Last active
May 4, 2023 21:50
-
-
Save Billy99/11d7a20ed9e15bacda55c03cac1fb54d to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BROKEN first, then WORKS after | |
| ------------- | |
| BROKEN | |
| ------------- | |
| # From main:latest | |
| $ sudo /usr/share/bcc/tools/capable | |
| TIME UID PID COMM CAP NAME AUDIT | |
| 17:15:47 1000 196568 bash 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 1000 196568 bash 1 CAP_DAC_OVERRIDE 1 | |
| 17:15:47 1000 196568 sudo 24 CAP_SYS_RESOURCE 1 | |
| 17:15:47 1000 196568 sudo 7 CAP_SETUID 1 | |
| 17:15:47 0 196568 sudo 6 CAP_SETGID 1 | |
| 17:15:47 0 196568 sudo 7 CAP_SETUID 1 | |
| 17:15:47 0 196568 sudo 7 CAP_SETUID 1 | |
| 17:15:47 0 196568 sudo 6 CAP_SETGID 1 | |
| 17:15:47 0 196568 sudo 7 CAP_SETUID 1 | |
| 17:15:47 0 196568 sudo 6 CAP_SETGID 1 | |
| 17:15:47 0 196568 sudo 7 CAP_SETUID 1 | |
| 17:15:47 1000 196568 sudo 6 CAP_SETGID 1 | |
| 17:15:47 1000 196568 sudo 6 CAP_SETGID 1 | |
| 17:15:47 1000 196568 sudo 6 CAP_SETGID 1 | |
| 17:15:47 1000 196568 sudo 6 CAP_SETGID 1 | |
| 17:15:47 1000 196568 sudo 7 CAP_SETUID 1 | |
| 17:15:47 1000 196568 sudo 6 CAP_SETGID 1 | |
| 17:15:47 1000 196568 sudo 6 CAP_SETGID 1 | |
| 17:15:47 1000 196568 sudo 6 CAP_SETGID 1 | |
| 17:15:47 1000 196568 sudo 6 CAP_SETGID 1 | |
| 17:15:47 1000 196568 sudo 7 CAP_SETUID 1 | |
| 17:15:47 1000 196568 sudo 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 1000 196568 sudo 29 CAP_AUDIT_WRITE 1 | |
| 17:15:47 1000 196568 sudo 29 CAP_AUDIT_WRITE 1 | |
| 17:15:47 1000 196568 sudo 24 CAP_SYS_RESOURCE 1 | |
| 17:15:47 1000 196568 sudo 6 CAP_SETGID 1 | |
| 17:15:47 1000 196568 sudo 6 CAP_SETGID 1 | |
| 17:15:47 0 682 systemd-journal 5 CAP_KILL 1 | |
| 17:15:47 0 682 systemd-journal 5 CAP_KILL 1 | |
| 17:15:47 0 682 systemd-journal 5 CAP_KILL 1 | |
| 17:15:47 0 682 systemd-journal 5 CAP_KILL 1 | |
| 17:15:47 1000 196568 sudo 29 CAP_AUDIT_WRITE 1 | |
| 17:15:47 0 196568 sudo 7 CAP_SETUID 1 | |
| 17:15:47 0 682 systemd-journal 5 CAP_KILL 1 | |
| 17:15:47 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:15:47 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:15:47 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:15:47 0 196568 sudo 7 CAP_SETUID 1 | |
| 17:15:47 0 196153 systemd-userwor 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 1000 196568 sudo 12 CAP_NET_ADMIN 1 | |
| 17:15:47 1000 196568 sudo 12 CAP_NET_ADMIN 1 | |
| 17:15:47 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:15:47 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:15:47 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:15:47 1000 196568 sudo 29 CAP_AUDIT_WRITE 1 | |
| 17:15:47 1000 196569 sudo 24 CAP_SYS_RESOURCE 1 | |
| 17:15:47 1000 196569 sudo 7 CAP_SETUID 1 | |
| 17:15:47 0 196569 go-xdp-counter 39 CAP_BPF 1 | |
| 17:15:47 0 196569 go-xdp-counter 39 CAP_BPF 1 | |
| 17:15:47 0 196569 go-xdp-counter 39 CAP_BPF 1 | |
| 17:15:47 0 196569 go-xdp-counter 39 CAP_BPF 1 | |
| 17:15:47 0 196569 go-xdp-counter 39 CAP_BPF 1 | |
| 17:15:47 0 196569 go-xdp-counter 39 CAP_BPF 1 | |
| 17:15:47 0 196569 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 0 196580 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 0 196580 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 0 196580 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 0 196580 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 0 196580 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 0 196580 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 0 196580 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 0 196580 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 0 196580 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 0 196580 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:15:47 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:15:47 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:15:47 979 196582 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:15:47 979 196582 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:15:47 979 196582 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:15:47 979 196582 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:15:47 979 196582 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:15:47 979 196582 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:15:47 979 196582 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:15:47 979 196582 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:15:47 979 196582 tokio-runtime-w 2 CAP_DAC_READ_SEARCH 1 <--- DAC Request on thread with no CAPS | |
