From ea32e017e579f168d87732893335c38d539ac2f1 Mon Sep 17 00:00:00 2001
From: We-unite <3205135446@qq.com>
Date: Wed, 7 Aug 2024 19:08:59 +0800
Subject: Print err in stderr, Find out docker rootfs.

When I use godo, error infomation comes along with other output, so
change all err report into stderr. And I listen to `pivot_root` sys-
call to find out the root file system of dockers. However, I'm afraid
of causing too more delay, so don't check rootfs of ppid and record
in the pid. Besides, the method to deal with pivot_root is hardcoded,
which may causes crush.

Shall I listen to the chdir syscall to find out exact cwd? Maybe It's
useful to the pivot_root?

Next step: Find out appropriate data stracture, and add more file
operations to be watched. This task must be completed this week.
---
 src/global.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/global.go')

diff --git a/src/global.go b/src/global.go
index b6635c9..349ba6c 100644
--- a/src/global.go
+++ b/src/global.go
@@ -14,11 +14,12 @@ const (
 	FILEOPEN
 	FILECLOSE
 	FILEWRITE
+	PIVOTROOT
 	TYPENUM
 )
 
 func (et eventType) String() string {
-	names := []string{"NEWPID", "PIDEXIT", "EXECVE", "FILEOPEN", "FILECLOSE", "FILEWRITE", "TYPENUM"}
+	names := []string{"NEWPID", "PIDEXIT", "EXECVE", "FILEOPEN", "FILECLOSE", "FILEWRITE", "PIVOTROOT", "TYPENUM"}
 	if et < NEWPID || et > TYPENUM {
 		return "Unknown"
 	}
@@ -32,12 +33,13 @@ type Event struct {
 	ppid, parentTgid int
 	syscall          int
 	syscallParam     [4]uint64
-	pathName         string
 	argc             int
 	argv             []string
 	cwd              string
 	exit_code        uint64
 	exit_signal      int
+	srcPath          string
+	destPath         string
 }
 
 var wg sync.WaitGroup        // 掌管协程
-- 
cgit v1.2.3-70-g09d2