aserper/gist:20a0e129ac8781ff946b1bd517b1b723

## gistfile1.txt
from bcc import BPF

# Define the eBPF program
prog = """
#include <uapi/linux/ptrace.h>

// Instrument the chmod syscall entry
TRACEPOINT_PROBE(syscalls, sys_enter_chmod) {
    // args is a built-in structure provided by the tracepoint
    // It contains all the arguments of the syscall being traced
    const char *filename = (const char *)args->filename;
    u32 mode = args->mode;

    // Log the filename and mode
    bpf_trace_printk("chmod called on %s with mode %o\\n", filename, mode);
    return 0;
}
"""

# Load eBPF program
b = BPF(text=prog)

# Print the output of bpf_trace_printk
print("Tracing chmod syscalls... Hit Ctrl-C to end.")
while True:
    try:
        (task, pid, cpu, flags, ts, msg) = b.trace_fields()
        print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg))
    except KeyboardInterrupt:
        exit()
	from bcc import BPF

	# Define the eBPF program
	prog = """
	#include <uapi/linux/ptrace.h>

	// Instrument the chmod syscall entry
	TRACEPOINT_PROBE(syscalls, sys_enter_chmod) {
	// args is a built-in structure provided by the tracepoint
	// It contains all the arguments of the syscall being traced
	const char filename = (const char )args->filename;
	u32 mode = args->mode;

	// Log the filename and mode
	bpf_trace_printk("chmod called on %s with mode %o\\n", filename, mode);
	return 0;
	}
	"""

	# Load eBPF program
	b = BPF(text=prog)

	# Print the output of bpf_trace_printk
	print("Tracing chmod syscalls... Hit Ctrl-C to end.")
	while True:
	try:
	(task, pid, cpu, flags, ts, msg) = b.trace_fields()
	print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg))
	except KeyboardInterrupt:
	exit()