
+ maps = append(maps, stackTraceMap)
+
+ if kernels.EnableLargeProgs() {
+ socktrack := program.MapBuilderPin("socktrack_map", sensors.PathJoin(sensorPath, "socktrack_map"), load)
+ maps = append(maps, socktrack)
+ }
+
+ enforcerDataMap := enforcerMap(lsmEntry.policyName, load)
+ maps = append(maps, enforcerDataMap)
+
+ logger.GetLogger().
+ Infof("Added generic lsm sensor: %s -> %s", load.Name, load.Attach)
+ return progs, maps
+}
+
+func filterMapsForLsm(load *program.Program, pinPath string, lsmEntry *genericLsm) []*program.Map {
+ var maps []*program.Map
+
+ argFilterMaps := program.MapBuilderPin("argfilter_maps", sensors.PathJoin(pinPath, "argfilter_maps"), load)
+ if !kernels.MinKernelVersion("5.9") {
+ // Versions before 5.9 do not allow inner maps to have different sizes.
+ // See: https://lore.kernel.org/bpf/20200828011800.1970018-1-kafai@fb.com/
+ maxEntries := lsmEntry.selectors.ValueMapsMaxEntries()
+ argFilterMaps.SetInnerMaxEntries(maxEntries)
+ }
+ maps = append(maps, argFilterMaps)
+
+ addr4FilterMaps := program.MapBuilderPin("addr4lpm_maps", sensors.PathJoin(pinPath, "addr4lpm_maps"), load)
+ if !kernels.MinKernelVersion("5.9") {
+ // Versions before 5.9 do not allow inner maps to have different sizes.
+ // See: https://lore.kernel.org/bpf/20200828011800.1970018-1-kafai@fb.com/
+ maxEntries := lsmEntry.selectors.Addr4MapsMaxEntries()
+ addr4FilterMaps.SetInnerMaxEntries(maxEntries)
+ }
+ maps = append(maps, addr4FilterMaps)
+
+ addr6FilterMaps := program.MapBuilderPin("addr6lpm_maps", sensors.PathJoin(pinPath, "addr6lpm_maps"), load)
+ if !kernels.MinKernelVersion("5.9") {
+ // Versions before 5.9 do not allow inner maps to have different sizes.
+ // See: https://lore.kernel.org/bpf/20200828011800.1970018-1-kafai@fb.com/
+ maxEntries := lsmEntry.selectors.Addr6MapsMaxEntries()
+ addr6FilterMaps.SetInnerMaxEntries(maxEntries)
+ }
+ maps = append(maps, addr6FilterMaps)
+
+ var stringFilterMap [selectors.StringMapsNumSubMaps]*program.Map
+ numSubMaps := selectors.StringMapsNumSubMaps
+ if !kernels.MinKernelVersion("5.11") {
+ numSubMaps = selectors.StringMapsNumSubMapsSmall
+ }
+
+ for string_map_index := 0; string_map_index < numSubMaps; string_map_index++ {
+ stringFilterMap[string_map_index] = program.MapBuilderPin(fmt.Sprintf("string_maps_%d", string_map_index),
+ sensors.PathJoin(pinPath, fmt.Sprintf("string_maps_%d", string_map_index)), load)
+ if !kernels.MinKernelVersion("5.9") {
+ // Versions before 5.9 do not allow inner maps to have different sizes.
+ // See: https://lore.kernel.org/bpf/20200828011800.1970018-1-kafai@fb.com/
+ maxEntries := lsmEntry.selectors.StringMapsMaxEntries(string_map_index)
+ stringFilterMap[string_map_index].SetInnerMaxEntries(maxEntries)
+ }
+ maps = append(maps, stringFilterMap[string_map_index])
+ }
+
+ stringPrefixFilterMaps := program.MapBuilderPin("string_prefix_maps", sensors.PathJoin(pinPath, "string_prefix_maps"), load)
+ if !kernels.MinKernelVersion("5.9") {
+ // Versions before 5.9 do not allow inner maps to have different sizes.
+ // See: https://lore.kernel.org/bpf/20200828011800.1970018-1-kafai@fb.com/
+ maxEntries := lsmEntry.selectors.StringPrefixMapsMaxEntries()
+ stringPrefixFilterMaps.SetInnerMaxEntries(maxEntries)
+ }
+ maps = append(maps, stringPrefixFilterMaps)
+
+ stringPostfixFilterMaps := program.MapBuilderPin("string_postfix_maps", sensors.PathJoin(pinPath, "string_postfix_maps"), load)
+ if !kernels.MinKernelVersion("5.9") {
+ // Versions before 5.9 do not allow inner maps to have different sizes.
+ // See: https://lore.kernel.org/bpf/20200828011800.1970018-1-kafai@fb.com/
+ maxEntries := lsmEntry.selectors.StringPostfixMapsMaxEntries()
+ stringPostfixFilterMaps.SetInnerMaxEntries(maxEntries)
+ }
+ maps = append(maps, stringPostfixFilterMaps)
+
+ return maps
+}
diff --git a/pkg/sensors/tracing/policyhandler.go b/pkg/sensors/tracing/policyhandler.go
index e29aebc02e0..e3138f998c4 100644
--- a/pkg/sensors/tracing/policyhandler.go
+++ b/pkg/sensors/tracing/policyhandler.go
@@ -44,5 +44,9 @@ func (h policyHandler) PolicyHandler(
name := fmt.Sprintf("gtp-sensor-%d", atomic.AddUint64(&sensorCounter, 1))
return createGenericTracepointSensor(name, spec.Tracepoints, policyID, policyName, spec.Lists, handler)
}
+ if len(spec.LsmHooks) > 0 {
+ name := fmt.Sprintf("glsm-sensor-%d", atomic.AddUint64(&sensorCounter, 1))
+ return createGenericLsmSensor(spec, name, policyID, policyName)
+ }
return nil, nil
}
diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go b/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go
index 7d5f8e8c5ca..b2fb69ede6e 100644
--- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go
+++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go
@@ -274,6 +274,8 @@ func CheckerFromEvent(event Event) (EventChecker, error) {
return NewProcessTracepointChecker("").FromProcessTracepoint(ev), nil
case *tetragon.ProcessUprobe:
return NewProcessUprobeChecker("").FromProcessUprobe(ev), nil
+ case *tetragon.ProcessLsm:
+ return NewProcessLsmChecker("").FromProcessLsm(ev), nil
case *tetragon.Test:
return NewTestChecker("").FromTest(ev), nil
case *tetragon.ProcessLoader:
@@ -336,6 +338,8 @@ func EventFromResponse(response *tetragon.GetEventsResponse) (Event, error) {
return ev.ProcessTracepoint, nil
case *tetragon.GetEventsResponse_ProcessUprobe:
return ev.ProcessUprobe, nil
+ case *tetragon.GetEventsResponse_ProcessLsm:
+ return ev.ProcessLsm, nil
case *tetragon.GetEventsResponse_Test:
return ev.Test, nil
case *tetragon.GetEventsResponse_ProcessLoader:
@@ -1662,6 +1666,197 @@ func (checker *ProcessUprobeChecker) FromProcessUprobe(event *tetragon.ProcessUp
return checker
}
+// ProcessLsmChecker implements a checker struct to check a ProcessLsm event
+type ProcessLsmChecker struct {
+ CheckerName string `json:"checkerName"`
+ Process *ProcessChecker `json:"process,omitempty"`
+ Parent *ProcessChecker `json:"parent,omitempty"`
+ FunctionName *stringmatcher.StringMatcher `json:"functionName,omitempty"`
+ PolicyName *stringmatcher.StringMatcher `json:"policyName,omitempty"`
+ Message *stringmatcher.StringMatcher `json:"message,omitempty"`
+ Args *KprobeArgumentListMatcher `json:"args,omitempty"`
+ Action *KprobeActionChecker `json:"action,omitempty"`
+ Tags *StringListMatcher `json:"tags,omitempty"`
+}
+
+// CheckEvent checks a single event and implements the EventChecker interface
+func (checker *ProcessLsmChecker) CheckEvent(event Event) error {
+ if ev, ok := event.(*tetragon.ProcessLsm); ok {
+ return checker.Check(ev)
+ }
+ return fmt.Errorf("%s: %T is not a ProcessLsm event", CheckerLogPrefix(checker), event)
+}
+
+// CheckResponse checks a single gRPC response and implements the EventChecker interface
+func (checker *ProcessLsmChecker) CheckResponse(response *tetragon.GetEventsResponse) error {
+ event, err := EventFromResponse(response)
+ if err != nil {
+ return err
+ }
+ return checker.CheckEvent(event)
+}
+
+// NewProcessLsmChecker creates a new ProcessLsmChecker
+func NewProcessLsmChecker(name string) *ProcessLsmChecker {
+ return &ProcessLsmChecker{CheckerName: name}
+}
+
+// Get the name associated with the checker
+func (checker *ProcessLsmChecker) GetCheckerName() string {
+ return checker.CheckerName
+}
+
+// Get the type of the checker as a string
+func (checker *ProcessLsmChecker) GetCheckerType() string {
+ return "ProcessLsmChecker"
+}
+
+// Check checks a ProcessLsm event
+func (checker *ProcessLsmChecker) Check(event *tetragon.ProcessLsm) error {
+ if event == nil {
+ return fmt.Errorf("%s: ProcessLsm event is nil", CheckerLogPrefix(checker))
+ }
+
+ fieldChecks := func() error {
+ if checker.Process != nil {
+ if err := checker.Process.Check(event.Process); err != nil {
+ return fmt.Errorf("Process check failed: %w", err)
+ }
+ }
+ if checker.Parent != nil {
+ if err := checker.Parent.Check(event.Parent); err != nil {
+ return fmt.Errorf("Parent check failed: %w", err)
+ }
+ }
+ if checker.FunctionName != nil {
+ if err := checker.FunctionName.Match(event.FunctionName); err != nil {
+ return fmt.Errorf("FunctionName check failed: %w", err)
+ }
+ }
+ if checker.PolicyName != nil {
+ if err := checker.PolicyName.Match(event.PolicyName); err != nil {
+ return fmt.Errorf("PolicyName check failed: %w", err)
+ }
+ }
+ if checker.Message != nil {
+ if err := checker.Message.Match(event.Message); err != nil {
+ return fmt.Errorf("Message check failed: %w", err)
+ }
+ }
+ if checker.Args != nil {
+ if err := checker.Args.Check(event.Args); err != nil {
+ return fmt.Errorf("Args check failed: %w", err)
+ }
+ }
+ if checker.Action != nil {
+ if err := checker.Action.Check(&event.Action); err != nil {
+ return fmt.Errorf("Action check failed: %w", err)
+ }
+ }
+ if checker.Tags != nil {
+ if err := checker.Tags.Check(event.Tags); err != nil {
+ return fmt.Errorf("Tags check failed: %w", err)
+ }
+ }
+ return nil
+ }
+ if err := fieldChecks(); err != nil {
+ return fmt.Errorf("%s: %w", CheckerLogPrefix(checker), err)
+ }
+ return nil
+}
+
+// WithProcess adds a Process check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithProcess(check *ProcessChecker) *ProcessLsmChecker {
+ checker.Process = check
+ return checker
+}
+
+// WithParent adds a Parent check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithParent(check *ProcessChecker) *ProcessLsmChecker {
+ checker.Parent = check
+ return checker
+}
+
+// WithFunctionName adds a FunctionName check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithFunctionName(check *stringmatcher.StringMatcher) *ProcessLsmChecker {
+ checker.FunctionName = check
+ return checker
+}
+
+// WithPolicyName adds a PolicyName check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithPolicyName(check *stringmatcher.StringMatcher) *ProcessLsmChecker {
+ checker.PolicyName = check
+ return checker
+}
+
+// WithMessage adds a Message check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithMessage(check *stringmatcher.StringMatcher) *ProcessLsmChecker {
+ checker.Message = check
+ return checker
+}
+
+// WithArgs adds a Args check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithArgs(check *KprobeArgumentListMatcher) *ProcessLsmChecker {
+ checker.Args = check
+ return checker
+}
+
+// WithAction adds a Action check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithAction(check tetragon.KprobeAction) *ProcessLsmChecker {
+ wrappedCheck := KprobeActionChecker(check)
+ checker.Action = &wrappedCheck
+ return checker
+}
+
+// WithTags adds a Tags check to the ProcessLsmChecker
+func (checker *ProcessLsmChecker) WithTags(check *StringListMatcher) *ProcessLsmChecker {
+ checker.Tags = check
+ return checker
+}
+
+//FromProcessLsm populates the ProcessLsmChecker using data from a ProcessLsm event
+func (checker *ProcessLsmChecker) FromProcessLsm(event *tetragon.ProcessLsm) *ProcessLsmChecker {
+ if event == nil {
+ return checker
+ }
+ if event.Process != nil {
+ checker.Process = NewProcessChecker().FromProcess(event.Process)
+ }
+ if event.Parent != nil {
+ checker.Parent = NewProcessChecker().FromProcess(event.Parent)
+ }
+ checker.FunctionName = stringmatcher.Full(event.FunctionName)
+ checker.PolicyName = stringmatcher.Full(event.PolicyName)
+ checker.Message = stringmatcher.Full(event.Message)
+ {
+ var checks []*KprobeArgumentChecker
+ for _, check := range event.Args {
+ var convertedCheck *KprobeArgumentChecker
+ if check != nil {
+ convertedCheck = NewKprobeArgumentChecker().FromKprobeArgument(check)
+ }
+ checks = append(checks, convertedCheck)
+ }
+ lm := NewKprobeArgumentListMatcher().WithOperator(listmatcher.Ordered).
+ WithValues(checks...)
+ checker.Args = lm
+ }
+ checker.Action = NewKprobeActionChecker(event.Action)
+ {
+ var checks []*stringmatcher.StringMatcher
+ for _, check := range event.Tags {
+ var convertedCheck *stringmatcher.StringMatcher
+ convertedCheck = stringmatcher.Full(check)
+ checks = append(checks, convertedCheck)
+ }
+ lm := NewStringListMatcher().WithOperator(listmatcher.Ordered).
+ WithValues(checks...)
