Loading nixos/tests/tracee.nix +10 −10 Original line number Diff line number Diff line Loading @@ -11,19 +11,19 @@ import ./make-test-python.nix ({ pkgs, ... }: { # build the go integration tests as a binary (pkgs.tracee.overrideAttrs (oa: { pname = oa.pname + "-integration"; patches = oa.patches or [] ++ [ # change the prefix from /usr/bin to /run to find nix processes ../../pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch ]; postPatch = oa.postPatch or "" + '' # prepare tester.sh patchShebangs tests/integration/tester.sh # fix the test to look at nixos paths for running programs substituteInPlace tests/integration/integration_test.go \ --replace "/usr/bin" "/run" ''; nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ pkgs.makeWrapper ]; buildPhase = '' runHook preBuild # just build the static lib we need for the go test binary make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES} bpf-core ./dist/btfhub # remove the /usr/bin prefix to work with the patch above substituteInPlace tests/integration/integration_test.go \ --replace "/usr/bin/ls" "ls" # then compile the tests to be ran later CGO_LDFLAGS="$(pkg-config --libs libbpf)" go test -tags core,ebpf,integration -p 1 -c -o $GOPATH/tracee-integration ./tests/integration/... runHook postBuild Loading @@ -31,7 +31,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { doCheck = false; installPhase = '' mkdir -p $out/bin cp $GOPATH/tracee-integration $out/bin mv $GOPATH/tracee-integration $out/bin/ ''; doInstallCheck = false; })) Loading @@ -44,6 +44,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { # EventFilters/trace_only_events_from_new_containers also requires a container called "alpine" machine.succeed('tar cv -C ${pkgs.pkgsStatic.busybox} . | podman import - alpine --change ENTRYPOINT=sleep') print(machine.succeed('TRC_BIN="${pkgs.tracee}" tracee-integration -test.v')) print(machine.succeed('tracee-integration -test.v')) ''; }) pkgs/tools/security/tracee/default.nix +12 −8 Original line number Diff line number Diff line Loading @@ -19,15 +19,15 @@ let in buildGoModule rec { pname = "tracee"; version = "0.9.2"; version = "0.10.0"; src = fetchFromGitHub { owner = "aquasecurity"; repo = pname; rev = "v${version}"; sha256 = "sha256-w/x7KhopkADKvpDc5TE5Kf34pRY6HP3kX1Lqujnl0b8="; sha256 = "sha256-TSzvuPE4to6aN52fmcwC6mVBOWUFQSyWHDgNs8emPq4="; }; vendorSha256 = "sha256-5RXNRNoMydFcemNGgyfqcUPtfMVgMYdiyWo/sZi8GQw="; vendorSha256 = "sha256-HGJ7Gtug+nSg+mAQH4jcNkeikWQW10cgAIoAqeAf9r4="; patches = [ ./use-our-libbpf.patch Loading Loading @@ -64,11 +64,10 @@ buildGoModule rec { mkdir -p $out/{bin,share/tracee} cp ./dist/tracee-ebpf $out/bin cp ./dist/tracee-rules $out/bin mv ./dist/tracee-{ebpf,rules} $out/bin/ cp -r ./dist/rules $out/share/tracee/ cp -r ./cmd/tracee-rules/templates $out/share/tracee/ mv ./dist/rules $out/share/tracee/ mv ./cmd/tracee-rules/templates $out/share/tracee/ runHook postInstall ''; Loading Loading @@ -105,7 +104,12 @@ buildGoModule rec { is delivered as a Docker image that monitors the OS and detects suspicious behavior based on a pre-defined set of behavioral patterns. ''; license = licenses.asl20; license = with licenses; [ # general license asl20 # pkg/ebpf/c/* gpl2Plus ]; maintainers = with maintainers; [ jk ]; platforms = [ "x86_64-linux" ]; }; Loading pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patchdeleted 100644 → 0 +0 −15 Original line number Diff line number Diff line diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go index afbc5330..13745c70 100644 --- a/tests/integration/integration_test.go +++ b/tests/integration/integration_test.go @@ -246,8 +246,8 @@ func Test_EventFilters(t *testing.T) { eventFunc: checkExecve, }, { - name: "trace only execve events that starts with /usr/bin", - filterArgs: []string{"event=execve", "execve.pathname=/usr/bin*"}, + name: "trace only execve events that starts with /run", + filterArgs: []string{"event=execve", "execve.pathname=/run*"}, eventFunc: checkExecve, }, { Loading
