probes: add required dependency field

This is done through the following steps: 1. Split the probes into a separate module 2. Probes are handled implicitly through handles 3. Events have probe dependencies which includes a handle and a required field 4. Attaching failure is handled according to the required field
aquasecurity · Jun 7, 2022 · 5129ed2 · 5129ed2
1 parent 6b0cad4
commit 5129ed2
Show file tree

Hide file tree

Showing 4 changed files with 412 additions and 216 deletions.
diff --git a/cmd/tracee-ebpf/capabilities.go b/cmd/tracee-ebpf/capabilities.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+
 	"github.com/aquasecurity/tracee/pkg/capabilities"
 	tracee "github.com/aquasecurity/tracee/pkg/ebpf"
 	"github.com/syndtr/gocapability/capability"
@@ -54,10 +55,10 @@ func generateTraceeEbpfRequiredCapabilities(OSInfo IKernelVersionInfo, cfg *trac
 
 func getCapabilitiesRequiredByTraceeEvents(cfg *tracee.Config) []capability.Cap {
 	usedEvents := cfg.Filter.EventsToTrace
-	for eventID := range tracee.CreateEssentialEventsList(cfg) {
+	for eventID := range tracee.GetEssentialEventsList(cfg) {
 		usedEvents = append(usedEvents, eventID)
 	}
-	for eventID := range tracee.GetCaptureEventsConfig(cfg) {
+	for eventID := range tracee.GetCaptureEventsList(cfg) {
 		usedEvents = append(usedEvents, eventID)
 	}
 	caps := tracee.GetCapabilitiesRequiredByEvents(usedEvents)