+ checker.Tags = lm
+ }
+ return checker
+}
+
// TestChecker implements a checker struct to check a Test event
type TestChecker struct {
CheckerName string `json:"checkerName"`
diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker/yaml/yaml.pb.go b/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker/yaml/yaml.pb.go
index f3ff5347a95..61eb2b0452a 100644
--- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker/yaml/yaml.pb.go
+++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker/yaml/yaml.pb.go
@@ -145,6 +145,7 @@ type eventCheckerHelper struct {
ProcessKprobe *eventchecker.ProcessKprobeChecker `json:"kprobe,omitempty"`
ProcessTracepoint *eventchecker.ProcessTracepointChecker `json:"tracepoint,omitempty"`
ProcessUprobe *eventchecker.ProcessUprobeChecker `json:"uprobe,omitempty"`
+ ProcessLsm *eventchecker.ProcessLsmChecker `json:"lsm,omitempty"`
Test *eventchecker.TestChecker `json:"test,omitempty"`
ProcessLoader *eventchecker.ProcessLoaderChecker `json:"loader,omitempty"`
RateLimitInfo *eventchecker.RateLimitInfoChecker `json:"rateLimitInfo,omitempty"`
@@ -193,6 +194,12 @@ func (checker *EventChecker) UnmarshalJSON(b []byte) error {
}
eventChecker = helper.ProcessUprobe
}
+ if helper.ProcessLsm != nil {
+ if eventChecker != nil {
+ return fmt.Errorf("EventChecker: cannot define more than one checker, got %T but already had %T", helper.ProcessLsm, eventChecker)
+ }
+ eventChecker = helper.ProcessLsm
+ }
if helper.Test != nil {
if eventChecker != nil {
return fmt.Errorf("EventChecker: cannot define more than one checker, got %T but already had %T", helper.Test, eventChecker)
@@ -235,6 +242,8 @@ func (checker EventChecker) MarshalJSON() ([]byte, error) {
helper.ProcessTracepoint = c
case *eventchecker.ProcessUprobeChecker:
helper.ProcessUprobe = c
+ case *eventchecker.ProcessLsmChecker:
+ helper.ProcessLsm = c
case *eventchecker.TestChecker:
helper.Test = c
case *eventchecker.ProcessLoaderChecker:
diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/helpers/helpers.pb.go b/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/helpers/helpers.pb.go
index 55f80b413ef..f4a241432a0 100644
--- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/helpers/helpers.pb.go
+++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/codegen/helpers/helpers.pb.go
@@ -34,6 +34,8 @@ func ResponseTypeString(response *tetragon.GetEventsResponse) (string, error) {
return tetragon.EventType_PROCESS_LOADER.String(), nil
case *tetragon.GetEventsResponse_ProcessUprobe:
return tetragon.EventType_PROCESS_UPROBE.String(), nil
+ case *tetragon.GetEventsResponse_ProcessLsm:
+ return tetragon.EventType_PROCESS_LSM.String(), nil
case *tetragon.GetEventsResponse_ProcessThrottle:
return tetragon.EventType_PROCESS_THROTTLE.String(), nil
case *tetragon.GetEventsResponse_Test:
@@ -72,6 +74,8 @@ func ResponseInnerGetProcess(event tetragon.IsGetEventsResponse_Event) *tetragon
return ev.ProcessTracepoint.Process
case *tetragon.GetEventsResponse_ProcessUprobe:
return ev.ProcessUprobe.Process
+ case *tetragon.GetEventsResponse_ProcessLsm:
+ return ev.ProcessLsm.Process
case *tetragon.GetEventsResponse_ProcessLoader:
return ev.ProcessLoader.Process
@@ -115,6 +119,8 @@ func ResponseInnerGetParent(event tetragon.IsGetEventsResponse_Event) *tetragon.
return ev.ProcessTracepoint.Parent
case *tetragon.GetEventsResponse_ProcessUprobe:
return ev.ProcessUprobe.Parent
+ case *tetragon.GetEventsResponse_ProcessLsm:
+ return ev.ProcessLsm.Parent
}
return nil
diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go b/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go
index f11dc36ba6c..b903f651925 100644
--- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go
+++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.pb.go
@@ -41,6 +41,7 @@ const (
EventType_PROCESS_TRACEPOINT EventType = 10
EventType_PROCESS_LOADER EventType = 11
EventType_PROCESS_UPROBE EventType = 12
+ EventType_PROCESS_LSM EventType = 13
EventType_PROCESS_THROTTLE EventType = 27
EventType_TEST EventType = 40000
EventType_RATE_LIMIT_INFO EventType = 40001
@@ -56,6 +57,7 @@ var (
10: "PROCESS_TRACEPOINT",
11: "PROCESS_LOADER",
12: "PROCESS_UPROBE",
+ 13: "PROCESS_LSM",
27: "PROCESS_THROTTLE",
40000: "TEST",
40001: "RATE_LIMIT_INFO",
@@ -68,6 +70,7 @@ var (
"PROCESS_TRACEPOINT": 10,
"PROCESS_LOADER": 11,
"PROCESS_UPROBE": 12,
+ "PROCESS_LSM": 13,
"PROCESS_THROTTLE": 27,
"TEST": 40000,
"RATE_LIMIT_INFO": 40001,
@@ -944,6 +947,7 @@ type GetEventsResponse struct {
// *GetEventsResponse_ProcessTracepoint
// *GetEventsResponse_ProcessLoader
// *GetEventsResponse_ProcessUprobe
+ // *GetEventsResponse_ProcessLsm
// *GetEventsResponse_ProcessThrottle
// *GetEventsResponse_Test
// *GetEventsResponse_RateLimitInfo
@@ -1040,6 +1044,13 @@ func (x *GetEventsResponse) GetProcessUprobe() *ProcessUprobe {
return nil
}
+func (x *GetEventsResponse) GetProcessLsm() *ProcessLsm {
+ if x, ok := x.GetEvent().(*GetEventsResponse_ProcessLsm); ok {
+ return x.ProcessLsm
+ }
+ return nil
+}
+
func (x *GetEventsResponse) GetProcessThrottle() *ProcessThrottle {
if x, ok := x.GetEvent().(*GetEventsResponse_ProcessThrottle); ok {
return x.ProcessThrottle
@@ -1117,6 +1128,10 @@ type GetEventsResponse_ProcessUprobe struct {
ProcessUprobe *ProcessUprobe `protobuf:"bytes,12,opt,name=process_uprobe,json=processUprobe,proto3,oneof"`
}
+type GetEventsResponse_ProcessLsm struct {
+ ProcessLsm *ProcessLsm `protobuf:"bytes,13,opt,name=process_lsm,json=processLsm,proto3,oneof"`
+}
+
type GetEventsResponse_ProcessThrottle struct {
ProcessThrottle *ProcessThrottle `protobuf:"bytes,27,opt,name=process_throttle,json=processThrottle,proto3,oneof"`
}
@@ -1141,6 +1156,8 @@ func (*GetEventsResponse_ProcessLoader) isGetEventsResponse_Event() {}
func (*GetEventsResponse_ProcessUprobe) isGetEventsResponse_Event() {}
+func (*GetEventsResponse_ProcessLsm) isGetEventsResponse_Event() {}
+
func (*GetEventsResponse_ProcessThrottle) isGetEventsResponse_Event() {}
func (*GetEventsResponse_Test) isGetEventsResponse_Event() {}
@@ -1274,7 +1291,7 @@ var file_tetragon_events_proto_rawDesc = []byte{
0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e,
0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79,
0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x02, 0x20, 0x01,
- 0x28, 0x09, 0x52, 0x06, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xf3, 0x05, 0x0a, 0x11, 0x47,
+ 0x28, 0x09, 0x52, 0x06, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xac, 0x06, 0x0a, 0x11, 0x47,
0x65, 0x74, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
0x12, 0x3a, 0x0a, 0x0c, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x65, 0x78, 0x65, 0x63,
0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f,
@@ -1300,49 +1317,54 @@ var file_tetragon_events_proto_rawDesc = []byte{
0x6f, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x75, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x18, 0x0c, 0x20, 0x01,
0x28, 0x0b, 0x32, 0x17, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72,
0x6f, 0x63, 0x65, 0x73, 0x73, 0x55, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x48, 0x00, 0x52, 0x0d, 0x70,
- 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x55, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x46, 0x0a, 0x10,
- 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65,
- 0x18, 0x1b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f,
- 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c,
- 0x65, 0x48, 0x00, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x6f,
- 0x74, 0x74, 0x6c, 0x65, 0x12, 0x26, 0x0a, 0x04, 0x74, 0x65, 0x73, 0x74, 0x18, 0xc0, 0xb8, 0x02,
- 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e,
- 0x54, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x04, 0x74, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, 0x0f,
- 0x72, 0x61, 0x74, 0x65, 0x5f, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18,
- 0xc1, 0xb8, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67,
- 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, 0x66, 0x6f,
- 0x48, 0x00, 0x52, 0x0d, 0x72, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, 0x66,
- 0x6f, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0xe8,
- 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x6f, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12,
- 0x2f, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0xe9, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
- 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
- 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65,
- 0x12, 0x45, 0x0a, 0x10, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
- 0x69, 0x6e, 0x66, 0x6f, 0x18, 0xea, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65,
- 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x41, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69,
- 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74,
- 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x42, 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74,
- 0x2a, 0xc7, 0x01, 0x0a, 0x09, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x09,
- 0x0a, 0x05, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f,
- 0x43, 0x45, 0x53, 0x53, 0x5f, 0x45, 0x58, 0x45, 0x43, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x50,
- 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x45, 0x58, 0x49, 0x54, 0x10, 0x05, 0x12, 0x12, 0x0a,
- 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x10,
- 0x09, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x54, 0x52, 0x41,
- 0x43, 0x45, 0x50, 0x4f, 0x49, 0x4e, 0x54, 0x10, 0x0a, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f,
- 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4c, 0x4f, 0x41, 0x44, 0x45, 0x52, 0x10, 0x0b, 0x12, 0x12, 0x0a,
- 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x55, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x10,
- 0x0c, 0x12, 0x14, 0x0a, 0x10, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x54, 0x48, 0x52,
- 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x10, 0x1b, 0x12, 0x0a, 0x0a, 0x04, 0x54, 0x45, 0x53, 0x54, 0x10,
- 0xc0, 0xb8, 0x02, 0x12, 0x15, 0x0a, 0x0f, 0x52, 0x41, 0x54, 0x45, 0x5f, 0x4c, 0x49, 0x4d, 0x49,
- 0x54, 0x5f, 0x49, 0x4e, 0x46, 0x4f, 0x10, 0xc1, 0xb8, 0x02, 0x2a, 0x2d, 0x0a, 0x11, 0x46, 0x69,
- 0x65, 0x6c, 0x64, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12,
- 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x43, 0x4c, 0x55, 0x44, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07,
- 0x45, 0x58, 0x43, 0x4c, 0x55, 0x44, 0x45, 0x10, 0x01, 0x2a, 0x4b, 0x0a, 0x0c, 0x54, 0x68, 0x72,
- 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x48, 0x52,
- 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12,
- 0x12, 0x0a, 0x0e, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x52,
- 0x54, 0x10, 0x01, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f,
- 0x53, 0x54, 0x4f, 0x50, 0x10, 0x02, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+ 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x55, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x37, 0x0a, 0x0b,
+ 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6c, 0x73, 0x6d, 0x18, 0x0d, 0x20, 0x01, 0x28,
+ 0x0b, 0x32, 0x14, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f,
+ 0x63, 0x65, 0x73, 0x73, 0x4c, 0x73, 0x6d, 0x48, 0x00, 0x52, 0x0a, 0x70, 0x72, 0x6f, 0x63, 0x65,
+ 0x73, 0x73, 0x4c, 0x73, 0x6d, 0x12, 0x46, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73,
+ 0x5f, 0x74, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x0b, 0x32,
+ 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65,
+ 0x73, 0x73, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x48, 0x00, 0x52, 0x0f, 0x70, 0x72,
+ 0x6f, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x12, 0x26, 0x0a,
+ 0x04, 0x74, 0x65, 0x73, 0x74, 0x18, 0xc0, 0xb8, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e,
+ 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x54, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52,
+ 0x04, 0x74, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, 0x0f, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x6c, 0x69,
+ 0x6d, 0x69, 0x74, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0xc1, 0xb8, 0x02, 0x20, 0x01, 0x28, 0x0b,
+ 0x32, 0x17, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x74, 0x65,
+ 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x48, 0x00, 0x52, 0x0d, 0x72, 0x61, 0x74,
+ 0x65, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x6f,
+ 0x64, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0xe8, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
+ 0x6e, 0x6f, 0x64, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2f, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65,
+ 0x18, 0xe9, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+ 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74,
+ 0x61, 0x6d, 0x70, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x45, 0x0a, 0x10, 0x61, 0x67, 0x67,
+ 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0xea, 0x07,
+ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e,
+ 0x41, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52,
+ 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f,
+ 0x42, 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x2a, 0xd8, 0x01, 0x0a, 0x09, 0x45, 0x76,
+ 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x55, 0x4e, 0x44, 0x45, 0x46,
+ 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x45, 0x58,
+ 0x45, 0x43, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f,
+ 0x45, 0x58, 0x49, 0x54, 0x10, 0x05, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53,
+ 0x53, 0x5f, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x10, 0x09, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52,
+ 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x54, 0x52, 0x41, 0x43, 0x45, 0x50, 0x4f, 0x49, 0x4e, 0x54,
+ 0x10, 0x0a, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4c, 0x4f,
+ 0x41, 0x44, 0x45, 0x52, 0x10, 0x0b, 0x12, 0x12, 0x0a, 0x0e, 0x50, 0x52, 0x4f, 0x43, 0x45, 0x53,
