File tree Expand file tree Collapse file tree 1 file changed +7
-11
lines changed Expand file tree Collapse file tree 1 file changed +7
-11
lines changed Original file line number Diff line number Diff line change 1- # exectrace [ ![ Go Reference] ( https://pkg.go.dev/badge/cdr.dev/execsnoop .svg )] ( https://pkg.go.dev/cdr.dev/execsnoop )
1+ # exectrace [ ![ Go Reference] ( https://pkg.go.dev/badge/cdr.dev/exectrace .svg )] ( https://pkg.go.dev/cdr.dev/exectrace )
22
33Simple [ eBPF] ( https://ebpf.io/ ) -based exec snooping on Linux, packaged as a Go
44library.
55
6- exectrace compiles an [ eBPF program] ( ./bpf/handler.c ) with the specified ` clang `
7- compiler on demand (which is very quick), then loads the program into the kernel
8- to receive details about the ` exec ` family of syscalls.
6+ exectrace loads a precompiled [ eBPF program] ( ./bpf/handler.c ) into the running
7+ kernel to receive details about the ` exec ` family of syscalls.
98
109## Installation
1110
@@ -18,14 +17,11 @@ $ go get -u cdr.dev/exectrace
1817
1918## Quick Start
2019
21- Things you'll need to get started:
20+ You will need root access, ` CAP_SYS_ADMIN ` or ` CAP_BPF ` to run eBPF programs on
21+ your system.
2222
23- - Root access, ` CAP_SYS_ADMIN ` or ` CAP_BPF ` .
24- - tip: you can use ` go run -exec sudo ./cmd/program ` to compile a program and
25- start it with ` sudo `
26- - A ` clang ` compiler. The eBPF program is compiled on demand.
27- - You'll also need to know the executable name of your compiler (e.g.
28- ` clang-13 ` ) or the absolute path to it.
23+ > tip: you can use ` go run -exec sudo ./cmd/program ` to compile a program and
24+ > start it with ` sudo `
2925
3026```
3127$ go install -u cdr.dev/exectrace/cmd/exectrace
You can’t perform that action at this time.
0 commit comments