From 9b4c9a655cca7cba1de781260dbf2a57b019cc8c Mon Sep 17 00:00:00 2001
From: Shengyi Mao <msy@delta-s.cn>
Date: Wed, 16 Jul 2025 00:56:22 +0000
Subject: [PATCH] add file_truncate bpf

---
 pkg/audit/fileaccess/manager.go | 1 +
 pkg/bpf/c/restricted-file.bpf.c | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/pkg/audit/fileaccess/manager.go b/pkg/audit/fileaccess/manager.go
index cab7827..5d3d917 100644
--- a/pkg/audit/fileaccess/manager.go
+++ b/pkg/audit/fileaccess/manager.go
@@ -53,6 +53,7 @@ func (m *Manager) Close() {
 func (m *Manager) Attach() error {
 	for _, prog_name := range []string{"restricted_file_open",
 		"restricted_path_unlink",
+		"restricted_file_truncate",
 		"restricted_path_rmdir",
 		"restricted_path_rename",
 		"restricted_file_receive"} { //, "restricted_mmap_file", "restricted_file_ioctl"} {
diff --git a/pkg/bpf/c/restricted-file.bpf.c b/pkg/bpf/c/restricted-file.bpf.c
index b14787e..f4fba81 100644
--- a/pkg/bpf/c/restricted-file.bpf.c
+++ b/pkg/bpf/c/restricted-file.bpf.c
@@ -180,6 +180,12 @@ int BPF_PROG(restricted_file_open, struct file *file)
 	PROG_CODE
 }
 
+SEC("lsm/file_truncate")
+int BPF_PROG(restricted_file_truncate, struct file *file)
+{
+	PROG_CODE
+}
+
 SEC("lsm/path_unlink")
 int BPF_PROG(restricted_path_unlink, const struct path *dir, struct dentry *dentry)
 {
-- 
Gitee