+ 0x53, 0x5f, 0x55, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x52,
+ 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x4c, 0x53, 0x4d, 0x10, 0x0d, 0x12, 0x14, 0x0a, 0x10, 0x50,
+ 0x52, 0x4f, 0x43, 0x45, 0x53, 0x53, 0x5f, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x10,
+ 0x1b, 0x12, 0x0a, 0x0a, 0x04, 0x54, 0x45, 0x53, 0x54, 0x10, 0xc0, 0xb8, 0x02, 0x12, 0x15, 0x0a,
+ 0x0f, 0x52, 0x41, 0x54, 0x45, 0x5f, 0x4c, 0x49, 0x4d, 0x49, 0x54, 0x5f, 0x49, 0x4e, 0x46, 0x4f,
+ 0x10, 0xc1, 0xb8, 0x02, 0x2a, 0x2d, 0x0a, 0x11, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x46, 0x69, 0x6c,
+ 0x74, 0x65, 0x72, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x43,
+ 0x4c, 0x55, 0x44, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x58, 0x43, 0x4c, 0x55, 0x44,
+ 0x45, 0x10, 0x01, 0x2a, 0x4b, 0x0a, 0x0c, 0x54, 0x68, 0x72, 0x6f, 0x74, 0x74, 0x6c, 0x65, 0x54,
+ 0x79, 0x70, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f,
+ 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x54, 0x48, 0x52,
+ 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x52, 0x54, 0x10, 0x01, 0x12, 0x11, 0x0a,
+ 0x0d, 0x54, 0x48, 0x52, 0x4f, 0x54, 0x54, 0x4c, 0x45, 0x5f, 0x53, 0x54, 0x4f, 0x50, 0x10, 0x02,
+ 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@@ -1384,8 +1406,9 @@ var file_tetragon_events_proto_goTypes = []interface{}{
(*ProcessTracepoint)(nil), // 21: tetragon.ProcessTracepoint
(*ProcessLoader)(nil), // 22: tetragon.ProcessLoader
(*ProcessUprobe)(nil), // 23: tetragon.ProcessUprobe
- (*Test)(nil), // 24: tetragon.Test
- (*timestamppb.Timestamp)(nil), // 25: google.protobuf.Timestamp
+ (*ProcessLsm)(nil), // 24: tetragon.ProcessLsm
+ (*Test)(nil), // 25: tetragon.Test
+ (*timestamppb.Timestamp)(nil), // 26: google.protobuf.Timestamp
}
var file_tetragon_events_proto_depIdxs = []int32{
14, // 0: tetragon.Filter.health_check:type_name -> google.protobuf.BoolValue
@@ -1415,16 +1438,17 @@ var file_tetragon_events_proto_depIdxs = []int32{
21, // 24: tetragon.GetEventsResponse.process_tracepoint:type_name -> tetragon.ProcessTracepoint
22, // 25: tetragon.GetEventsResponse.process_loader:type_name -> tetragon.ProcessLoader
23, // 26: tetragon.GetEventsResponse.process_uprobe:type_name -> tetragon.ProcessUprobe
- 12, // 27: tetragon.GetEventsResponse.process_throttle:type_name -> tetragon.ProcessThrottle
- 24, // 28: tetragon.GetEventsResponse.test:type_name -> tetragon.Test
- 11, // 29: tetragon.GetEventsResponse.rate_limit_info:type_name -> tetragon.RateLimitInfo
- 25, // 30: tetragon.GetEventsResponse.time:type_name -> google.protobuf.Timestamp
- 10, // 31: tetragon.GetEventsResponse.aggregation_info:type_name -> tetragon.AggregationInfo
- 32, // [32:32] is the sub-list for method output_type
- 32, // [32:32] is the sub-list for method input_type
- 32, // [32:32] is the sub-list for extension type_name
- 32, // [32:32] is the sub-list for extension extendee
- 0, // [0:32] is the sub-list for field type_name
+ 24, // 27: tetragon.GetEventsResponse.process_lsm:type_name -> tetragon.ProcessLsm
+ 12, // 28: tetragon.GetEventsResponse.process_throttle:type_name -> tetragon.ProcessThrottle
+ 25, // 29: tetragon.GetEventsResponse.test:type_name -> tetragon.Test
+ 11, // 30: tetragon.GetEventsResponse.rate_limit_info:type_name -> tetragon.RateLimitInfo
+ 26, // 31: tetragon.GetEventsResponse.time:type_name -> google.protobuf.Timestamp
+ 10, // 32: tetragon.GetEventsResponse.aggregation_info:type_name -> tetragon.AggregationInfo
+ 33, // [33:33] is the sub-list for method output_type
+ 33, // [33:33] is the sub-list for method input_type
+ 33, // [33:33] is the sub-list for extension type_name
+ 33, // [33:33] is the sub-list for extension extendee
+ 0, // [0:33] is the sub-list for field type_name
}
func init() { file_tetragon_events_proto_init() }
@@ -1575,6 +1599,7 @@ func file_tetragon_events_proto_init() {
(*GetEventsResponse_ProcessTracepoint)(nil),
(*GetEventsResponse_ProcessLoader)(nil),
(*GetEventsResponse_ProcessUprobe)(nil),
+ (*GetEventsResponse_ProcessLsm)(nil),
(*GetEventsResponse_ProcessThrottle)(nil),
(*GetEventsResponse_Test)(nil),
(*GetEventsResponse_RateLimitInfo)(nil),
diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto b/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto
index f2bd554645f..155bd489665 100644
--- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto
+++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/events.proto
@@ -25,6 +25,7 @@ enum EventType {
PROCESS_TRACEPOINT = 10;
PROCESS_LOADER = 11;
PROCESS_UPROBE = 12;
+ PROCESS_LSM = 13;
PROCESS_THROTTLE = 27;
TEST = 40000;
@@ -183,6 +184,7 @@ message GetEventsResponse {
ProcessTracepoint process_tracepoint = 10;
ProcessLoader process_loader = 11;
ProcessUprobe process_uprobe = 12;
+ ProcessLsm process_lsm = 13;
ProcessThrottle process_throttle = 27;
Test test = 40000;
diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.go b/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.go
index ace6dfcfc1c..8a5d6be212e 100644
--- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.go
+++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.go
@@ -3475,6 +3475,115 @@ func (x *ProcessUprobe) GetTags() []string {
return nil
}
+type ProcessLsm struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Process *Process `protobuf:"bytes,1,opt,name=process,proto3" json:"process,omitempty"`
+ Parent *Process `protobuf:"bytes,2,opt,name=parent,proto3" json:"parent,omitempty"`
+ // LSM hook name.
+ FunctionName string `protobuf:"bytes,3,opt,name=function_name,json=functionName,proto3" json:"function_name,omitempty"`
+ // Name of the policy that created that LSM hook.
+ PolicyName string `protobuf:"bytes,5,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"`
+ // Short message of the Tracing Policy to inform users what is going on.
+ Message string `protobuf:"bytes,6,opt,name=message,proto3" json:"message,omitempty"`
+ // Arguments definition of the observed LSM hook.
+ Args []*KprobeArgument `protobuf:"bytes,7,rep,name=args,proto3" json:"args,omitempty"`
+ // Action performed when the LSM hook matched.
+ Action KprobeAction `protobuf:"varint,8,opt,name=action,proto3,enum=tetragon.KprobeAction" json:"action,omitempty"`
+ // Tags of the Tracing Policy to categorize the event.
+ Tags []string `protobuf:"bytes,9,rep,name=tags,proto3" json:"tags,omitempty"`
+}
+
+func (x *ProcessLsm) Reset() {
+ *x = ProcessLsm{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_tetragon_tetragon_proto_msgTypes[32]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *ProcessLsm) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ProcessLsm) ProtoMessage() {}
+
+func (x *ProcessLsm) ProtoReflect() protoreflect.Message {
+ mi := &file_tetragon_tetragon_proto_msgTypes[32]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use ProcessLsm.ProtoReflect.Descriptor instead.
+func (*ProcessLsm) Descriptor() ([]byte, []int) {
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{32}
+}
+
+func (x *ProcessLsm) GetProcess() *Process {
+ if x != nil {
+ return x.Process
+ }
+ return nil
+}
+
+func (x *ProcessLsm) GetParent() *Process {
+ if x != nil {
+ return x.Parent
+ }
+ return nil
+}
+
+func (x *ProcessLsm) GetFunctionName() string {
+ if x != nil {
+ return x.FunctionName
+ }
+ return ""
+}
+
+func (x *ProcessLsm) GetPolicyName() string {
+ if x != nil {
+ return x.PolicyName
+ }
+ return ""
+}
+
+func (x *ProcessLsm) GetMessage() string {
+ if x != nil {
+ return x.Message
+ }
+ return ""
+}
+
+func (x *ProcessLsm) GetArgs() []*KprobeArgument {
+ if x != nil {
+ return x.Args
+ }
+ return nil
+}
+
+func (x *ProcessLsm) GetAction() KprobeAction {
+ if x != nil {
+ return x.Action
+ }
+ return KprobeAction_KPROBE_ACTION_UNKNOWN
+}
+
+func (x *ProcessLsm) GetTags() []string {
+ if x != nil {
+ return x.Tags
+ }
+ return nil
+}
+
type KernelModule struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
@@ -3492,7 +3601,7 @@ type KernelModule struct {
func (x *KernelModule) Reset() {
*x = KernelModule{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[32]
+ mi := &file_tetragon_tetragon_proto_msgTypes[33]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3505,7 +3614,7 @@ func (x *KernelModule) String() string {
func (*KernelModule) ProtoMessage() {}
func (x *KernelModule) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[32]
+ mi := &file_tetragon_tetragon_proto_msgTypes[33]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3518,7 +3627,7 @@ func (x *KernelModule) ProtoReflect() protoreflect.Message {
// Deprecated: Use KernelModule.ProtoReflect.Descriptor instead.
func (*KernelModule) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{32}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{33}
}
func (x *KernelModule) GetName() string {
@@ -3556,7 +3665,7 @@ type Test struct {
func (x *Test) Reset() {
*x = Test{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[33]
+ mi := &file_tetragon_tetragon_proto_msgTypes[34]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3569,7 +3678,7 @@ func (x *Test) String() string {
func (*Test) ProtoMessage() {}
func (x *Test) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[33]
+ mi := &file_tetragon_tetragon_proto_msgTypes[34]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3582,7 +3691,7 @@ func (x *Test) ProtoReflect() protoreflect.Message {
// Deprecated: Use Test.ProtoReflect.Descriptor instead.
func (*Test) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{33}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{34}
}
func (x *Test) GetArg0() uint64 {
@@ -3624,7 +3733,7 @@ type GetHealthStatusRequest struct {
func (x *GetHealthStatusRequest) Reset() {
*x = GetHealthStatusRequest{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[34]
+ mi := &file_tetragon_tetragon_proto_msgTypes[35]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3637,7 +3746,7 @@ func (x *GetHealthStatusRequest) String() string {
func (*GetHealthStatusRequest) ProtoMessage() {}
func (x *GetHealthStatusRequest) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[34]
+ mi := &file_tetragon_tetragon_proto_msgTypes[35]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3650,7 +3759,7 @@ func (x *GetHealthStatusRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use GetHealthStatusRequest.ProtoReflect.Descriptor instead.
func (*GetHealthStatusRequest) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{34}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{35}
}
func (x *GetHealthStatusRequest) GetEventSet() []HealthStatusType {
@@ -3673,7 +3782,7 @@ type HealthStatus struct {
func (x *HealthStatus) Reset() {
*x = HealthStatus{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[35]
+ mi := &file_tetragon_tetragon_proto_msgTypes[36]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3686,7 +3795,7 @@ func (x *HealthStatus) String() string {
func (*HealthStatus) ProtoMessage() {}
func (x *HealthStatus) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[35]
+ mi := &file_tetragon_tetragon_proto_msgTypes[36]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3699,7 +3808,7 @@ func (x *HealthStatus) ProtoReflect() protoreflect.Message {
// Deprecated: Use HealthStatus.ProtoReflect.Descriptor instead.
func (*HealthStatus) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{35}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{36}
}
func (x *HealthStatus) GetEvent() HealthStatusType {
@@ -3734,7 +3843,7 @@ type GetHealthStatusResponse struct {
func (x *GetHealthStatusResponse) Reset() {
*x = GetHealthStatusResponse{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[36]
+ mi := &file_tetragon_tetragon_proto_msgTypes[37]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3747,7 +3856,7 @@ func (x *GetHealthStatusResponse) String() string {
func (*GetHealthStatusResponse) ProtoMessage() {}
func (x *GetHealthStatusResponse) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[36]
+ mi := &file_tetragon_tetragon_proto_msgTypes[37]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3760,7 +3869,7 @@ func (x *GetHealthStatusResponse) ProtoReflect() protoreflect.Message {
// Deprecated: Use GetHealthStatusResponse.ProtoReflect.Descriptor instead.
func (*GetHealthStatusResponse) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{36}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{37}
}
func (x *GetHealthStatusResponse) GetHealthStatus() []*HealthStatus {
@@ -3784,7 +3893,7 @@ type ProcessLoader struct {
func (x *ProcessLoader) Reset() {
*x = ProcessLoader{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[37]
+ mi := &file_tetragon_tetragon_proto_msgTypes[38]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3797,7 +3906,7 @@ func (x *ProcessLoader) String() string {
func (*ProcessLoader) ProtoMessage() {}
func (x *ProcessLoader) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[37]
+ mi := &file_tetragon_tetragon_proto_msgTypes[38]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3810,7 +3919,7 @@ func (x *ProcessLoader) ProtoReflect() protoreflect.Message {
// Deprecated: Use ProcessLoader.ProtoReflect.Descriptor instead.
func (*ProcessLoader) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{37}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{38}
}
func (x *ProcessLoader) GetProcess() *Process {
@@ -3849,7 +3958,7 @@ type RuntimeHookRequest struct {
func (x *RuntimeHookRequest) Reset() {
*x = RuntimeHookRequest{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[38]
+ mi := &file_tetragon_tetragon_proto_msgTypes[39]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3862,7 +3971,7 @@ func (x *RuntimeHookRequest) String() string {
func (*RuntimeHookRequest) ProtoMessage() {}
func (x *RuntimeHookRequest) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[38]
+ mi := &file_tetragon_tetragon_proto_msgTypes[39]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3875,7 +3984,7 @@ func (x *RuntimeHookRequest) ProtoReflect() protoreflect.Message {
// Deprecated: Use RuntimeHookRequest.ProtoReflect.Descriptor instead.
