From 15ad016b3545a84d6b0e20649d863cf9f7722574 Mon Sep 17 00:00:00 2001
From: jxy_git <jiangxinyu@kylinos.cn>
Date: Wed, 21 Jun 2023 15:14:17 +0800
Subject: [PATCH] BPF program for file monitoring

---
 observation/src/filesnoop/filesnoop.bpf.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 observation/src/filesnoop/filesnoop.bpf.c

diff --git a/observation/src/filesnoop/filesnoop.bpf.c b/observation/src/filesnoop/filesnoop.bpf.c
new file mode 100644
index 00000000..2a60e1fc
--- /dev/null
+++ b/observation/src/filesnoop/filesnoop.bpf.c
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause)
+// Copyright @ 2023 - Kylin
+// Author: Jackie Liu <liuyun01@kylinos.cn>
+
+#include "vmlinux.h"
+#include <bpf/bpf_core_read.h>
+#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_helpers.h>
+#include "filesnoop.h"
+#include "compat.bpf.h"
+#include "maps.bpf.h"
+
+const volatile __u64 target_filename_sz = 0;
+const volatile bool filter_filename = false;
+const volatile int target_op = F_ALL;
+
+#define MAX_ENTRIES	1024
+
+char target_filename[FSFILENAME_MAX] = {};
-- 
Gitee