v0.8.2

Notice

There is an LTS kernel regression that affects the experimental eBPF backend for tracexec.
Users on LTS kernel v6.6.64..v6.6.69 experiencing eBPF load errors should upgrade to v6.6.70,
where the patch that causes the regression is reverted. Further investigation is still going on.

• #55
• https://lore.kernel.org/all/fz5bo35ahmtygtbwhbit7vobn6beg3gnlkdd6wvrv4bf3z3ixy@vim77gb777mk/

Fixes

• tracexec now correctly handles ptrace group stop.
  (In other words, the stopping signals are now handled transparently).
• Fix missing process state update for the root tracee when it exits.
• CI: misc fixes for nix userspace-kernel integration tests.

Other Changes

• Update dependencies
• Misc CI changes.
• Internal refactor: safer abstraction for ptrace.
• Internal refactor: remove lazy_static
• Internal refactor: replace some static variables with constants (by @Integral-Tech)
• tracexec now uses PTRACE_SEIZE instead of setting PTRACE_TRACEME after fork.
• Specify MSRV in Cargo.toml. (v0.8.1 is yanked because the incompatible lockfile version change from 3 to 4).

v0.8.0

Breaking Changes

The ptrace backend no longer supports kernels that don't support PTRACE_GET_SYSCALL_INFO.
This means that the minimal supported kernel version is now 5.3.

New Features

The ptrace backend now allows tracees to do 32bit syscalls on x64 architecture.
And traces for 32bit exec syscalls are now available in tracexec.

A new feature ebpf-no-rcu-kfuncs is added and disabled by default.
For kernel versions less than 6.2, you'll need to enable this feature to make the eBPF backend work.

Fixes

• Make tests work in non-FHS environment.

Other Changes

• Update dependencies, notably bumping ratatui to 0.29.
• Add a (very rough) nix flake to test the eBPF backend on different kernel versions.
• CI: bump rust to 1.82

v0.7.0

New Features

• The experimental eBPF backend is updated to also monitor 32bit exec on x64 systems.
  • I plan to support tracing 32bit exec in ptrace backend as well in 0.8.0 release.
• Previously, all experimental features are only labeled in the help text of CLI.
  Now the experimental features are also labeled in TUI:

Deprecation

The support for kernel version < 5.3 is deprecated and will be removed in the future.
It is likely that it will happen in the upcoming 0.8.0 release.

Breaking Changes

Building tracexec with seccomp-bpf feature now requires libseccomp dependency.
By default, we dynamically link to libseccomp. In order to statically link to libseccomp,
please set LIBSECCOMP_LINK_TYPE to static and set LIBSECCOMP_LIB_PATH to the path of
the directory containing libseccomp.a.

Fixes

• ptracer: use SIGSTOP as sentinel signal.
• eBPF: __TARGET_ARCH_xx define gets fixed for arm64 and riscv64(in libbpf-rs: libbpf/libbpf-rs#958 and libbpf/libbpf-rs#959).
• Switch seccomp-bpf dependency crate from seccompiler to libseccomp.
  • This unblocks 32bit exec tracing for ptrace backend that I plan to implement in 0.8.0.
  • And seccomp-bpf feature can now be enabled on riscv64.

Internal Changes

• Bump dependencies
• Make clippy more annoying
• eBPF: convert from syscall tracepoint to fentry/fexit
• eBPF: minor refactors

v0.7.0-rc.3

New Features

• The experimental eBPF backend is updated to also monitor 32bit exec on x64 systems.
  • I plan to support tracing 32bit exec in ptrace backend as well in 0.8.0 release.
• Previously, all experimental features are only labeled in the help text of CLI.
  Now the experimental features are also labeled in TUI:

Deprecation

The support for kernel version < 5.3 is deprecated and will be removed in the future.
It is likely that it will happen in the upcoming 0.8.0 release.

