Skip to content

Commit ca427b8

Browse files
committed
Update README.md
1 parent 2cfcb43 commit ca427b8

File tree

1 file changed

+7
-11
lines changed

1 file changed

+7
-11
lines changed

README.md

Lines changed: 7 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,10 @@
1-
# exectrace [![Go Reference](https://pkg.go.dev/badge/cdr.dev/execsnoop.svg)](https://pkg.go.dev/cdr.dev/execsnoop)
1+
# exectrace [![Go Reference](https://pkg.go.dev/badge/cdr.dev/exectrace.svg)](https://pkg.go.dev/cdr.dev/exectrace)
22

33
Simple [eBPF](https://ebpf.io/)-based exec snooping on Linux, packaged as a Go
44
library.
55

6-
exectrace compiles an [eBPF program](./bpf/handler.c) with the specified `clang`
7-
compiler on demand (which is very quick), then loads the program into the kernel
8-
to receive details about the `exec` family of syscalls.
6+
exectrace loads a precompiled [eBPF program](./bpf/handler.c) into the running
7+
kernel to receive details about the `exec` family of syscalls.
98

109
## Installation
1110

@@ -18,14 +17,11 @@ $ go get -u cdr.dev/exectrace
1817

1918
## Quick Start
2019

21-
Things you'll need to get started:
20+
You will need root access, `CAP_SYS_ADMIN` or `CAP_BPF` to run eBPF programs on
21+
your system.
2222

23-
- Root access, `CAP_SYS_ADMIN` or `CAP_BPF`.
24-
- tip: you can use `go run -exec sudo ./cmd/program` to compile a program and
25-
start it with `sudo`
26-
- A `clang` compiler. The eBPF program is compiled on demand.
27-
- You'll also need to know the executable name of your compiler (e.g.
28-
`clang-13`) or the absolute path to it.
23+
> tip: you can use `go run -exec sudo ./cmd/program` to compile a program and
24+
> start it with `sudo`
2925
3026
```
3127
$ go install -u cdr.dev/exectrace/cmd/exectrace

0 commit comments

Comments
 (0)