track pid status

lablup · Nov 6, 2023 · 7e56cb9 · 7e56cb9
1 parent 048744f
commit 7e56cb9
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 1 deletion.
diff --git a/src/arch/aarch64.rs b/src/arch/aarch64.rs
@@ -27,6 +27,12 @@ macro_rules! syscall_arg3 {
     };
 }
 
+macro_rules! syscall_arg4 {
+    ($x:expr) => {
+        $x.regs[3]
+    };
+}
+
 macro_rules! syscall_ret {
     ($x:expr) => {
         $x.regs[0]

diff --git a/src/arch/x86_64.rs b/src/arch/x86_64.rs
@@ -27,6 +27,12 @@ macro_rules! syscall_arg3 {
     };
 }
 
+macro_rules! syscall_arg4 {
+    ($x:expr) => {
+        $x.rcx
+    };
+}
+
 macro_rules! syscall_ret {
     ($x:expr) => {
         $x.rax

diff --git a/src/interface.rs b/src/interface.rs
@@ -40,6 +40,8 @@ pub trait PluginInterface: Any + Send + Sync {
     /// - 0: hook executed without error
     /// - <0: Errno
     fn post_execution_hook(&self, name: &str, pid: Pid, regs: &user_regs_struct) -> i32;
+    fn process_did_create(&mut self, pid: Pid);
+    fn process_did_terminate(&mut self, pid: Pid);
 }
 
 #[derive(PartialEq, Hash, Clone, Debug)]

diff --git a/src/jail.rs b/src/jail.rs
@@ -264,7 +264,8 @@ impl Jail {
             | PtraceOptions::PTRACE_O_EXITKILL
             | PtraceOptions::PTRACE_O_TRACECLONE
             | PtraceOptions::PTRACE_O_TRACEFORK
-            | PtraceOptions::PTRACE_O_TRACEVFORK;
+            | PtraceOptions::PTRACE_O_TRACEVFORK
+            | PtraceOptions::PTRACE_O_TRACEEXEC;
 
         // Trace child with ptrace(PTRACE_SEIZE)
         match ptrace::seize(child, ptrace_options) {
@@ -320,6 +321,9 @@ impl Jail {
                                 debug!("EXIT (pid {:?}) status {:?}", pid, code);
                                 match result.status.pid() {
                                     Some(p) => {
+                                        for (_, plugin) in (&mut self.plugins).into_iter() {
+                                            plugin.process_did_terminate(p);
+                                        }
                                         if p == child {
                                             debug!("Our very child has exited. Done.");
                                             if self.cli.watch {
@@ -519,6 +523,19 @@ impl Jail {
                                 );
                                 extra_info = path.display().to_string();
                             }
+                            "openat" => {
+                                let path_str = panic_if_err!(utils::read_string(
+                                    target,
+                                    syscall_arg2!(regs) as usize
+                                ));
+                                let path = panic_if_err!(utils::get_abs_path_as(&path_str, target));
+                                allow = self.policy_inst.check_path_op(
+                                    &path.display().to_string(),
+                                    PathOps::OpOpen,
+                                    syscall_arg4!(regs) as i32,
+                                );
+                                extra_info = path.display().to_string();
+                            }
                             "access" => {
                                 let path_str = panic_if_err!(utils::read_string(
                                     target,
@@ -640,6 +657,11 @@ impl Jail {
                             }
                         }
                     }
+                    ptrace::Event::PTRACE_EVENT_EXEC => {
+                        for (_, plugin) in (&mut self.plugins).into_iter() {
+                            plugin.process_did_create(target);
+                        }
+                    }
                     ptrace::Event::PTRACE_EVENT_CLONE
                     | ptrace::Event::PTRACE_EVENT_FORK
                     | ptrace::Event::PTRACE_EVENT_VFORK => {