func (*RuntimeHookRequest) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{38}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{39}
}
func (m *RuntimeHookRequest) GetEvent() isRuntimeHookRequest_Event {
@@ -3911,7 +4020,7 @@ type RuntimeHookResponse struct {
func (x *RuntimeHookResponse) Reset() {
*x = RuntimeHookResponse{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[39]
+ mi := &file_tetragon_tetragon_proto_msgTypes[40]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3924,7 +4033,7 @@ func (x *RuntimeHookResponse) String() string {
func (*RuntimeHookResponse) ProtoMessage() {}
func (x *RuntimeHookResponse) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[39]
+ mi := &file_tetragon_tetragon_proto_msgTypes[40]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3937,7 +4046,7 @@ func (x *RuntimeHookResponse) ProtoReflect() protoreflect.Message {
// Deprecated: Use RuntimeHookResponse.ProtoReflect.Descriptor instead.
func (*RuntimeHookResponse) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{39}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{40}
}
// CreateContainer informs the agent that a container was created
@@ -3965,7 +4074,7 @@ type CreateContainer struct {
func (x *CreateContainer) Reset() {
*x = CreateContainer{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[40]
+ mi := &file_tetragon_tetragon_proto_msgTypes[41]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -3978,7 +4087,7 @@ func (x *CreateContainer) String() string {
func (*CreateContainer) ProtoMessage() {}
func (x *CreateContainer) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[40]
+ mi := &file_tetragon_tetragon_proto_msgTypes[41]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -3991,7 +4100,7 @@ func (x *CreateContainer) ProtoReflect() protoreflect.Message {
// Deprecated: Use CreateContainer.ProtoReflect.Descriptor instead.
func (*CreateContainer) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{40}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{41}
}
func (x *CreateContainer) GetCgroupsPath() string {
@@ -4040,7 +4149,7 @@ type StackTraceEntry struct {
func (x *StackTraceEntry) Reset() {
*x = StackTraceEntry{}
if protoimpl.UnsafeEnabled {
- mi := &file_tetragon_tetragon_proto_msgTypes[41]
+ mi := &file_tetragon_tetragon_proto_msgTypes[42]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -4053,7 +4162,7 @@ func (x *StackTraceEntry) String() string {
func (*StackTraceEntry) ProtoMessage() {}
func (x *StackTraceEntry) ProtoReflect() protoreflect.Message {
- mi := &file_tetragon_tetragon_proto_msgTypes[41]
+ mi := &file_tetragon_tetragon_proto_msgTypes[42]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -4066,7 +4175,7 @@ func (x *StackTraceEntry) ProtoReflect() protoreflect.Message {
// Deprecated: Use StackTraceEntry.ProtoReflect.Descriptor instead.
func (*StackTraceEntry) Descriptor() ([]byte, []int) {
- return file_tetragon_tetragon_proto_rawDescGZIP(), []int{41}
+ return file_tetragon_tetragon_proto_rawDescGZIP(), []int{42}
}
func (x *StackTraceEntry) GetAddress() uint64 {
@@ -4619,136 +4728,156 @@ var file_tetragon_tetragon_proto_rawDesc = []byte{
0x61, 0x72, 0x67, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x74, 0x65, 0x74,
0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x4b, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x72, 0x67, 0x75,
0x6d, 0x65, 0x6e, 0x74, 0x52, 0x04, 0x61, 0x72, 0x67, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x61,
- 0x67, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x04, 0x74, 0x61, 0x67, 0x73, 0x22, 0x96,
- 0x01, 0x0a, 0x0c, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x12,
- 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
- 0x61, 0x6d, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65,
- 0x5f, 0x6f, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c,
- 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65,
- 0x4f, 0x6b, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20,
- 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x54,
- 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07,
- 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x22, 0x56, 0x0a, 0x04, 0x54, 0x65, 0x73, 0x74, 0x12,
- 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x30, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61,
- 0x72, 0x67, 0x30, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x31, 0x18, 0x02, 0x20, 0x01, 0x28,
- 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x31, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x32, 0x18,
- 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x32, 0x12, 0x12, 0x0a, 0x04, 0x61,
- 0x72, 0x67, 0x33, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x33, 0x22,
- 0x51, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74,
- 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x37, 0x0a, 0x09, 0x65, 0x76, 0x65,
- 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74,
- 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74,
- 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x08, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x53,
- 0x65, 0x74, 0x22, 0x90, 0x01, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61,
- 0x74, 0x75, 0x73, 0x12, 0x30, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01,
- 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65,
- 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05,
- 0x65, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x34, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18,
- 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e,
- 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73,
- 0x75, 0x6c, 0x74, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x64,
- 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65,
- 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x56, 0x0a, 0x17, 0x47, 0x65, 0x74, 0x48, 0x65, 0x61, 0x6c,
- 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
- 0x12, 0x3b, 0x0a, 0x0d, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75,
- 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67,
- 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52,
- 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x6a, 0x0a,
- 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x12, 0x2b,
- 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
- 0x11, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65,
- 0x73, 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70,
- 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12,
- 0x18, 0x0a, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c,
- 0x52, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x69, 0x64, 0x22, 0x64, 0x0a, 0x12, 0x52, 0x75, 0x6e,
- 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
- 0x45, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e,
- 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61,
- 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69,
- 0x6e, 0x65, 0x72, 0x48, 0x00, 0x52, 0x0f, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e,
- 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x42, 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x22,
- 0x15, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, 0x6b, 0x52, 0x65,
- 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x81, 0x02, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61, 0x74,
- 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x67,
- 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07,
- 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72,
- 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x12, 0x4c, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61,
- 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x74, 0x65,
- 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e,
- 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f,
- 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74,
- 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65,
- 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e,
- 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e,
- 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10,
- 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79,
- 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x73, 0x0a, 0x0f, 0x53, 0x74,
- 0x61, 0x63, 0x6b, 0x54, 0x72, 0x61, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a,
- 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07,
- 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65,
- 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12,
- 0x16, 0x0a, 0x06, 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x06, 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x6f, 0x64, 0x75, 0x6c,
- 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x2a,
- 0x95, 0x03, 0x0a, 0x0c, 0x4b, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e,
- 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f,
- 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4b,
- 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x4f, 0x53,
- 0x54, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43,
- 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x4f, 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10, 0x02, 0x12,
- 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e,
- 0x5f, 0x53, 0x49, 0x47, 0x4b, 0x49, 0x4c, 0x4c, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x50,
- 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x46, 0x4f,
- 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10, 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x50, 0x52, 0x4f,
- 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x52, 0x49,
- 0x44, 0x45, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41,
- 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x46, 0x44, 0x10, 0x06, 0x12, 0x18,
+ 0x67, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x04, 0x74, 0x61, 0x67, 0x73, 0x22, 0xb6,
+ 0x02, 0x0a, 0x0a, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x4c, 0x73, 0x6d, 0x12, 0x2b, 0x0a,
+ 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11,
+ 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73,
+ 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x12, 0x29, 0x0a, 0x06, 0x70, 0x61,
+ 0x72, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x65, 0x74,
+ 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x06, 0x70,
+ 0x61, 0x72, 0x65, 0x6e, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f,
+ 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x66, 0x75,
+ 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x6f,
+ 0x6c, 0x69, 0x63, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52,
+ 0x0a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6d,
+ 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65,
+ 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x2c, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, 0x18, 0x07, 0x20,
+ 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x4b,
+ 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x72, 0x67, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x04, 0x61,
+ 0x72, 0x67, 0x73, 0x12, 0x2e, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20,
+ 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x4b,
+ 0x70, 0x72, 0x6f, 0x62, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74,
+ 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x61, 0x67, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28,
+ 0x09, 0x52, 0x04, 0x74, 0x61, 0x67, 0x73, 0x22, 0x96, 0x01, 0x0a, 0x0c, 0x4b, 0x65, 0x72, 0x6e,
+ 0x65, 0x6c, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+ 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3d, 0x0a, 0x0c,
+ 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6f, 0x6b, 0x18, 0x02, 0x20, 0x01,
+ 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+ 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0b,
+ 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x4f, 0x6b, 0x12, 0x33, 0x0a, 0x07, 0x74,
+ 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x74,
+ 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42,
+ 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64,
+ 0x22, 0x56, 0x0a, 0x04, 0x54, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x30,
+ 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x30, 0x12, 0x12, 0x0a, 0x04,
+ 0x61, 0x72, 0x67, 0x31, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x31,
+ 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x32, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04,
+ 0x61, 0x72, 0x67, 0x32, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x33, 0x18, 0x04, 0x20, 0x01,
+ 0x28, 0x04, 0x52, 0x04, 0x61, 0x72, 0x67, 0x33, 0x22, 0x51, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x48,
+ 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
+ 0x73, 0x74, 0x12, 0x37, 0x0a, 0x09, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x74, 0x18,
+ 0x01, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e,
+ 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70,
+ 0x65, 0x52, 0x08, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x74, 0x22, 0x90, 0x01, 0x0a, 0x0c,
+ 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x30, 0x0a, 0x05,
+ 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65,
+ 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61,
+ 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x52, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x34,
+ 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c,
+ 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68,
+ 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x06, 0x73, 0x74,
+ 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18,
+ 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0x56,
+ 0x0a, 0x17, 0x47, 0x65, 0x74, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75,
+ 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3b, 0x0a, 0x0d, 0x68, 0x65, 0x61,
+ 0x6c, 0x74, 0x68, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
+ 0x32, 0x16, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x48, 0x65, 0x61, 0x6c,
+ 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x0c, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68,
+ 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x6a, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73,
+ 0x73, 0x4c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x63, 0x65,
+ 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61,
+ 0x67, 0x6f, 0x6e, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x07, 0x70, 0x72, 0x6f,
+ 0x63, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01,
+ 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x62, 0x75, 0x69, 0x6c,
+ 0x64, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x62, 0x75, 0x69, 0x6c, 0x64,
+ 0x69, 0x64, 0x22, 0x64, 0x0a, 0x12, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f,
+ 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x61,
+ 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28,
+ 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e, 0x43, 0x72, 0x65,