Breaking Changes

Building tracexec with seccomp-bpf feature now requires libseccomp dependency.
By default, we dynamically link to libseccomp. In order to statically link to libseccomp,
please set LIBSECCOMP_LINK_TYPE to static and set LIBSECCOMP_LIB_PATH to the path of
the directory containing libseccomp.a.

Fixes

• ptracer: use SIGSTOP as sentinel signal.
• eBPF: __TARGET_ARCH_xx define gets fixed for arm64 and riscv64(in libbpf-rs: libbpf/libbpf-rs#958 and libbpf/libbpf-rs#959).
• Switch seccomp-bpf dependency crate from seccompiler to libseccomp.
  • This unblocks 32bit exec tracing for ptrace backend that I plan to implement in 0.8.0.
  • And seccomp-bpf feature can now be enabled on riscv64.

Internal Changes

• Bump dependencies
• Make clippy more annoying
• eBPF: convert from syscall tracepoint to fentry/fexit
• eBPF: minor refactors

v0.6.2

• Fix: Update dependencies to get rid of yanked futures-util 0.3.30
• Fix: Ensure build-script is built with the same vendoring feature as the main binary
• CI: Fix a typo in CI yaml that caused the released static binaries to be non static.
• CI: Enable eBPF for riscv64.
• CI: Enable static builds for riscv64.

v0.6.2-rc.2

• Fix: Update dependencies to get rid of yanked futures-util 0.3.30
• Fix: Ensure build-script is built with the same vendoring feature as the main binary
• CI: Fix a typo in CI yaml that caused the released static binaries to be non static.
• CI: Enable eBPF for riscv64.
• CI: Enable static builds for riscv64.

v0.6.2-rc.1

• Fix: Update dependencies to get rid of yanked futures-util 0.3.30
• Fix: Ensure build-script is built with the same vendoring feature as the main binary
• eBPF: Use a better workaround in eBPF code(empty printk workaround is removed).
• CI: Fix a typo in CI yaml that caused the released static binaries to be non static.
• CI: Enable eBPF for riscv64.
• CI: Enable static builds for riscv64.

v0.6.1

• Docs: document dependencies for building in INSTALL.md.
• CI: Bump ubuntu to 24.04, with clang 18 as default clang.
• Previously, when building tracexec, even if --no-default-feaures is specified,
  libbpf still gets vendored once because it is also depended in libbpf-cargo build dependency.
  This release fixes it.
• Fix the help entry of breakpoint manager.
• Fix: eBPF: only remove pgid from closure if follow-forks
• Fix: eBPF: simplify program to make it load on kernel >= 6.8
• Fix: eBPF: add a temporary workaround(d7f23b4) to make it load in release mode on new kernels.
  A side effect is some empty printk output in /sys/kernel/debug/tracing/trace_pipe. See the commit for more details.

v0.6.1-rc.1

• Docs: document dependencies for building in INSTALL.md.
• CI: Bump ubuntu to 24.04, with clang 18 as default clang.
• Previously, when building tracexec, even if --no-default-feaures is specified,
  libbpf still gets vendored once because it is also depended in libbpf-cargo build dependency.
  This release fixes it.
• Fix the help entry of breakpoint manager.
• Fix: eBPF: only remove pgid from closure if follow-forks
• Fix: eBPF: simplify program to make it load on kernel >= 6.8
• Fix: eBPF: add a temporary workaround(d7f23b4) to make it load in release mode on new kernels.
  A side effect is some empty printk output in /sys/kernel/debug/tracing/trace_pipe. See the commit for more details.

v0.6.1-beta.2

• Docs: document dependencies for building in INSTALL.md.
• CI: Bump ubuntu to 24.04, with clang 18 as default clang.
• Previously, when building tracexec, even if --no-default-feaures is specified,
  libbpf still gets vendored once because it is also depended in libbpf-cargo build dependency.
  This release fixes it.
• Fix the help entry of breakpoint manager.
• Fix: eBPF: only remove pgid from closure if follow-forks
• Fix: eBPF: simplify program to make it load on kernel >= 6.8