File: sentry.proto

package info (click to toggle)
falcosecurity-libs 0.20.0-3
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 23,732 kB
  • sloc: ansic: 532,812; cpp: 100,792; python: 1,490; sh: 532; makefile: 195
file content (78 lines) | stat: -rw-r--r-- 2,342 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
// Copyright 2022 The gVisor Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package gvisor.sentry;

import "pkg/sentry/seccheck/points/common.proto";

// CloneInfo contains information used by the Clone checkpoint.
message CloneInfo {
  gvisor.common.ContextData context_data = 1;

  // created_thread_id is the thread's ID in the root PID namespace.
  int32 created_thread_id = 3;

  int32 created_thread_group_id = 4;

  // created_thread_start_time_ns is the thread's CLOCK_REALTIME start time.
  int64 created_thread_start_time_ns = 5;

  // flags are equivalent to the flags passed to clone(2).
  uint64 flags = 6;
}

// ExecveInfo contains information used by the Execve checkpoint.
message ExecveInfo {
  gvisor.common.ContextData context_data = 1;

  // BinaryPath is a path to the executable binary file being switched to in
  // the mount namespace in which it was opened.
  string binary_path = 2;

  // Argv is the new process image's argument vector.
  repeated string argv = 3;

  // Env is the new process image's environment variables.
  repeated string env = 4;

  // BinaryMode is the executable binary file's mode.
  uint32 binary_mode = 5;

  uint32 binary_uid = 6;
  uint32 binary_gid = 7;

  // binary_sha256 is the SHA-256 hash of the executable binary file.
  //
  // Note that this requires reading the entire file into memory, which is
  // likely to be extremely slow.
  bytes binary_sha256 = 8;
}

message ExitNotifyParentInfo {
  gvisor.common.ContextData context_data = 1;

  // ExitStatus is the exiting thread group's exit status, as reported
  // by wait*().
  int32 exit_status = 2;
}

message TaskExit {
  gvisor.common.ContextData context_data = 1;

  // ExitStatus is the exiting thread group's exit status, as reported
  // by wait*().
  int32 exit_status = 2;
}