nixos/tests/tracee.nix +10 −10 Original line number Diff line number Diff line Loading @@ -11,19 +11,19 @@ import ./make-test-python.nix ({ pkgs, ... }: { # build the go integration tests as a binary (pkgs.tracee.overrideAttrs (oa: { pname = oa.pname + "-integration"; patches = oa.patches or [] ++ [ # change the prefix from /usr/bin to /run to find nix processes ../../pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch ]; postPatch = oa.postPatch or "" + '' # prepare tester.sh patchShebangs tests/integration/tester.sh # fix the test to look at nixos paths for running programs substituteInPlace tests/integration/integration_test.go \ --replace "/usr/bin" "/run" ''; nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ pkgs.makeWrapper ]; buildPhase = '' runHook preBuild # just build the static lib we need for the go test binary make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES} bpf-core ./dist/btfhub # remove the /usr/bin prefix to work with the patch above substituteInPlace tests/integration/integration_test.go \ --replace "/usr/bin/ls" "ls" # then compile the tests to be ran later CGO_LDFLAGS="$(pkg-config --libs libbpf)" go test -tags core,ebpf,integration -p 1 -c -o $GOPATH/tracee-integration ./tests/integration/... runHook postBuild Loading @@ -31,7 +31,7 @@ import ./make-test-python.nix ({ pkgs, ... }: { doCheck = false; installPhase = '' mkdir -p $out/bin cp $GOPATH/tracee-integration $out/bin mv $GOPATH/tracee-integration $out/bin/ ''; doInstallCheck = false; })) Loading @@ -44,6 +44,6 @@ import ./make-test-python.nix ({ pkgs, ... }: { # EventFilters/trace_only_events_from_new_containers also requires a container called "alpine" machine.succeed('tar cv -C ${pkgs.pkgsStatic.busybox} . | podman import - alpine --change ENTRYPOINT=sleep') print(machine.succeed('TRC_BIN="${pkgs.tracee}" tracee-integration -test.v')) print(machine.succeed('tracee-integration -test.v')) ''; })
pkgs/tools/security/tracee/default.nix +12 −8 Original line number Diff line number Diff line Loading @@ -19,15 +19,15 @@ let in buildGoModule rec { pname = "tracee"; version = "0.9.2"; version = "0.10.0"; src = fetchFromGitHub { owner = "aquasecurity"; repo = pname; rev = "v${version}"; sha256 = "sha256-w/x7KhopkADKvpDc5TE5Kf34pRY6HP3kX1Lqujnl0b8="; sha256 = "sha256-TSzvuPE4to6aN52fmcwC6mVBOWUFQSyWHDgNs8emPq4="; }; vendorSha256 = "sha256-5RXNRNoMydFcemNGgyfqcUPtfMVgMYdiyWo/sZi8GQw="; vendorSha256 = "sha256-HGJ7Gtug+nSg+mAQH4jcNkeikWQW10cgAIoAqeAf9r4="; patches = [ ./use-our-libbpf.patch Loading Loading @@ -64,11 +64,10 @@ buildGoModule rec { mkdir -p $out/{bin,share/tracee} cp ./dist/tracee-ebpf $out/bin cp ./dist/tracee-rules $out/bin mv ./dist/tracee-{ebpf,rules} $out/bin/ cp -r ./dist/rules $out/share/tracee/ cp -r ./cmd/tracee-rules/templates $out/share/tracee/ mv ./dist/rules $out/share/tracee/ mv ./cmd/tracee-rules/templates $out/share/tracee/ runHook postInstall ''; Loading Loading @@ -105,7 +104,12 @@ buildGoModule rec { is delivered as a Docker image that monitors the OS and detects suspicious behavior based on a pre-defined set of behavioral patterns. ''; license = licenses.asl20; license = with licenses; [ # general license asl20 # pkg/ebpf/c/* gpl2Plus ]; maintainers = with maintainers; [ jk ]; platforms = [ "x86_64-linux" ]; }; Loading
pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patchdeleted 100644 → 0 +0 −15 Original line number Diff line number Diff line diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go index afbc5330..13745c70 100644 --- a/tests/integration/integration_test.go +++ b/tests/integration/integration_test.go @@ -246,8 +246,8 @@ func Test_EventFilters(t *testing.T) { eventFunc: checkExecve, }, { - name: "trace only execve events that starts with /usr/bin", - filterArgs: []string{"event=execve", "execve.pathname=/usr/bin*"}, + name: "trace only execve events that starts with /run", + filterArgs: []string{"event=execve", "execve.pathname=/run*"}, eventFunc: checkExecve, }, {