+ 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x48, 0x00, 0x52, 0x0f,
+ 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x42,
+ 0x07, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x22, 0x15, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74,
+ 0x69, 0x6d, 0x65, 0x48, 0x6f, 0x6f, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+ 0x81, 0x02, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69,
+ 0x6e, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x50, 0x61,
+ 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70,
+ 0x73, 0x50, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72,
+ 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x44, 0x69, 0x72, 0x12,
+ 0x4c, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03,
+ 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x74, 0x65, 0x74, 0x72, 0x61, 0x67, 0x6f, 0x6e, 0x2e,
+ 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x2e,
+ 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79,
+ 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a,
+ 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x04,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x4e,
+ 0x61, 0x6d, 0x65, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f,
+ 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c,
+ 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a,
+ 0x02, 0x38, 0x01, 0x22, 0x73, 0x0a, 0x0f, 0x53, 0x74, 0x61, 0x63, 0x6b, 0x54, 0x72, 0x61, 0x63,
+ 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73,
+ 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
+ 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04,
+ 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x79, 0x6d, 0x62,
+ 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x79, 0x6d, 0x62, 0x6f, 0x6c,
+ 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09,
+ 0x52, 0x06, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x2a, 0x95, 0x03, 0x0a, 0x0c, 0x4b, 0x70, 0x72,
+ 0x6f, 0x62, 0x65, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52,
+ 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f,
+ 0x57, 0x4e, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41,
+ 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16,
+ 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x46, 0x4f,
+ 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x50, 0x52, 0x4f,
+ 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4b, 0x49, 0x4c,
+ 0x4c, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43,
+ 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x46, 0x4f, 0x4c, 0x4c, 0x4f, 0x57, 0x46, 0x44, 0x10,
+ 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49,
+ 0x4f, 0x4e, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x52, 0x49, 0x44, 0x45, 0x10, 0x05, 0x12, 0x18, 0x0a,
+ 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43,
+ 0x4f, 0x50, 0x59, 0x46, 0x44, 0x10, 0x06, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42,
+ 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x47, 0x45, 0x54, 0x55, 0x52, 0x4c, 0x10,
+ 0x07, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49,
+ 0x4f, 0x4e, 0x5f, 0x44, 0x4e, 0x53, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x10, 0x08, 0x12, 0x18,
0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
- 0x47, 0x45, 0x54, 0x55, 0x52, 0x4c, 0x10, 0x07, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f,
- 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x4e, 0x53, 0x4c, 0x4f, 0x4f,
- 0x4b, 0x55, 0x50, 0x10, 0x08, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f,
- 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x09, 0x12,
- 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e,
- 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c, 0x10, 0x0a, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52,
- 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x52, 0x41, 0x43, 0x4b,
- 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0b, 0x12, 0x1d, 0x0a, 0x19, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45,
- 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53,
- 0x4f, 0x43, 0x4b, 0x10, 0x0c, 0x12, 0x20, 0x0a, 0x1c, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f,
- 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x45, 0x4e, 0x46,
- 0x4f, 0x52, 0x43, 0x45, 0x52, 0x10, 0x0d, 0x2a, 0x4f, 0x0a, 0x10, 0x48, 0x65, 0x61, 0x6c, 0x74,
- 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1c, 0x0a, 0x18, 0x48,
- 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, 0x50,
- 0x45, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x48, 0x45, 0x41,
- 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
- 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x10, 0x01, 0x2a, 0x7c, 0x0a, 0x12, 0x48, 0x65, 0x61, 0x6c,
- 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x17,
- 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f,
- 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54,
- 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47,
- 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41,
- 0x54, 0x55, 0x53, 0x5f, 0x53, 0x54, 0x4f, 0x50, 0x50, 0x45, 0x44, 0x10, 0x02, 0x12, 0x17, 0x0a,
- 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x45,
- 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x2a, 0x8d, 0x02, 0x0a, 0x0f, 0x54, 0x61, 0x69, 0x6e, 0x74,
- 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x41,
- 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x45, 0x54, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x54,
- 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52, 0x4f, 0x50, 0x52, 0x49, 0x45, 0x54, 0x41, 0x52, 0x59,
- 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x49,
- 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45,
- 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43,
- 0x45, 0x44, 0x5f, 0x55, 0x4e, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45,
- 0x10, 0x04, 0x12, 0x18, 0x0a, 0x13, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x53, 0x54, 0x41, 0x47,
- 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x08, 0x12, 0x1d, 0x0a, 0x18,
- 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4f, 0x55, 0x54, 0x5f, 0x4f, 0x46, 0x5f, 0x54, 0x52, 0x45,
- 0x45, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x20, 0x12, 0x1a, 0x0a, 0x15, 0x54,
- 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53, 0x49, 0x47, 0x4e, 0x45, 0x44, 0x5f, 0x4d, 0x4f,
- 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x40, 0x12, 0x24, 0x0a, 0x1e, 0x54, 0x41, 0x49, 0x4e, 0x54,
- 0x5f, 0x4b, 0x45, 0x52, 0x4e, 0x45, 0x4c, 0x5f, 0x4c, 0x49, 0x56, 0x45, 0x5f, 0x50, 0x41, 0x54,
- 0x43, 0x48, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x80, 0x02, 0x12, 0x17, 0x0a,
- 0x11, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4d, 0x4f, 0x44, 0x55,
- 0x4c, 0x45, 0x10, 0x80, 0x80, 0x10, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+ 0x4e, 0x4f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x09, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x50, 0x52, 0x4f,
+ 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x4c,
+ 0x10, 0x0a, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54,
+ 0x49, 0x4f, 0x4e, 0x5f, 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0b, 0x12,
+ 0x1d, 0x0a, 0x19, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e,
+ 0x5f, 0x55, 0x4e, 0x54, 0x52, 0x41, 0x43, 0x4b, 0x53, 0x4f, 0x43, 0x4b, 0x10, 0x0c, 0x12, 0x20,
+ 0x0a, 0x1c, 0x4b, 0x50, 0x52, 0x4f, 0x42, 0x45, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f,
+ 0x4e, 0x4f, 0x54, 0x49, 0x46, 0x59, 0x45, 0x4e, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x52, 0x10, 0x0d,
+ 0x2a, 0x4f, 0x0a, 0x10, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73,
+ 0x54, 0x79, 0x70, 0x65, 0x12, 0x1c, 0x0a, 0x18, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53,
+ 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46,
+ 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41,
+ 0x54, 0x55, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x10,
+ 0x01, 0x2a, 0x7c, 0x0a, 0x12, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, 0x61, 0x74, 0x75,
+ 0x73, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54,
+ 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x10, 0x00,
+ 0x12, 0x19, 0x0a, 0x15, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55,
+ 0x53, 0x5f, 0x52, 0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x19, 0x0a, 0x15, 0x48,
+ 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x54, 0x4f,
+ 0x50, 0x50, 0x45, 0x44, 0x10, 0x02, 0x12, 0x17, 0x0a, 0x13, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48,
+ 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x2a,
+ 0x8d, 0x02, 0x0a, 0x0f, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x42, 0x69, 0x74, 0x73, 0x54,
+ 0x79, 0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e, 0x53,
+ 0x45, 0x54, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x50, 0x52,
+ 0x4f, 0x50, 0x52, 0x49, 0x45, 0x54, 0x41, 0x52, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45,
+ 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43,
+ 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x54,
+ 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x46, 0x4f, 0x52, 0x43, 0x45, 0x44, 0x5f, 0x55, 0x4e, 0x4c, 0x4f,
+ 0x41, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x04, 0x12, 0x18, 0x0a, 0x13, 0x54,
+ 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55,
+ 0x4c, 0x45, 0x10, 0x80, 0x08, 0x12, 0x1d, 0x0a, 0x18, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4f,
+ 0x55, 0x54, 0x5f, 0x4f, 0x46, 0x5f, 0x54, 0x52, 0x45, 0x45, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c,
+ 0x45, 0x10, 0x80, 0x20, 0x12, 0x1a, 0x0a, 0x15, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x55, 0x4e,
+ 0x53, 0x49, 0x47, 0x4e, 0x45, 0x44, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x40,
+ 0x12, 0x24, 0x0a, 0x1e, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f, 0x4b, 0x45, 0x52, 0x4e, 0x45, 0x4c,
+ 0x5f, 0x4c, 0x49, 0x56, 0x45, 0x5f, 0x50, 0x41, 0x54, 0x43, 0x48, 0x5f, 0x4d, 0x4f, 0x44, 0x55,
+ 0x4c, 0x45, 0x10, 0x80, 0x80, 0x02, 0x12, 0x17, 0x0a, 0x11, 0x54, 0x41, 0x49, 0x4e, 0x54, 0x5f,
+ 0x54, 0x45, 0x53, 0x54, 0x5f, 0x4d, 0x4f, 0x44, 0x55, 0x4c, 0x45, 0x10, 0x80, 0x80, 0x10, 0x62,
+ 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@@ -4764,7 +4893,7 @@ func file_tetragon_tetragon_proto_rawDescGZIP() []byte {
}
var file_tetragon_tetragon_proto_enumTypes = make([]protoimpl.EnumInfo, 4)
-var file_tetragon_tetragon_proto_msgTypes = make([]protoimpl.MessageInfo, 44)
+var file_tetragon_tetragon_proto_msgTypes = make([]protoimpl.MessageInfo, 45)
var file_tetragon_tetragon_proto_goTypes = []interface{}{
(KprobeAction)(0), // 0: tetragon.KprobeAction
(HealthStatusType)(0), // 1: tetragon.HealthStatusType
@@ -4802,35 +4931,36 @@ var file_tetragon_tetragon_proto_goTypes = []interface{}{
(*ProcessKprobe)(nil), // 33: tetragon.ProcessKprobe
(*ProcessTracepoint)(nil), // 34: tetragon.ProcessTracepoint
(*ProcessUprobe)(nil), // 35: tetragon.ProcessUprobe
- (*KernelModule)(nil), // 36: tetragon.KernelModule
- (*Test)(nil), // 37: tetragon.Test
- (*GetHealthStatusRequest)(nil), // 38: tetragon.GetHealthStatusRequest
- (*HealthStatus)(nil), // 39: tetragon.HealthStatus
- (*GetHealthStatusResponse)(nil), // 40: tetragon.GetHealthStatusResponse
- (*ProcessLoader)(nil), // 41: tetragon.ProcessLoader
- (*RuntimeHookRequest)(nil), // 42: tetragon.RuntimeHookRequest
- (*RuntimeHookResponse)(nil), // 43: tetragon.RuntimeHookResponse
- (*CreateContainer)(nil), // 44: tetragon.CreateContainer
- (*StackTraceEntry)(nil), // 45: tetragon.StackTraceEntry
- nil, // 46: tetragon.Pod.PodLabelsEntry
- nil, // 47: tetragon.CreateContainer.AnnotationsEntry
- (*timestamppb.Timestamp)(nil), // 48: google.protobuf.Timestamp
- (*wrapperspb.UInt32Value)(nil), // 49: google.protobuf.UInt32Value
- (CapabilitiesType)(0), // 50: tetragon.CapabilitiesType
- (*wrapperspb.Int32Value)(nil), // 51: google.protobuf.Int32Value
- (SecureBitsType)(0), // 52: tetragon.SecureBitsType
- (ProcessPrivilegesChanged)(0), // 53: tetragon.ProcessPrivilegesChanged
- (*wrapperspb.BoolValue)(nil), // 54: google.protobuf.BoolValue
+ (*ProcessLsm)(nil), // 36: tetragon.ProcessLsm
+ (*KernelModule)(nil), // 37: tetragon.KernelModule
+ (*Test)(nil), // 38: tetragon.Test
+ (*GetHealthStatusRequest)(nil), // 39: tetragon.GetHealthStatusRequest
+ (*HealthStatus)(nil), // 40: tetragon.HealthStatus
+ (*GetHealthStatusResponse)(nil), // 41: tetragon.GetHealthStatusResponse
+ (*ProcessLoader)(nil), // 42: tetragon.ProcessLoader
+ (*RuntimeHookRequest)(nil), // 43: tetragon.RuntimeHookRequest
+ (*RuntimeHookResponse)(nil), // 44: tetragon.RuntimeHookResponse
+ (*CreateContainer)(nil), // 45: tetragon.CreateContainer
+ (*StackTraceEntry)(nil), // 46: tetragon.StackTraceEntry
+ nil, // 47: tetragon.Pod.PodLabelsEntry
+ nil, // 48: tetragon.CreateContainer.AnnotationsEntry
+ (*timestamppb.Timestamp)(nil), // 49: google.protobuf.Timestamp
+ (*wrapperspb.UInt32Value)(nil), // 50: google.protobuf.UInt32Value
+ (CapabilitiesType)(0), // 51: tetragon.CapabilitiesType
+ (*wrapperspb.Int32Value)(nil), // 52: google.protobuf.Int32Value
+ (SecureBitsType)(0), // 53: tetragon.SecureBitsType
+ (ProcessPrivilegesChanged)(0), // 54: tetragon.ProcessPrivilegesChanged
+ (*wrapperspb.BoolValue)(nil), // 55: google.protobuf.BoolValue
}
var file_tetragon_tetragon_proto_depIdxs = []int32{
4, // 0: tetragon.Container.image:type_name -> tetragon.Image
- 48, // 1: tetragon.Container.start_time:type_name -> google.protobuf.Timestamp
- 49, // 2: tetragon.Container.pid:type_name -> google.protobuf.UInt32Value
+ 49, // 1: tetragon.Container.start_time:type_name -> google.protobuf.Timestamp
+ 50, // 2: tetragon.Container.pid:type_name -> google.protobuf.UInt32Value
5, // 3: tetragon.Pod.container:type_name -> tetragon.Container
- 46, // 4: tetragon.Pod.pod_labels:type_name -> tetragon.Pod.PodLabelsEntry
- 50, // 5: tetragon.Capabilities.permitted:type_name -> tetragon.CapabilitiesType
- 50, // 6: tetragon.Capabilities.effective:type_name -> tetragon.CapabilitiesType
- 50, // 7: tetragon.Capabilities.inheritable:type_name -> tetragon.CapabilitiesType
+ 47, // 4: tetragon.Pod.pod_labels:type_name -> tetragon.Pod.PodLabelsEntry
+ 51, // 5: tetragon.Capabilities.permitted:type_name -> tetragon.CapabilitiesType
+ 51, // 6: tetragon.Capabilities.effective:type_name -> tetragon.CapabilitiesType
+ 51, // 7: tetragon.Capabilities.inheritable:type_name -> tetragon.CapabilitiesType
8, // 8: tetragon.Namespaces.uts:type_name -> tetragon.Namespace
8, // 9: tetragon.Namespaces.ipc:type_name -> tetragon.Namespace
8, // 10: tetragon.Namespaces.mnt:type_name -> tetragon.Namespace
@@ -4841,35 +4971,35 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
8, // 15: tetragon.Namespaces.time_for_children:type_name -> tetragon.Namespace
8, // 16: tetragon.Namespaces.cgroup:type_name -> tetragon.Namespace
8, // 17: tetragon.Namespaces.user:type_name -> tetragon.Namespace
