Add support for Process category syscalls #117
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds support for 5 process-related syscalls that manage process identity and comparison: kcmp (compare kernel resources between processes), getgroups/setgroups (manage supplementary group IDs), and getresuid/getresgid (retrieve real, effective, and saved user/group IDs). The implementation follows the established consolidated handler pattern used throughout the codebase.
Key changes:
- Added
format_kcmp_type()helper with 8 KCMP type constants for kernel resource comparison - Implemented specialized return value formatting for each syscall (equal/less than/greater than/not equal for kcmp, group count for getgroups, success/error for others)
- Added comprehensive test coverage including 5 unit tests and 1 integration test, with all 535 tests passing
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| pinchy-common/src/lib.rs | Added 5 data structures (KcmpData, GetgroupsData, SetgroupsData, GetresuidData, GetresgidData) to support the new syscalls, following existing patterns with proper #[repr(C)] and Default implementations |
| pinchy-ebpf/src/process.rs | Implemented eBPF handlers for all 5 syscalls in the consolidated process handler, with proper bounds checking and safe memory operations for reading group arrays and UID/GID values |
| pinchy/src/format_helpers.rs | Added format_kcmp_type() helper with 8 KCMP constants and extended format_return_value() to handle specialized return values for all new syscalls |
| pinchy/src/events.rs | Implemented event parsing for all 5 syscalls, including proper array formatting with truncation support for group lists |
| pinchy/src/server.rs | Registered all 5 syscalls in the PROCESS_SYSCALLS array for proper eBPF program loading |
| pinchy/src/tests/process.rs | Added 5 unit tests covering different scenarios (kcmp equality, getgroups with multiple groups, setgroups, getresuid, getresgid) |
| pinchy/tests/integration.rs | Added process_identity_test integration test with regex pattern matching for group lists |
| pinchy/src/bin/test-helper.rs | Implemented process_identity_test() helper function that exercises all 4 new identity-related syscalls in sequence |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
This adds support for 5 Process-related syscalls: - kcmp: compare kernel resources between processes - getgroups/setgroups: manage supplementary group IDs - getresuid/getresgid: get real, effective, and saved UIDs/GIDs Added format_kcmp_type() helper with 8 KCMP type constants. Specialized return value formatting: - kcmp: shows comparison result (equal, less than, greater than, not equal) - getgroups: shows count of groups returned - setgroups, getresuid, getresgid: show success/error Added 5 pretty printing tests in pinchy/src/tests/process.rs. All 535 tests passing. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds support for 5 Process-related syscalls:
Added format_kcmp_type() helper with 8 KCMP type constants. Specialized return value formatting:
Added 5 pretty printing tests in pinchy/src/tests/process.rs. All 535 tests passing.
🤖 Generated with Claude Code