Skip to content

v0.7.0
Compare
Choose a tag to compare
@github-actions github-actions released this 16 Oct 00:25
· 32 commits to main since this release
v0.7.0
This tag was signed with the committer’s verified signature.
kxxt Levi Zim
GPG key ID: 6F3B98D42FC6C9D8
Learn about vigilant mode.
d185450

New Features

  • The experimental eBPF backend is updated to also monitor 32bit exec on x64 systems.
    • I plan to support tracing 32bit exec in ptrace backend as well in 0.8.0 release.
  • Previously, all experimental features are only labeled in the help text of CLI.
    Now the experimental features are also labeled in TUI:

experimental features

Deprecation

The support for kernel version < 5.3 is deprecated and will be removed in the future.
It is likely that it will happen in the upcoming 0.8.0 release.

Breaking Changes

Building tracexec with seccomp-bpf feature now requires libseccomp dependency.
By default, we dynamically link to libseccomp. In order to statically link to libseccomp,
please set LIBSECCOMP_LINK_TYPE to static and set LIBSECCOMP_LIB_PATH to the path of
the directory containing libseccomp.a.

Fixes

  • ptracer: use SIGSTOP as sentinel signal.
  • eBPF: __TARGET_ARCH_xx define gets fixed for arm64 and riscv64(in libbpf-rs: libbpf/libbpf-rs#958 and libbpf/libbpf-rs#959).
  • Switch seccomp-bpf dependency crate from seccompiler to libseccomp.
    • This unblocks 32bit exec tracing for ptrace backend that I plan to implement in 0.8.0.
    • And seccomp-bpf feature can now be enabled on riscv64.

Internal Changes

  • Bump dependencies
  • Make clippy more annoying
  • eBPF: convert from syscall tracepoint to fentry/fexit
  • eBPF: minor refactors
Assets 8
Loading