Marks a function as a fentry eBPF program that can be attached to almost
any function inside the kernel. The difference between fentry and kprobe
is that fexit has practically zero overhead to call before kernel function.
fentry programs can be also attached to other eBPF programs.
Marks a function as a fexit eBPF program that can be attached to almost
any function inside the kernel. The difference between fexit and kretprobe
is that fexit has practically zero overhead to call after kernel function
and it focuses on access to arguments rather than the return value. fexit
programs can be also attached to other eBPF programs
Marks a function as an LSM program that can be attached to cgroups.
This program will only trigger for workloads in the attached cgroups.
Used to implement security policy and audit logging.