Skip to content

ROX-30257: implement permission change tracking #157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Molter73 wants to merge 4 commits into
base: mauro/ROX-32059/bpf-loop-d-path
Choose a base branch
from
Open

ROX-30257: implement permission change tracking #157

Molter73 wants to merge 4 commits into from

Conversation

@Molter73
Copy link
Collaborator

@Molter73 Molter73 commented Nov 18, 2025
edited
Loading

Description

This is done via the path_chmod LSM hook, extending the existing event structure to allow for additional, event type specific information to be sent to userspace.

Changes in userspace are relatively straightforward, the received event is translated into a new ChmodFileData type that wraps the more generic BaseFileData and adds fields specific for permission changes. From traits are implemented for translation between this type and the gRPC protobuf messages.

Checklist

  • Investigated and inspected CI test results
  • Updated documentation accordingly

Automated testing

  • Added unit tests
  • Added integration tests
  • Added regression tests

If any of these don't apply, please comment below.

Testing Performed

The existing bpf unit test has been extended with a permission change event in order to exercise the new bpf program.

Integration tests have been added for the new permission change events.

@Molter73 Molter73 force-pushed the mauro/ROX-30257/track-mode-change branch 6 times, most recently from e07d856 to b96120b Compare December 19, 2025 11:25
@Molter73 Molter73 changed the base branch from main to mauro/ROX-32059/bpf-loop-d-path December 19, 2025 11:25
@Molter73
ROX-30257: implement permission change tracking
2557b22 
This is done via the path_chmod LSM hook.

WIP: the old mode is not quite working yet.
@Molter73
test(bpf): add chmod operation to bpf unit test
1746a5f 
This allows us to exercise the trace_path_chmod bpf program on unit
tests.
@Molter73 Molter73 force-pushed the mauro/ROX-30257/track-mode-change branch from b96120b to 1746a5f Compare December 19, 2025 13:43
@Molter73 Molter73 changed the title [WIP] ROX-30257: implement permission change tracking ROX-30257: implement permission change tracking Dec 19, 2025
@Molter73 Molter73 marked this pull request as ready for review December 19, 2025 15:43
@Molter73 Molter73 force-pushed the mauro/ROX-30257/track-mode-change branch from d0e3b69 to c2486b0 Compare December 19, 2025 16:03
ovalenti
ovalenti approved these changes Dec 22, 2025
View reviewed changes
Copy link
Contributor

@ovalenti ovalenti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems all good to me !

tests/test_path_chmod.py Outdated

e = Event(process=process, event_type=EventType.PERMISSION,
file=test_file, host_path=test_file, mode=mode)
print(f'Waiting foor event: {e}')
Copy link
Contributor

@ovalenti ovalenti Dec 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small typo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ovalenti ovalenti ovalenti approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Molter73 @ovalenti