properly map syscall ids to syscall name at the CLI

Open kkourt opened this issue 3 years ago • 2 comments

#483 defined SyscallNames for dwarin, but that's probably not what we want.

Commit https://github.com/cilium/tetragon/commit/f56c0f5e35455208f8190285d70f4f1de8bb0595, added

Line 287 in 27facf9 if name := syscallinfo.GetSyscallName(int(sysID)); name != "" {

Which translates system call ids to names, and it uses that to figure out the arguments as well. So (at least in the above case) we would need the syscallNames of Linux (rather than dwarvin). Not sure what the best solution for this. It would probaby be better if we did this translation (id->name) on the agent.

Nov 14 '22 08:11 kkourt

Maybe we can use https://pkg.go.dev/github.com/seccomp/libseccomp-golang#GetSyscallFromName

Nov 14 '22 12:11 kkourt

This is still an issue, reopening.

Nov 27 '23 09:11 kkourt