- 51, // 18: tetragon.UserNamespace.level:type_name -> google.protobuf.Int32Value
- 49, // 19: tetragon.UserNamespace.uid:type_name -> google.protobuf.UInt32Value
- 49, // 20: tetragon.UserNamespace.gid:type_name -> google.protobuf.UInt32Value
+ 52, // 18: tetragon.UserNamespace.level:type_name -> google.protobuf.Int32Value
+ 50, // 19: tetragon.UserNamespace.uid:type_name -> google.protobuf.UInt32Value
+ 50, // 20: tetragon.UserNamespace.gid:type_name -> google.protobuf.UInt32Value
8, // 21: tetragon.UserNamespace.ns:type_name -> tetragon.Namespace
- 49, // 22: tetragon.ProcessCredentials.uid:type_name -> google.protobuf.UInt32Value
- 49, // 23: tetragon.ProcessCredentials.gid:type_name -> google.protobuf.UInt32Value
- 49, // 24: tetragon.ProcessCredentials.euid:type_name -> google.protobuf.UInt32Value
- 49, // 25: tetragon.ProcessCredentials.egid:type_name -> google.protobuf.UInt32Value
- 49, // 26: tetragon.ProcessCredentials.suid:type_name -> google.protobuf.UInt32Value
- 49, // 27: tetragon.ProcessCredentials.sgid:type_name -> google.protobuf.UInt32Value
- 49, // 28: tetragon.ProcessCredentials.fsuid:type_name -> google.protobuf.UInt32Value
- 49, // 29: tetragon.ProcessCredentials.fsgid:type_name -> google.protobuf.UInt32Value
- 52, // 30: tetragon.ProcessCredentials.securebits:type_name -> tetragon.SecureBitsType
+ 50, // 22: tetragon.ProcessCredentials.uid:type_name -> google.protobuf.UInt32Value
+ 50, // 23: tetragon.ProcessCredentials.gid:type_name -> google.protobuf.UInt32Value
+ 50, // 24: tetragon.ProcessCredentials.euid:type_name -> google.protobuf.UInt32Value
+ 50, // 25: tetragon.ProcessCredentials.egid:type_name -> google.protobuf.UInt32Value
+ 50, // 26: tetragon.ProcessCredentials.suid:type_name -> google.protobuf.UInt32Value
+ 50, // 27: tetragon.ProcessCredentials.sgid:type_name -> google.protobuf.UInt32Value
+ 50, // 28: tetragon.ProcessCredentials.fsuid:type_name -> google.protobuf.UInt32Value
+ 50, // 29: tetragon.ProcessCredentials.fsgid:type_name -> google.protobuf.UInt32Value
+ 53, // 30: tetragon.ProcessCredentials.securebits:type_name -> tetragon.SecureBitsType
7, // 31: tetragon.ProcessCredentials.caps:type_name -> tetragon.Capabilities
10, // 32: tetragon.ProcessCredentials.user_ns:type_name -> tetragon.UserNamespace
- 49, // 33: tetragon.InodeProperties.links:type_name -> google.protobuf.UInt32Value
+ 50, // 33: tetragon.InodeProperties.links:type_name -> google.protobuf.UInt32Value
12, // 34: tetragon.FileProperties.inode:type_name -> tetragon.InodeProperties
- 49, // 35: tetragon.BinaryProperties.setuid:type_name -> google.protobuf.UInt32Value
- 49, // 36: tetragon.BinaryProperties.setgid:type_name -> google.protobuf.UInt32Value
- 53, // 37: tetragon.BinaryProperties.privileges_changed:type_name -> tetragon.ProcessPrivilegesChanged
+ 50, // 35: tetragon.BinaryProperties.setuid:type_name -> google.protobuf.UInt32Value
+ 50, // 36: tetragon.BinaryProperties.setgid:type_name -> google.protobuf.UInt32Value
+ 54, // 37: tetragon.BinaryProperties.privileges_changed:type_name -> tetragon.ProcessPrivilegesChanged
13, // 38: tetragon.BinaryProperties.file:type_name -> tetragon.FileProperties
- 49, // 39: tetragon.Process.pid:type_name -> google.protobuf.UInt32Value
- 49, // 40: tetragon.Process.uid:type_name -> google.protobuf.UInt32Value
- 48, // 41: tetragon.Process.start_time:type_name -> google.protobuf.Timestamp
- 49, // 42: tetragon.Process.auid:type_name -> google.protobuf.UInt32Value
+ 50, // 39: tetragon.Process.pid:type_name -> google.protobuf.UInt32Value
+ 50, // 40: tetragon.Process.uid:type_name -> google.protobuf.UInt32Value
+ 49, // 41: tetragon.Process.start_time:type_name -> google.protobuf.Timestamp
+ 50, // 42: tetragon.Process.auid:type_name -> google.protobuf.UInt32Value
6, // 43: tetragon.Process.pod:type_name -> tetragon.Pod
7, // 44: tetragon.Process.cap:type_name -> tetragon.Capabilities
9, // 45: tetragon.Process.ns:type_name -> tetragon.Namespaces
- 49, // 46: tetragon.Process.tid:type_name -> google.protobuf.UInt32Value
+ 50, // 46: tetragon.Process.tid:type_name -> google.protobuf.UInt32Value
11, // 47: tetragon.Process.process_credentials:type_name -> tetragon.ProcessCredentials
14, // 48: tetragon.Process.binary_properties:type_name -> tetragon.BinaryProperties
15, // 49: tetragon.Process.user:type_name -> tetragon.UserRecord
@@ -4878,14 +5008,14 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
16, // 52: tetragon.ProcessExec.ancestors:type_name -> tetragon.Process
16, // 53: tetragon.ProcessExit.process:type_name -> tetragon.Process
16, // 54: tetragon.ProcessExit.parent:type_name -> tetragon.Process
- 48, // 55: tetragon.ProcessExit.time:type_name -> google.protobuf.Timestamp
- 50, // 56: tetragon.KprobeCred.permitted:type_name -> tetragon.CapabilitiesType
- 50, // 57: tetragon.KprobeCred.effective:type_name -> tetragon.CapabilitiesType
- 50, // 58: tetragon.KprobeCred.inheritable:type_name -> tetragon.CapabilitiesType
- 51, // 59: tetragon.KprobeCapability.value:type_name -> google.protobuf.Int32Value
- 51, // 60: tetragon.KprobeUserNamespace.level:type_name -> google.protobuf.Int32Value
- 49, // 61: tetragon.KprobeUserNamespace.owner:type_name -> google.protobuf.UInt32Value
- 49, // 62: tetragon.KprobeUserNamespace.group:type_name -> google.protobuf.UInt32Value
+ 49, // 55: tetragon.ProcessExit.time:type_name -> google.protobuf.Timestamp
+ 51, // 56: tetragon.KprobeCred.permitted:type_name -> tetragon.CapabilitiesType
+ 51, // 57: tetragon.KprobeCred.effective:type_name -> tetragon.CapabilitiesType
+ 51, // 58: tetragon.KprobeCred.inheritable:type_name -> tetragon.CapabilitiesType
+ 52, // 59: tetragon.KprobeCapability.value:type_name -> google.protobuf.Int32Value
+ 52, // 60: tetragon.KprobeUserNamespace.level:type_name -> google.protobuf.Int32Value
+ 50, // 61: tetragon.KprobeUserNamespace.owner:type_name -> google.protobuf.UInt32Value
+ 50, // 62: tetragon.KprobeUserNamespace.group:type_name -> google.protobuf.UInt32Value
8, // 63: tetragon.KprobeUserNamespace.ns:type_name -> tetragon.Namespace
20, // 64: tetragon.KprobeArgument.skb_arg:type_name -> tetragon.KprobeSkb
22, // 65: tetragon.KprobeArgument.path_arg:type_name -> tetragon.KprobePath
@@ -4900,7 +5030,7 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
27, // 74: tetragon.KprobeArgument.capability_arg:type_name -> tetragon.KprobeCapability
11, // 75: tetragon.KprobeArgument.process_credentials_arg:type_name -> tetragon.ProcessCredentials
10, // 76: tetragon.KprobeArgument.user_ns_arg:type_name -> tetragon.UserNamespace
- 36, // 77: tetragon.KprobeArgument.module_arg:type_name -> tetragon.KernelModule
+ 37, // 77: tetragon.KprobeArgument.module_arg:type_name -> tetragon.KernelModule
26, // 78: tetragon.KprobeArgument.linux_binprm_arg:type_name -> tetragon.KprobeLinuxBinprm
21, // 79: tetragon.KprobeArgument.net_dev_arg:type_name -> tetragon.KprobeNetDev
16, // 80: tetragon.ProcessKprobe.process:type_name -> tetragon.Process
@@ -4908,9 +5038,9 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
32, // 82: tetragon.ProcessKprobe.args:type_name -> tetragon.KprobeArgument
32, // 83: tetragon.ProcessKprobe.return:type_name -> tetragon.KprobeArgument
0, // 84: tetragon.ProcessKprobe.action:type_name -> tetragon.KprobeAction
- 45, // 85: tetragon.ProcessKprobe.kernel_stack_trace:type_name -> tetragon.StackTraceEntry
+ 46, // 85: tetragon.ProcessKprobe.kernel_stack_trace:type_name -> tetragon.StackTraceEntry
0, // 86: tetragon.ProcessKprobe.return_action:type_name -> tetragon.KprobeAction
- 45, // 87: tetragon.ProcessKprobe.user_stack_trace:type_name -> tetragon.StackTraceEntry
+ 46, // 87: tetragon.ProcessKprobe.user_stack_trace:type_name -> tetragon.StackTraceEntry
16, // 88: tetragon.ProcessTracepoint.process:type_name -> tetragon.Process
16, // 89: tetragon.ProcessTracepoint.parent:type_name -> tetragon.Process
32, // 90: tetragon.ProcessTracepoint.args:type_name -> tetragon.KprobeArgument
@@ -4918,20 +5048,24 @@ var file_tetragon_tetragon_proto_depIdxs = []int32{
16, // 92: tetragon.ProcessUprobe.process:type_name -> tetragon.Process
16, // 93: tetragon.ProcessUprobe.parent:type_name -> tetragon.Process
32, // 94: tetragon.ProcessUprobe.args:type_name -> tetragon.KprobeArgument
- 54, // 95: tetragon.KernelModule.signature_ok:type_name -> google.protobuf.BoolValue
- 3, // 96: tetragon.KernelModule.tainted:type_name -> tetragon.TaintedBitsType
- 1, // 97: tetragon.GetHealthStatusRequest.event_set:type_name -> tetragon.HealthStatusType
- 1, // 98: tetragon.HealthStatus.event:type_name -> tetragon.HealthStatusType
- 2, // 99: tetragon.HealthStatus.status:type_name -> tetragon.HealthStatusResult
- 39, // 100: tetragon.GetHealthStatusResponse.health_status:type_name -> tetragon.HealthStatus
- 16, // 101: tetragon.ProcessLoader.process:type_name -> tetragon.Process
- 44, // 102: tetragon.RuntimeHookRequest.createContainer:type_name -> tetragon.CreateContainer
- 47, // 103: tetragon.CreateContainer.annotations:type_name -> tetragon.CreateContainer.AnnotationsEntry
- 104, // [104:104] is the sub-list for method output_type
- 104, // [104:104] is the sub-list for method input_type
- 104, // [104:104] is the sub-list for extension type_name
- 104, // [104:104] is the sub-list for extension extendee
- 0, // [0:104] is the sub-list for field type_name
+ 16, // 95: tetragon.ProcessLsm.process:type_name -> tetragon.Process
+ 16, // 96: tetragon.ProcessLsm.parent:type_name -> tetragon.Process
+ 32, // 97: tetragon.ProcessLsm.args:type_name -> tetragon.KprobeArgument
+ 0, // 98: tetragon.ProcessLsm.action:type_name -> tetragon.KprobeAction
+ 55, // 99: tetragon.KernelModule.signature_ok:type_name -> google.protobuf.BoolValue
+ 3, // 100: tetragon.KernelModule.tainted:type_name -> tetragon.TaintedBitsType
+ 1, // 101: tetragon.GetHealthStatusRequest.event_set:type_name -> tetragon.HealthStatusType
+ 1, // 102: tetragon.HealthStatus.event:type_name -> tetragon.HealthStatusType
+ 2, // 103: tetragon.HealthStatus.status:type_name -> tetragon.HealthStatusResult
+ 40, // 104: tetragon.GetHealthStatusResponse.health_status:type_name -> tetragon.HealthStatus
+ 16, // 105: tetragon.ProcessLoader.process:type_name -> tetragon.Process
+ 45, // 106: tetragon.RuntimeHookRequest.createContainer:type_name -> tetragon.CreateContainer
+ 48, // 107: tetragon.CreateContainer.annotations:type_name -> tetragon.CreateContainer.AnnotationsEntry
+ 108, // [108:108] is the sub-list for method output_type
+ 108, // [108:108] is the sub-list for method input_type
+ 108, // [108:108] is the sub-list for extension type_name
+ 108, // [108:108] is the sub-list for extension extendee
+ 0, // [0:108] is the sub-list for field type_name
}
func init() { file_tetragon_tetragon_proto_init() }
@@ -5326,7 +5460,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*KernelModule); i {
+ switch v := v.(*ProcessLsm); i {
case 0:
return &v.state
case 1:
@@ -5338,7 +5472,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*Test); i {
+ switch v := v.(*KernelModule); i {
case 0:
return &v.state
case 1:
@@ -5350,7 +5484,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*GetHealthStatusRequest); i {
+ switch v := v.(*Test); i {
case 0:
return &v.state
case 1:
@@ -5362,7 +5496,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*HealthStatus); i {
+ switch v := v.(*GetHealthStatusRequest); i {
case 0:
return &v.state
case 1:
@@ -5374,7 +5508,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*GetHealthStatusResponse); i {
+ switch v := v.(*HealthStatus); i {
case 0:
return &v.state
case 1:
@@ -5386,7 +5520,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*ProcessLoader); i {
+ switch v := v.(*GetHealthStatusResponse); i {
case 0:
return &v.state
case 1:
@@ -5398,7 +5532,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*RuntimeHookRequest); i {
+ switch v := v.(*ProcessLoader); i {
case 0:
return &v.state
case 1:
@@ -5410,7 +5544,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*RuntimeHookResponse); i {
+ switch v := v.(*RuntimeHookRequest); i {
case 0:
return &v.state
case 1:
@@ -5422,7 +5556,7 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} {
- switch v := v.(*CreateContainer); i {
+ switch v := v.(*RuntimeHookResponse); i {
case 0:
return &v.state
case 1:
@@ -5434,6 +5568,18 @@ func file_tetragon_tetragon_proto_init() {
}
}
file_tetragon_tetragon_proto_msgTypes[41].Exporter = func(v interface{}, i int) interface{} {
+ switch v := v.(*CreateContainer); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_tetragon_tetragon_proto_msgTypes[42].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*StackTraceEntry); i {
case 0:
return &v.state
@@ -5474,7 +5620,7 @@ func file_tetragon_tetragon_proto_init() {
(*KprobeArgument_LinuxBinprmArg)(nil),
(*KprobeArgument_NetDevArg)(nil),
}
- file_tetragon_tetragon_proto_msgTypes[38].OneofWrappers = []interface{}{
+ file_tetragon_tetragon_proto_msgTypes[39].OneofWrappers = []interface{}{
(*RuntimeHookRequest_CreateContainer)(nil),
}
type x struct{}
@@ -5483,7 +5629,7 @@ func file_tetragon_tetragon_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_tetragon_tetragon_proto_rawDesc,
NumEnums: 4,
- NumMessages: 44,
+ NumMessages: 45,
NumExtensions: 0,
NumServices: 0,
},
diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.json.go b/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.json.go
index caedb88f5ec..fece138cc0d 100644
--- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.json.go
+++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.pb.json.go
@@ -519,6 +519,22 @@ func (msg *ProcessUprobe) UnmarshalJSON(b []byte) error {
}.Unmarshal(b, msg)
}
+// MarshalJSON implements json.Marshaler
+func (msg *ProcessLsm) MarshalJSON() ([]byte, error) {
+ return protojson.MarshalOptions{
+ UseEnumNumbers: false,
+ EmitUnpopulated: false,
+ UseProtoNames: true,
+ }.Marshal(msg)
+}
+
+// UnmarshalJSON implements json.Unmarshaler
+func (msg *ProcessLsm) UnmarshalJSON(b []byte) error {
+ return protojson.UnmarshalOptions{
+ DiscardUnknown: false,
+ }.Unmarshal(b, msg)
+}
+
// MarshalJSON implements json.Marshaler
func (msg *KernelModule) MarshalJSON() ([]byte, error) {
return protojson.MarshalOptions{
diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.proto b/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.proto
index 801f46c0b3f..34a6df09557 100644
--- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.proto
+++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/tetragon.proto
@@ -532,6 +532,23 @@ message ProcessUprobe {
repeated string tags = 8;
}
+message ProcessLsm {
+ Process process = 1;
+ Process parent = 2;
+ // LSM hook name.
+ string function_name = 3;
+ // Name of the policy that created that LSM hook.
+ string policy_name = 5;
+ // Short message of the Tracing Policy to inform users what is going on.
+ string message = 6;
+ // Arguments definition of the observed LSM hook.
+ repeated KprobeArgument args = 7;
+ // Action performed when the LSM hook matched.
+ KprobeAction action = 8;
+ // Tags of the Tracing Policy to categorize the event.