| 17:15:47 979 196582 tokio-runtime-w 1 CAP_DAC_OVERRIDE 1 Assume this is the open | |
| 17:15:47 1000 196568 sudo 29 CAP_AUDIT_WRITE 1 | |
| 17:15:47 1000 196568 sudo 29 CAP_AUDIT_WRITE 1 | |
| 17:15:47 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| $ ps -ef | grep bpfd | |
| root 104058 104030 0 07:46 pts/2 00:00:00 sudo journalctl -f -u bpfd | |
| root 104059 104058 0 07:46 pts/2 00:00:01 journalctl -f -u bpfd | |
| bpfd 190576 1 0 15:42 ? 00:00:01 /usr/sbin/bpfd | |
| bmcfall 196612 104085 0 17:16 pts/3 00:00:00 grep --color=auto bpfd | |
| $ ps -T -p 190576 | |
| PID SPID TTY TIME CMD | |
| 190576 190576 ? 00:00:00 bpfd | |
| 190576 190579 ? 00:00:00 tokio-runtime-w | |
| 190576 190580 ? 00:00:00 tokio-runtime-w | |
| 190576 190581 ? 00:00:00 tokio-runtime-w | |
| 190576 190582 ? 00:00:00 tokio-runtime-w | |
| 190576 190583 ? 00:00:00 tokio-runtime-w | |
| 190576 190584 ? 00:00:00 tokio-runtime-w | |
| 190576 190585 ? 00:00:00 tokio-runtime-w | |
| 190576 190586 ? 00:00:00 tokio-runtime-w | |
| ------------- | |
| WORKS | |
| ------------- | |
| $ git reset --hard aa386e6d141b7dcb8e10d7b12429d1d05998e2e6 | |
| $ sudo /usr/share/bcc/tools/capable | |
| TIME UID PID COMM CAP NAME AUDIT | |
| 17:25:34 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:25:35 1000 208986 bash 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 1000 208986 bash 1 CAP_DAC_OVERRIDE 1 | |
| 17:25:35 1000 208986 sudo 24 CAP_SYS_RESOURCE 1 | |
| 17:25:35 1000 208986 sudo 7 CAP_SETUID 1 | |
| 17:25:35 0 208986 sudo 6 CAP_SETGID 1 | |
| 17:25:35 0 208986 sudo 7 CAP_SETUID 1 | |
| 17:25:35 0 208986 sudo 7 CAP_SETUID 1 | |
| 17:25:35 0 208986 sudo 6 CAP_SETGID 1 | |
| 17:25:35 0 208986 sudo 7 CAP_SETUID 1 | |
| 17:25:35 0 208986 sudo 6 CAP_SETGID 1 | |
| 17:25:35 0 208986 sudo 7 CAP_SETUID 1 | |
| 17:25:35 1000 208986 sudo 6 CAP_SETGID 1 | |
| 17:25:35 1000 208986 sudo 6 CAP_SETGID 1 | |
| 17:25:35 1000 208986 sudo 6 CAP_SETGID 1 | |
| 17:25:35 1000 208986 sudo 6 CAP_SETGID 1 | |
| 17:25:35 1000 208986 sudo 7 CAP_SETUID 1 | |
| 17:25:35 1000 208986 sudo 6 CAP_SETGID 1 | |
| 17:25:35 1000 208986 sudo 6 CAP_SETGID 1 | |
| 17:25:35 1000 208986 sudo 6 CAP_SETGID 1 | |
| 17:25:35 1000 208986 sudo 6 CAP_SETGID 1 | |
| 17:25:35 1000 208986 sudo 7 CAP_SETUID 1 | |
| 17:25:35 1000 208986 sudo 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 1000 208986 sudo 29 CAP_AUDIT_WRITE 1 | |
| 17:25:35 1000 208986 sudo 29 CAP_AUDIT_WRITE 1 | |
| 17:25:35 1000 208986 sudo 24 CAP_SYS_RESOURCE 1 | |
| 17:25:35 1000 208986 sudo 6 CAP_SETGID 1 | |
| 17:25:35 1000 208986 sudo 6 CAP_SETGID 1 | |
| 17:25:35 0 682 systemd-journal 5 CAP_KILL 1 | |
| 17:25:35 0 682 systemd-journal 5 CAP_KILL 1 | |
| 17:25:35 0 682 systemd-journal 5 CAP_KILL 1 | |
| 17:25:35 0 682 systemd-journal 5 CAP_KILL 1 | |
| 17:25:35 0 682 systemd-journal 5 CAP_KILL 1 | |
| 17:25:35 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:25:35 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:25:35 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:25:35 1000 208986 sudo 29 CAP_AUDIT_WRITE 1 | |
| 17:25:35 0 208986 sudo 7 CAP_SETUID 1 | |
| 17:25:35 0 208986 sudo 7 CAP_SETUID 1 | |
| 17:25:35 0 208624 systemd-userwor 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 1000 208986 sudo 12 CAP_NET_ADMIN 1 | |
| 17:25:35 1000 208986 sudo 12 CAP_NET_ADMIN 1 | |
| 17:25:35 1000 208986 sudo 29 CAP_AUDIT_WRITE 1 | |
| 17:25:35 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:25:35 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:25:35 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:25:35 1000 208987 sudo 24 CAP_SYS_RESOURCE 1 | |
| 17:25:35 1000 208987 sudo 7 CAP_SETUID 1 | |
| 17:25:35 0 208987 go-xdp-counter 39 CAP_BPF 1 | |
| 17:25:35 0 208987 go-xdp-counter 39 CAP_BPF 1 | |
| 17:25:35 0 208987 go-xdp-counter 39 CAP_BPF 1 | |
| 17:25:35 0 208987 go-xdp-counter 39 CAP_BPF 1 | |
| 17:25:35 0 208987 go-xdp-counter 39 CAP_BPF 1 | |
| 17:25:35 0 208987 go-xdp-counter 39 CAP_BPF 1 | |
