feat(events): change log level in hooked_syscall

When unable to locate a syscall symbol, instead of printing an error and terminate the hook checker goroutine, be more graceful: print a warning and skip hook check only for the specific syscall
aquasecurity · Oct 28, 2024 · eead40d · eead40d
1 parent ab6344f
commit eead40d
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/pkg/ebpf/hooked_syscall_table.go b/pkg/ebpf/hooked_syscall_table.go
@@ -2,6 +2,7 @@ package ebpf
 
 import (
 	gocontext "context"
+	"fmt"
 	"runtime"
 	"strings"
 	"time"
@@ -189,8 +190,13 @@ func (t *Tracee) populateExpectedSyscallTableArray(tableMap *bpf.BPFMap) error {
 
 		kernelSymbol, err := t.kernelSymbols.GetSymbolByOwnerAndName("system", events.SyscallPrefix+syscallName)
 		if err != nil {
-			logger.Errorw("hooked_syscall: syscall symbol not found", "id", index)
-			return err
+			logger.Warnw(fmt.Sprintf("hooked_syscall: Unable to locate syscall symbol... permanently skipping hook check for syscall ID %d", index))
+			zero := 0
+			err = tableMap.Update(unsafe.Pointer(&index), unsafe.Pointer(&zero))
+			if err != nil {
+				return err
+			}
+			continue
 		}
 
 		var expectedAddress = kernelSymbol[0].Address