+ repeated string tags = 9;
+}
+
message KernelModule {
// Kernel module name
string name = 1;
diff --git a/vendor/github.com/cilium/tetragon/api/v1/tetragon/types.pb.go b/vendor/github.com/cilium/tetragon/api/v1/tetragon/types.pb.go
index f418b3eaca8..81f84cc6a27 100644
--- a/vendor/github.com/cilium/tetragon/api/v1/tetragon/types.pb.go
+++ b/vendor/github.com/cilium/tetragon/api/v1/tetragon/types.pb.go
@@ -129,6 +129,26 @@ func (event *ProcessUprobe) SetParent(p *Process) {
event.Parent = p
}
+// Encapsulate implements the Event interface.
+// Returns the event wrapped by its GetEventsResponse_* type.
+func (event *ProcessLsm) Encapsulate() IsGetEventsResponse_Event {
+ return &GetEventsResponse_ProcessLsm{
+ ProcessLsm: event,
+ }
+}
+
+// SetProcess implements the ProcessEvent interface.
+// Sets the Process field of an event.
+func (event *ProcessLsm) SetProcess(p *Process) {
+ event.Process = p
+}
+
+// SetParent implements the ParentEvent interface.
+// Sets the Parent field of an event.
+func (event *ProcessLsm) SetParent(p *Process) {
+ event.Parent = p
+}
+
// Encapsulate implements the Event interface.
// Returns the event wrapped by its GetEventsResponse_* type.
func (event *Test) Encapsulate() IsGetEventsResponse_Event {
@@ -184,6 +204,8 @@ func UnwrapGetEventsResponse(response *GetEventsResponse) interface{} {
return ev.ProcessTracepoint
case *GetEventsResponse_ProcessUprobe:
return ev.ProcessUprobe
+ case *GetEventsResponse_ProcessLsm:
+ return ev.ProcessLsm
case *GetEventsResponse_Test:
return ev.Test
case *GetEventsResponse_ProcessLoader:
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml
index f8699a4f451..d3b14464c16 100644
--- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpolicies.yaml
@@ -801,6 +801,574 @@ spec:
loader:
description: Enable loader events
type: boolean
+ lsmhooks:
+ description: A list of uprobe specs.
+ items:
+ properties:
+ args:
+ description: A list of function arguments to include in the
+ trace output.
+ items:
+ properties:
+ index:
+ description: Position of the argument.
+ format: int32
+ minimum: 0
+ type: integer
+ label:
+ description: Label to output in the JSON
+ type: string
+ maxData:
+ default: false
+ description: Read maximum possible data (currently 327360).
+ This field is only used for char_buff data. When this
+ value is false (default), the bpf program will fetch
+ at most 4096 bytes. In later kernels (>=5.4) tetragon
+ supports fetching up to 327360 bytes if this flag is
+ turned on
+ type: boolean
+ returnCopy:
+ default: false
+ description: This field is used only for char_buf and
+ char_iovec types. It indicates that this argument should
+ be read later (when the kretprobe for the symbol is
+ triggered) because it might not be populated when the
+ kprobe is triggered at the entrance of the function.
+ For example, a buffer supplied to read(2) won't have
+ content until kretprobe is triggered.
+ type: boolean
+ sizeArgIndex:
+ description: Specifies the position of the corresponding
+ size argument for this argument. This field is used
+ only for char_buf and char_iovec types.
+ format: int32
+ minimum: 0
+ type: integer
+ type:
+ default: auto
+ description: Argument type.
+ enum:
+ - auto
+ - int
+ - int8
+ - uint8
+ - int16
+ - uint16
+ - uint32
+ - int32
+ - uint64
+ - int64
+ - char_buf
+ - char_iovec
+ - size_t
+ - skb
+ - sock
+ - string
+ - fd
+ - file
+ - filename
+ - path
+ - nop
+ - bpf_attr
+ - perf_event
+ - bpf_map
+ - user_namespace
+ - capability
+ - kiocb
+ - iov_iter
+ - cred
+ - load_info
+ - module
+ - syscall64
+ - kernel_cap_t
+ - cap_inheritable
+ - cap_permitted
+ - cap_effective
+ - linux_binprm
+ - data_loc
+ - net_device
+ type: string
+ required:
+ - index
+ - type
+ type: object
+ type: array
+ hook:
+ description: Name of the function to apply the kprobe spec to.
+ type: string
+ message:
+ description: A short message of 256 characters max that will
+ be included in the event output to inform users what is going
+ on.
+ type: string
+ selectors:
+ description: Selectors to apply before producing trace output.
+ Selectors are ORed.
+ items:
+ description: KProbeSelector selects function calls for kprobe
+ based on PIDs and function arguments. The results of MatchPIDs
+ and MatchArgs are ANDed.
+ properties:
+ matchActions:
+ description: A list of actions to execute when this selector
+ matches
+ items:
+ properties:
+ action:
+ description: Action to execute.
+ enum:
+ - Post
+ - FollowFD
+ - UnfollowFD
+ - Sigkill
+ - CopyFD
+ - Override
+ - GetUrl
+ - DnsLookup
+ - NoPost
+ - Signal
+ - TrackSock
+ - UntrackSock
+ - NotifyEnforcer
+ type: string
+ argError:
+ description: error value for override action
+ format: int32
+ type: integer
+ argFd:
+ description: An arg index for the fd for fdInstall
+ action
+ format: int32
+ type: integer
+ argFqdn:
+ description: A FQDN to lookup for the dnsLookup
+ action
+ type: string
+ argName:
+ description: An arg index for the filename for fdInstall
+ action
+ format: int32
+ type: integer
+ argSig:
+ description: A signal number for signal action
+ format: int32
+ type: integer
+ argSock:
+ description: An arg index for the sock for trackSock
+ and untrackSock actions
+ format: int32
+ type: integer
+ argUrl:
+ description: A URL for the getUrl action
+ type: string
+ kernelStackTrace:
+ description: Enable kernel stack trace export. Only
+ valid with the post action.
+ type: boolean
+ rateLimit:
+ description: A time period within which repeated
+ messages will not be posted. Can be specified
+ in seconds (default or with 's' suffix), minutes
+ ('m' suffix) or hours ('h' suffix). Only valid
+ with the post action.
+ type: string
+ rateLimitScope:
+ description: The scope of the provided rate limit
+ argument. Can be "thread" (default), "process"
+ (all threads for the same process), or "global".
+ If "thread" is selected then rate limiting applies
+ per thread; if "process" is selected then rate
+ limiting applies per process; if "global" is selected
+ then rate limiting applies regardless of which
+ process or thread caused the action. Only valid
+ with the post action and with a rateLimit specified.
+ type: string
+ userStackTrace:
+ description: Enable user stack trace export. Only
+ valid with the post action.
+ type: boolean
+ required:
+ - action
+ type: object
+ type: array
+ matchArgs:
+ description: A list of argument filters. MatchArgs are
+ ANDed.
+ items:
+ properties:
+ index:
+ description: Position of the argument to apply fhe
+ filter to.
+ format: int32
+ minimum: 0
+ type: integer
+ operator:
+ description: Filter operation.
+ enum:
+ - Equal
+ - NotEqual
+ - Prefix
+ - NotPrefix
+ - Postfix
+ - NotPostfix
+ - GreaterThan
+ - LessThan
+ - GT
+ - LT
+ - Mask
+ - SPort
+ - NotSPort
+ - SPortPriv
+ - NotSportPriv
+ - DPort
+ - NotDPort
+ - DPortPriv
+ - NotDPortPriv
+ - SAddr
+ - NotSAddr
+ - DAddr
+ - NotDAddr
+ - Protocol
+ - Family
+ - State
+ - InMap
+ - NotInMap
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - index
+ - operator
+ type: object
+ type: array
+ matchBinaries:
+ description: A list of binary exec name filters.
+ items:
+ properties:
+ operator:
+ description: Filter operation.
+ enum:
+ - In
+ - NotIn
+ - Prefix
+ - NotPrefix
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchCapabilities:
+ description: A list of capabilities and IDs
+ items:
+ properties:
+ isNamespaceCapability:
+ default: false
+ description: Indicates whether these caps are namespace
+ caps.
+ type: boolean
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ type:
+ default: Effective
+ description: Type of capabilities
+ enum:
+ - Effective
+ - Inheritable
+ - Permitted
+ type: string
+ values:
+ description: Capabilities to match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchCapabilityChanges:
+ description: IDs for capabilities changes
+ items:
+ properties:
+ isNamespaceCapability:
+ default: false
+ description: Indicates whether these caps are namespace
+ caps.
+ type: boolean
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ type:
+ default: Effective
+ description: Type of capabilities
+ enum:
+ - Effective
+ - Inheritable
+ - Permitted
+ type: string
+ values:
+ description: Capabilities to match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchNamespaceChanges:
+ description: IDs for namespace changes
+ items:
+ properties:
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Namespace types (e.g., Mnt, Pid) to
+ match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchNamespaces:
+ description: A list of namespaces and IDs
+ items:
+ properties:
+ namespace:
+ description: Namespace selector name.
+ enum:
+ - Uts
+ - Ipc
+ - Mnt
+ - Pid
+ - PidForChildren
+ - Net
+ - Time
+ - TimeForChildren
+ - Cgroup
+ - User
+ type: string
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Namespace IDs (or host_ns for host
+ namespace) of namespaces to match.
+ items:
+ type: string
+ type: array
+ required:
+ - namespace
+ - operator
+ - values
+ type: object
+ type: array
+ matchPIDs:
+ description: A list of process ID filters. MatchPIDs are
+ ANDed.
+ items:
+ properties:
+ followForks:
+ default: false
+ description: Matches any descendant processes of
+ the matching PIDs.
+ type: boolean
+ isNamespacePID:
+ default: false
+ description: Indicates whether PIDs are namespace
+ PIDs.
+ type: boolean
+ operator:
+ description: PID selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Process IDs to match.
+ items:
+ format: int32
+ type: integer
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchReturnActions:
+ description: A list of actions to execute when MatchReturnArgs
+ selector matches
+ items:
+ properties:
+ action:
+ description: Action to execute.
+ enum:
+ - Post
+ - FollowFD
+ - UnfollowFD
+ - Sigkill
+ - CopyFD
+ - Override
+ - GetUrl
+ - DnsLookup
+ - NoPost
+ - Signal
+ - TrackSock
+ - UntrackSock
+ - NotifyEnforcer
+ type: string
+ argError:
+ description: error value for override action
+ format: int32
+ type: integer
+ argFd:
+ description: An arg index for the fd for fdInstall
+ action
+ format: int32
+ type: integer
+ argFqdn:
+ description: A FQDN to lookup for the dnsLookup
+ action
+ type: string
+ argName:
+ description: An arg index for the filename for fdInstall
+ action
+ format: int32
+ type: integer
+ argSig:
+ description: A signal number for signal action
+ format: int32
+ type: integer
+ argSock:
+ description: An arg index for the sock for trackSock
+ and untrackSock actions
+ format: int32
+ type: integer
+ argUrl:
+ description: A URL for the getUrl action
+ type: string
+ kernelStackTrace:
+ description: Enable kernel stack trace export. Only
+ valid with the post action.
+ type: boolean
+ rateLimit:
+ description: A time period within which repeated
+ messages will not be posted. Can be specified
+ in seconds (default or with 's' suffix), minutes
+ ('m' suffix) or hours ('h' suffix). Only valid
+ with the post action.
+ type: string
+ rateLimitScope:
+ description: The scope of the provided rate limit
+ argument. Can be "thread" (default), "process"
+ (all threads for the same process), or "global".
+ If "thread" is selected then rate limiting applies
+ per thread; if "process" is selected then rate
+ limiting applies per process; if "global" is selected
+ then rate limiting applies regardless of which
+ process or thread caused the action. Only valid
+ with the post action and with a rateLimit specified.
+ type: string
+ userStackTrace:
+ description: Enable user stack trace export. Only
+ valid with the post action.
+ type: boolean
+ required:
+ - action
+ type: object
+ type: array
+ matchReturnArgs:
+ description: A list of argument filters. MatchArgs are
+ ANDed.
+ items:
+ properties:
+ index:
+ description: Position of the argument to apply fhe
+ filter to.
+ format: int32
+ minimum: 0
+ type: integer
+ operator:
+ description: Filter operation.
+ enum:
+ - Equal
+ - NotEqual
+ - Prefix
+ - NotPrefix
+ - Postfix
+ - NotPostfix
+ - GreaterThan
+ - LessThan
+ - GT
+ - LT
+ - Mask
+ - SPort
+ - NotSPort
+ - SPortPriv
+ - NotSportPriv
+ - DPort
+ - NotDPort
+ - DPortPriv
+ - NotDPortPriv
+ - SAddr
+ - NotSAddr
+ - DAddr
+ - NotDAddr
+ - Protocol
+ - Family
+ - State
+ - InMap
+ - NotInMap
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - index
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ tags:
+ description: Tags to categorize the event, will be include in
+ the event output. Maximum of 16 Tags are supported.
+ items:
+ type: string
+ maxItems: 16
+ type: array
+ required:
+ - hook
+ type: object
+ type: array
options:
description: A list of overloaded options
items:
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml
index 19b141f0b64..595c2db0235 100644
--- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client/crds/v1alpha1/cilium.io_tracingpoliciesnamespaced.yaml
@@ -801,6 +801,574 @@ spec:
loader:
description: Enable loader events
type: boolean
+ lsmhooks:
+ description: A list of uprobe specs.
+ items:
+ properties:
+ args:
+ description: A list of function arguments to include in the
+ trace output.
+ items:
+ properties:
+ index:
+ description: Position of the argument.
+ format: int32
+ minimum: 0
+ type: integer
+ label:
+ description: Label to output in the JSON
+ type: string
+ maxData:
+ default: false
+ description: Read maximum possible data (currently 327360).
+ This field is only used for char_buff data. When this
+ value is false (default), the bpf program will fetch
+ at most 4096 bytes. In later kernels (>=5.4) tetragon
+ supports fetching up to 327360 bytes if this flag is
+ turned on
+ type: boolean
+ returnCopy:
+ default: false
+ description: This field is used only for char_buf and
+ char_iovec types. It indicates that this argument should
+ be read later (when the kretprobe for the symbol is
+ triggered) because it might not be populated when the
+ kprobe is triggered at the entrance of the function.
