From efcfce4d7d845fda4861759dcb78d73e3a90140e Mon Sep 17 00:00:00 2001
From: William Cohen <wcohen@redhat.com>
Date: Tue, 9 Jun 2020 09:29:46 -0400
Subject: [PATCH] Add probes to container_check.stp for additional capabilities
 checks

Probe points were added for ns_capable_noaudit, ns_capable_setid,
and file_ns_capable functions.  Before adding these probes some
capability checks were missed by the container_check.stp script.
This was observed running the script on DPDK testpmd.
---
 .../profiling/container_check.stp             | 22 ++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/testsuite/systemtap.examples/profiling/container_check.stp b/testsuite/systemtap.examples/profiling/container_check.stp
index 2ef43ebcc..217c2df90 100755
--- a/testsuite/systemtap.examples/profiling/container_check.stp
+++ b/testsuite/systemtap.examples/profiling/container_check.stp
@@ -134,13 +134,33 @@ probe ns_capable = kprobe.function("ns_capable")
   cap = 1 << int_arg(2)
 }
 
+#bool ns_capable_noaudit(struct user_namespace *ns, int cap)
+probe ns_capable_noaudit = kprobe.function("ns_capable_noaudit")
+{
+  cap = 1 << int_arg(2)
+}
+
+#bool ns_capable_setid(struct user_namespace *ns, int cap)
+probe ns_capable_setid = kprobe.function("ns_capable_setid")
+{
+  cap = 1 << int_arg(2)
+}
+
 # bool capable(int cap)
 probe capable = kprobe.function("capable")
 {
   cap = 1 << int_arg(1)
 }
 
-probe ns_capable !, capable
+#bool file_ns_capable(const struct file *file, struct user_namespace *ns,
+#		     int cap)
+probe file_ns_capable = kprobe.function("file_ns_capable")
+{
+  cap = 1 << int_arg(3)
+}
+
+probe ns_capable?, ns_capable_noaudit?, ns_capable_setid?,
+      capable?, file_ns_capable?
 {
   if ((cap & badcaps) && child_of_target(task_current()))
     cap_use[tid()] |= cap
-- 
2.43.5