Extended uprobe support in TracingPolicies

[anfedotoff]

Is there an existing issue for this?

• I have searched the existing issues

Is your feature request related to a problem?

No response

Describe the feature you would like

Hi!
I think, it would be nice to support some selectors that we have for kprobes/tracepoints/lsm hooks. According to this uprobe policies are only support matchPid selector:

tetragon/pkg/sensors/tracing/genericuprobe.go

Lines 226 to 235 in 21cb4fd

	func isValidUprobeSelectors(selectors []v1alpha1.KProbeSelector) error {
	for _, s := range selectors {
	if len(s.MatchArgs) > 0 ||
	len(s.MatchActions) > 0 ||
	len(s.MatchReturnArgs) > 0 ||
	len(s.MatchNamespaces) > 0 ||
	len(s.MatchNamespaceChanges) > 0 ||
	len(s.MatchCapabilities) > 0 ||
	len(s.MatchCapabilityChanges) > 0 {
	return fmt.Errorf("Only matchPIDs selector is supported")

With this uprobe support we can do a lot of interesting things. For example, we can monitor for suspicious commands user executes from shell. More details can be found in nice Quarkslab blog post.

Describe your proposed solution

No response

Code of Conduct

• I agree to follow this project's Code of Conduct