| 17:25:35 0 208987 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 0 208995 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 0 208995 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 0 208995 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 0 208995 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 0 208995 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 0 208995 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 0 208995 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 0 208995 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 0 208995 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 0 208995 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 979 208774 bpfd 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:35 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:25:35 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:35 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:35 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:35 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:35 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:35 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:35 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:35 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:35 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:35 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:35 193 818 systemd-resolve 13 CAP_NET_RAW 1 | |
| 17:25:36 193 818 systemd-resolve 13 CAP_NET_RAW 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 12 CAP_NET_ADMIN 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:36 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:36 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:36 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:36 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 2 CAP_DAC_READ_SEARCH 1 <--- DAC Request on main thread with CAPS | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 Assume this is the open | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 21 CAP_SYS_ADMIN 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 12 CAP_NET_ADMIN 1 | |
| 17:25:36 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:36 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:36 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:36 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:36 979 208774 bpfd 38 CAP_PERFMON 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 208774 bpfd 39 CAP_BPF 1 | |
| 17:25:36 979 209000 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:25:36 979 209000 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:25:36 979 209000 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:25:36 979 209000 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:25:36 979 209000 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:25:36 979 209000 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:25:36 979 209000 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:25:36 979 209000 tokio-runtime-w 8 CAP_SETPCAP 1 | |
| 17:25:36 0 208991 go-xdp-counter 39 CAP_BPF 1 | |
| 17:25:36 0 208991 go-xdp-counter 2 CAP_DAC_READ_SEARCH 1 | |
| 17:25:36 0 208991 go-xdp-counter 1 CAP_DAC_OVERRIDE 1 | |
| 17:25:36 0 208991 go-xdp-counter 39 CAP_BPF 1 | |
| 17:25:39 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:25:39 0 208993 go-xdp-counter 39 CAP_BPF 1 | |
| 17:25:41 1000 208986 sudo 29 CAP_AUDIT_WRITE 1 | |
| 17:25:41 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:25:41 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:25:41 0 682 systemd-journal 19 CAP_SYS_PTRACE 1 | |
| 17:25:41 1000 208986 sudo 29 CAP_AUDIT_WRITE 1 | |
| ^C | |
| $ ps -ef | grep bpfd | |
| root 104058 104030 0 07:46 pts/2 00:00:00 sudo journalctl -f -u bpfd | |
| root 104059 104058 0 07:46 pts/2 00:00:01 journalctl -f -u bpfd | |
| bpfd 208774 1 0 17:25 ? 00:00:01 /usr/sbin/bpfd | |
| bmcfall 209069 104085 0 17:28 pts/3 00:00:00 grep --color=auto bpfd | |
| $ ps -T -p 208774 | |
| PID SPID TTY TIME CMD | |
| 208774 208774 ? 00:00:01 bpfd | |
| 208774 208775 ? 00:00:00 tokio-runtime-w | |
| 208774 208776 ? 00:00:00 tokio-runtime-w | |
| 208774 208777 ? 00:00:00 tokio-runtime-w | |
| 208774 208778 ? 00:00:00 tokio-runtime-w | |
| 208774 208779 ? 00:00:00 tokio-runtime-w | |
| 208774 208780 ? 00:00:00 tokio-runtime-w | |
| 208774 208781 ? 00:00:00 tokio-runtime-w | |
| 208774 208782 ? 00:00:00 tokio-runtime-w | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment