File tree Expand file tree Collapse file tree 1 file changed +7
-11
lines changed Expand file tree Collapse file tree 1 file changed +7
-11
lines changed Original file line number Diff line number Diff line change 1
- # exectrace [ ![ Go Reference] ( https://pkg.go.dev/badge/cdr.dev/execsnoop .svg )] ( https://pkg.go.dev/cdr.dev/execsnoop )
1
+ # exectrace [ ![ Go Reference] ( https://pkg.go.dev/badge/cdr.dev/exectrace .svg )] ( https://pkg.go.dev/cdr.dev/exectrace )
2
2
3
3
Simple [ eBPF] ( https://ebpf.io/ ) -based exec snooping on Linux, packaged as a Go
4
4
library.
5
5
6
- exectrace compiles an [ eBPF program] ( ./bpf/handler.c ) with the specified ` clang `
7
- compiler on demand (which is very quick), then loads the program into the kernel
8
- to receive details about the ` exec ` family of syscalls.
6
+ exectrace loads a precompiled [ eBPF program] ( ./bpf/handler.c ) into the running
7
+ kernel to receive details about the ` exec ` family of syscalls.
9
8
10
9
## Installation
11
10
@@ -18,14 +17,11 @@ $ go get -u cdr.dev/exectrace
18
17
19
18
## Quick Start
20
19
21
- Things you'll need to get started:
20
+ You will need root access, ` CAP_SYS_ADMIN ` or ` CAP_BPF ` to run eBPF programs on
21
+ your system.
22
22
23
- - Root access, ` CAP_SYS_ADMIN ` or ` CAP_BPF ` .
24
- - tip: you can use ` go run -exec sudo ./cmd/program ` to compile a program and
25
- start it with ` sudo `
26
- - A ` clang ` compiler. The eBPF program is compiled on demand.
27
- - You'll also need to know the executable name of your compiler (e.g.
28
- ` clang-13 ` ) or the absolute path to it.
23
+ > tip: you can use ` go run -exec sudo ./cmd/program ` to compile a program and
24
+ > start it with ` sudo `
29
25
30
26
```
31
27
$ go install -u cdr.dev/exectrace/cmd/exectrace
You can’t perform that action at this time.
0 commit comments