ROX-30258: Track file ownership changes #156
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ovalenti
force-pushed
the
ovalenti/ROX-30258-ownership-tracking
branch
from
e94e169 to
f0c48bd
Compare
Molter73
reviewed
Nov 18, 2025
ovalenti
force-pushed
the
ovalenti/ROX-30258-ownership-tracking
branch
2 times, most recently
from
39cf241 to
f15de82
Compare
ovalenti
changed the base branch from
main
to
mauro/ROX-30257/track-mode-change
Molter73
force-pushed
the
mauro/ROX-30257/track-mode-change
branch
from
f1e642b to
aa0399a
Compare
ovalenti
force-pushed
the
ovalenti/ROX-30258-ownership-tracking
branch
2 times, most recently
from
003e113 to
bbabdca
Compare
Molter73
force-pushed
the
mauro/ROX-30257/track-mode-change
branch
3 times, most recently
from
3a8ef28 to
b948cef
Compare
6 tasks
Molter73
force-pushed
the
mauro/ROX-30257/track-mode-change
branch
3 times, most recently
from
b96120b to
1746a5f
Compare
ovalenti
force-pushed
the
ovalenti/ROX-30258-ownership-tracking
branch
from
223faed to
9af8d73
Compare
Molter73
force-pushed
the
mauro/ROX-30257/track-mode-change
branch
3 times, most recently
from
aeee08e to
ff2f6db
Compare
missing user/group mapping to string representation
ovalenti
force-pushed
the
ovalenti/ROX-30258-ownership-tracking
branch
from
a362c36 to
57a6cb3
Compare
ovalenti
force-pushed
the
ovalenti/ROX-30258-ownership-tracking
branch
from
57a6cb3 to
16cc780
Compare
Molter73
reviewed
Jan 15, 2026
Collaborator
Molter73
left a comment
Molter73
left a comment
There was a problem hiding this comment.
Just a few comments but nothing major really. Feel free to ignore the ones marked with [nit].
| } | ||
|
|
||
| SEC("lsm/path_chown") | ||
| int BPF_PROG(trace_path_chown, struct path* path, unsigned long long uid, unsigned long long gid) { |
Collaborator
There was a problem hiding this comment.
[nit] It'd be nice to have a small comment here explaining why uid and gid are unsigned long long instead of kuid_t and kgid_t, in case someone comes in without the context in the future and attempts to change it.
Contributor
Author
There was a problem hiding this comment.
I added a comment in b381565 . I hope it makes sense.
Collaborator
There was a problem hiding this comment.
It's fine, maybe we can mention the verifier does not allow struct types as arguments, so we do this instead.
Co-authored-by: Mauro Ezequiel Moltrasio <mmoltras@redhat.com>
... to submit_ownership_event()
Co-authored-by: Mauro Ezequiel Moltrasio <mmoltras@redhat.com>
Co-authored-by: Mauro Ezequiel Moltrasio <mmoltras@redhat.com>
Co-authored-by: Mauro Ezequiel Moltrasio <mmoltras@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Listen for chown LSM events.
Known limitations:
Checklist
Automated testing