+ For example, a buffer supplied to read(2) won't have
+ content until kretprobe is triggered.
+ type: boolean
+ sizeArgIndex:
+ description: Specifies the position of the corresponding
+ size argument for this argument. This field is used
+ only for char_buf and char_iovec types.
+ format: int32
+ minimum: 0
+ type: integer
+ type:
+ default: auto
+ description: Argument type.
+ enum:
+ - auto
+ - int
+ - int8
+ - uint8
+ - int16
+ - uint16
+ - uint32
+ - int32
+ - uint64
+ - int64
+ - char_buf
+ - char_iovec
+ - size_t
+ - skb
+ - sock
+ - string
+ - fd
+ - file
+ - filename
+ - path
+ - nop
+ - bpf_attr
+ - perf_event
+ - bpf_map
+ - user_namespace
+ - capability
+ - kiocb
+ - iov_iter
+ - cred
+ - load_info
+ - module
+ - syscall64
+ - kernel_cap_t
+ - cap_inheritable
+ - cap_permitted
+ - cap_effective
+ - linux_binprm
+ - data_loc
+ - net_device
+ type: string
+ required:
+ - index
+ - type
+ type: object
+ type: array
+ hook:
+ description: Name of the function to apply the kprobe spec to.
+ type: string
+ message:
+ description: A short message of 256 characters max that will
+ be included in the event output to inform users what is going
+ on.
+ type: string
+ selectors:
+ description: Selectors to apply before producing trace output.
+ Selectors are ORed.
+ items:
+ description: KProbeSelector selects function calls for kprobe
+ based on PIDs and function arguments. The results of MatchPIDs
+ and MatchArgs are ANDed.
+ properties:
+ matchActions:
+ description: A list of actions to execute when this selector
+ matches
+ items:
+ properties:
+ action:
+ description: Action to execute.
+ enum:
+ - Post
+ - FollowFD
+ - UnfollowFD
+ - Sigkill
+ - CopyFD
+ - Override
+ - GetUrl
+ - DnsLookup
+ - NoPost
+ - Signal
+ - TrackSock
+ - UntrackSock
+ - NotifyEnforcer
+ type: string
+ argError:
+ description: error value for override action
+ format: int32
+ type: integer
+ argFd:
+ description: An arg index for the fd for fdInstall
+ action
+ format: int32
+ type: integer
+ argFqdn:
+ description: A FQDN to lookup for the dnsLookup
+ action
+ type: string
+ argName:
+ description: An arg index for the filename for fdInstall
+ action
+ format: int32
+ type: integer
+ argSig:
+ description: A signal number for signal action
+ format: int32
+ type: integer
+ argSock:
+ description: An arg index for the sock for trackSock
+ and untrackSock actions
+ format: int32
+ type: integer
+ argUrl:
+ description: A URL for the getUrl action
+ type: string
+ kernelStackTrace:
+ description: Enable kernel stack trace export. Only
+ valid with the post action.
+ type: boolean
+ rateLimit:
+ description: A time period within which repeated
+ messages will not be posted. Can be specified
+ in seconds (default or with 's' suffix), minutes
+ ('m' suffix) or hours ('h' suffix). Only valid
+ with the post action.
+ type: string
+ rateLimitScope:
+ description: The scope of the provided rate limit
+ argument. Can be "thread" (default), "process"
+ (all threads for the same process), or "global".
+ If "thread" is selected then rate limiting applies
+ per thread; if "process" is selected then rate
+ limiting applies per process; if "global" is selected
+ then rate limiting applies regardless of which
+ process or thread caused the action. Only valid
+ with the post action and with a rateLimit specified.
+ type: string
+ userStackTrace:
+ description: Enable user stack trace export. Only
+ valid with the post action.
+ type: boolean
+ required:
+ - action
+ type: object
+ type: array
+ matchArgs:
+ description: A list of argument filters. MatchArgs are
+ ANDed.
+ items:
+ properties:
+ index:
+ description: Position of the argument to apply fhe
+ filter to.
+ format: int32
+ minimum: 0
+ type: integer
+ operator:
+ description: Filter operation.
+ enum:
+ - Equal
+ - NotEqual
+ - Prefix
+ - NotPrefix
+ - Postfix
+ - NotPostfix
+ - GreaterThan
+ - LessThan
+ - GT
+ - LT
+ - Mask
+ - SPort
+ - NotSPort
+ - SPortPriv
+ - NotSportPriv
+ - DPort
+ - NotDPort
+ - DPortPriv
+ - NotDPortPriv
+ - SAddr
+ - NotSAddr
+ - DAddr
+ - NotDAddr
+ - Protocol
+ - Family
+ - State
+ - InMap
+ - NotInMap
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - index
+ - operator
+ type: object
+ type: array
+ matchBinaries:
+ description: A list of binary exec name filters.
+ items:
+ properties:
+ operator:
+ description: Filter operation.
+ enum:
+ - In
+ - NotIn
+ - Prefix
+ - NotPrefix
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchCapabilities:
+ description: A list of capabilities and IDs
+ items:
+ properties:
+ isNamespaceCapability:
+ default: false
+ description: Indicates whether these caps are namespace
+ caps.
+ type: boolean
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ type:
+ default: Effective
+ description: Type of capabilities
+ enum:
+ - Effective
+ - Inheritable
+ - Permitted
+ type: string
+ values:
+ description: Capabilities to match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchCapabilityChanges:
+ description: IDs for capabilities changes
+ items:
+ properties:
+ isNamespaceCapability:
+ default: false
+ description: Indicates whether these caps are namespace
+ caps.
+ type: boolean
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ type:
+ default: Effective
+ description: Type of capabilities
+ enum:
+ - Effective
+ - Inheritable
+ - Permitted
+ type: string
+ values:
+ description: Capabilities to match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchNamespaceChanges:
+ description: IDs for namespace changes
+ items:
+ properties:
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Namespace types (e.g., Mnt, Pid) to
+ match.
+ items:
+ type: string
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchNamespaces:
+ description: A list of namespaces and IDs
+ items:
+ properties:
+ namespace:
+ description: Namespace selector name.
+ enum:
+ - Uts
+ - Ipc
+ - Mnt
+ - Pid
+ - PidForChildren
+ - Net
+ - Time
+ - TimeForChildren
+ - Cgroup
+ - User
+ type: string
+ operator:
+ description: Namespace selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Namespace IDs (or host_ns for host
+ namespace) of namespaces to match.
+ items:
+ type: string
+ type: array
+ required:
+ - namespace
+ - operator
+ - values
+ type: object
+ type: array
+ matchPIDs:
+ description: A list of process ID filters. MatchPIDs are
+ ANDed.
+ items:
+ properties:
+ followForks:
+ default: false
+ description: Matches any descendant processes of
+ the matching PIDs.
+ type: boolean
+ isNamespacePID:
+ default: false
+ description: Indicates whether PIDs are namespace
+ PIDs.
+ type: boolean
+ operator:
+ description: PID selector operator.
+ enum:
+ - In
+ - NotIn
+ type: string
+ values:
+ description: Process IDs to match.
+ items:
+ format: int32
+ type: integer
+ type: array
+ required:
+ - operator
+ - values
+ type: object
+ type: array
+ matchReturnActions:
+ description: A list of actions to execute when MatchReturnArgs
+ selector matches
+ items:
+ properties:
+ action:
+ description: Action to execute.
+ enum:
+ - Post
+ - FollowFD
+ - UnfollowFD
+ - Sigkill
+ - CopyFD
+ - Override
+ - GetUrl
+ - DnsLookup
+ - NoPost
+ - Signal
+ - TrackSock
+ - UntrackSock
+ - NotifyEnforcer
+ type: string
+ argError:
+ description: error value for override action
+ format: int32
+ type: integer
+ argFd:
+ description: An arg index for the fd for fdInstall
+ action
+ format: int32
+ type: integer
+ argFqdn:
+ description: A FQDN to lookup for the dnsLookup
+ action
+ type: string
+ argName:
+ description: An arg index for the filename for fdInstall
+ action
+ format: int32
+ type: integer
+ argSig:
+ description: A signal number for signal action
+ format: int32
+ type: integer
+ argSock:
+ description: An arg index for the sock for trackSock
+ and untrackSock actions
+ format: int32
+ type: integer
+ argUrl:
+ description: A URL for the getUrl action
+ type: string
+ kernelStackTrace:
+ description: Enable kernel stack trace export. Only
+ valid with the post action.
+ type: boolean
+ rateLimit:
+ description: A time period within which repeated
+ messages will not be posted. Can be specified
+ in seconds (default or with 's' suffix), minutes
+ ('m' suffix) or hours ('h' suffix). Only valid
+ with the post action.
+ type: string
+ rateLimitScope:
+ description: The scope of the provided rate limit
+ argument. Can be "thread" (default), "process"
+ (all threads for the same process), or "global".
+ If "thread" is selected then rate limiting applies
+ per thread; if "process" is selected then rate
+ limiting applies per process; if "global" is selected
+ then rate limiting applies regardless of which
+ process or thread caused the action. Only valid
+ with the post action and with a rateLimit specified.
+ type: string
+ userStackTrace:
+ description: Enable user stack trace export. Only
+ valid with the post action.
+ type: boolean
+ required:
+ - action
+ type: object
+ type: array
+ matchReturnArgs:
+ description: A list of argument filters. MatchArgs are
+ ANDed.
+ items:
+ properties:
+ index:
+ description: Position of the argument to apply fhe
+ filter to.
+ format: int32
+ minimum: 0
+ type: integer
+ operator:
+ description: Filter operation.
+ enum:
+ - Equal
+ - NotEqual
+ - Prefix
+ - NotPrefix
+ - Postfix
+ - NotPostfix
+ - GreaterThan
+ - LessThan
+ - GT
+ - LT
+ - Mask
+ - SPort
+ - NotSPort
+ - SPortPriv
+ - NotSportPriv
+ - DPort
+ - NotDPort
+ - DPortPriv
+ - NotDPortPriv
+ - SAddr
+ - NotSAddr
+ - DAddr
+ - NotDAddr
+ - Protocol
+ - Family
+ - State
+ - InMap
+ - NotInMap
+ type: string
+ values:
+ description: Value to compare the argument against.
+ items:
+ type: string
+ type: array
+ required:
+ - index
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ tags:
+ description: Tags to categorize the event, will be include in
+ the event output. Maximum of 16 Tags are supported.
+ items:
+ type: string
+ maxItems: 16
+ type: array
+ required:
+ - hook
+ type: object
+ type: array
options:
description: A list of overloaded options
items:
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/tracing_policy_types.go b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/tracing_policy_types.go
index e1db656a847..36b6d9f9197 100644
--- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/tracing_policy_types.go
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/tracing_policy_types.go
@@ -85,6 +85,9 @@ type TracingPolicySpec struct {
// +kubebuilder:validation:Optional
// A list of uprobe specs.
UProbes []UProbeSpec `json:"uprobes,omitempty"`
+ // +kubebuilder:validation:Optional
+ // A list of uprobe specs.
+ LsmHooks []LsmHookSpec `json:"lsmhooks,omitempty"`
// +kubebuilder:validation:Optional
// PodSelector selects pods that this policy applies to
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go
index e491c37df3e..9d9c7744281 100644
--- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/types.go
@@ -285,6 +285,26 @@ type UProbeSpec struct {
Tags []string `json:"tags,omitempty"`
}
+type LsmHookSpec struct {
+ // Name of the function to apply the kprobe spec to.
+ Hook string `json:"hook"`
+ // +kubebuilder:validation:Optional
+ // A short message of 256 characters max that will be included
+ // in the event output to inform users what is going on.
+ Message string `json:"message"`
+ // +kubebuilder:validation:Optional
+ // A list of function arguments to include in the trace output.
+ Args []KProbeArg `json:"args,omitempty"`
+ // +kubebuilder:validation:Optional
+ // Selectors to apply before producing trace output. Selectors are ORed.
+ Selectors []KProbeSelector `json:"selectors,omitempty"`
+ // +kubebuilder:validation:optional
+ // +kubebuilder:validation:MaxItems=16
+ // Tags to categorize the event, will be include in the event output.
+ // Maximum of 16 Tags are supported.
+ Tags []string `json:"tags,omitempty"`
+}
+
type ListSpec struct {
// Name of the list
Name string `json:"name"`
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go
index 0f2a4026011..203377ec2ee 100644
--- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/version.go
@@ -7,4 +7,4 @@ package v1alpha1
// Used to determine if CRD needs to be updated in cluster
//
// Developers: Bump patch for each change in the CRD schema.
-const CustomResourceDefinitionSchemaVersion = "1.2.0"
+const CustomResourceDefinitionSchemaVersion = "1.2.1"
diff --git a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go
index 2dc62a7bb93..afa464eb9be 100644
--- a/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go
+++ b/vendor/github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/v1alpha1/zz_generated.deepcopy.go
@@ -275,6 +275,39 @@ func (in *ListSpec) DeepCopy() *ListSpec {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *LsmHookSpec) DeepCopyInto(out *LsmHookSpec) {
+ *out = *in
+ if in.Args != nil {
+ in, out := &in.Args, &out.Args
+ *out = make([]KProbeArg, len(*in))
+ copy(*out, *in)
+ }
+ if in.Selectors != nil {
+ in, out := &in.Selectors, &out.Selectors
+ *out = make([]KProbeSelector, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.Tags != nil {
+ in, out := &in.Tags, &out.Tags
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LsmHookSpec.
+func (in *LsmHookSpec) DeepCopy() *LsmHookSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(LsmHookSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NamespaceChangesSelector) DeepCopyInto(out *NamespaceChangesSelector) {
*out = *in
@@ -647,6 +680,13 @@ func (in *TracingPolicySpec) DeepCopyInto(out *TracingPolicySpec) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
+ if in.LsmHooks != nil {
+ in, out := &in.LsmHooks, &out.LsmHooks
+ *out = make([]LsmHookSpec, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
if in.PodSelector != nil {
in, out := &in.PodSelector, &out.PodSelector
*out = new(v1.LabelSelector)