From 39a27d835e5498fddf083d7810506c73d6c5588a Mon Sep 17 00:00:00 2001
From: Afek Berger <afekb@armosec.io>
Date: Wed, 4 Dec 2024 13:40:21 +0200
Subject: [PATCH] Added syscalls consts

Signed-off-by: Afek Berger <afekb@armosec.io>
---
 pkg/containerwatcher/v1/consts.go   | 13 +++++++++++++
 pkg/containerwatcher/v1/exec.go     |  3 +--
 pkg/containerwatcher/v1/hardlink.go |  3 +--
 pkg/containerwatcher/v1/open.go     |  3 +--
 pkg/containerwatcher/v1/symlink.go  |  3 +--
 5 files changed, 17 insertions(+), 8 deletions(-)
 create mode 100644 pkg/containerwatcher/v1/consts.go

diff --git a/pkg/containerwatcher/v1/consts.go b/pkg/containerwatcher/v1/consts.go
new file mode 100644
index 00000000..e2f9f3b4
--- /dev/null
+++ b/pkg/containerwatcher/v1/consts.go
@@ -0,0 +1,13 @@
+package containerwatcher
+
+// The numbers can be arbitrary identifiers since they're not actually used for system calls,
+// so we don't need to handle other architecture specifically.
+const (
+	SYS_LINKAT    = 265
+	SYS_LINK      = 86
+	SYS_SYMLINKAT = 266
+	SYS_SYMLINK   = 88
+	SYS_OPEN      = 2
+	SYS_OPENAT    = 257
+	SYS_EXECVE    = 59
+)
diff --git a/pkg/containerwatcher/v1/exec.go b/pkg/containerwatcher/v1/exec.go
index d8da57a7..ca13f13a 100644
--- a/pkg/containerwatcher/v1/exec.go
+++ b/pkg/containerwatcher/v1/exec.go
@@ -7,7 +7,6 @@ import (
 	tracerexectype "github.com/inspektor-gadget/inspektor-gadget/pkg/gadgets/trace/exec/types"
 	"github.com/inspektor-gadget/inspektor-gadget/pkg/types"
 	events "github.com/kubescape/node-agent/pkg/ebpf/events"
-	"golang.org/x/sys/unix"
 )
 
 func (ch *IGContainerWatcher) execEventCallback(event *tracerexectype.Event) {
@@ -16,7 +15,7 @@ func (ch *IGContainerWatcher) execEventCallback(event *tracerexectype.Event) {
 	}
 
 	execEvent := &events.ExecEvent{Event: *event}
-	ch.enrichEvent(execEvent, []uint64{unix.SYS_EXECVE, unix.SYS_EXECVEAT})
+	ch.enrichEvent(execEvent, []uint64{SYS_EXECVE})
 
 	if event.Retval > -1 && event.Comm != "" {
 		ch.execWorkerChan <- execEvent
diff --git a/pkg/containerwatcher/v1/hardlink.go b/pkg/containerwatcher/v1/hardlink.go
index d728a2c8..f6df4fb9 100644
--- a/pkg/containerwatcher/v1/hardlink.go
+++ b/pkg/containerwatcher/v1/hardlink.go
@@ -5,7 +5,6 @@ import (
 
 	tracerhardlink "github.com/kubescape/node-agent/pkg/ebpf/gadgets/hardlink/tracer"
 	tracerhardlinktype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/hardlink/types"
-	"golang.org/x/sys/unix"
 
 	"github.com/inspektor-gadget/inspektor-gadget/pkg/types"
 	"github.com/kubescape/go-logger"
@@ -22,7 +21,7 @@ func (ch *IGContainerWatcher) hardlinkEventCallback(event *tracerhardlinktype.Ev
 		return
 	}
 
-	ch.enrichEvent(event, []uint64{unix.SYS_LINK, unix.SYS_LINKAT})
+	ch.enrichEvent(event, []uint64{SYS_LINK, SYS_LINKAT})
 
 	ch.hardlinkWorkerChan <- event
 }
diff --git a/pkg/containerwatcher/v1/open.go b/pkg/containerwatcher/v1/open.go
index 2f6717ac..ac5ecca6 100644
--- a/pkg/containerwatcher/v1/open.go
+++ b/pkg/containerwatcher/v1/open.go
@@ -7,7 +7,6 @@ import (
 	traceropentype "github.com/inspektor-gadget/inspektor-gadget/pkg/gadgets/trace/open/types"
 	"github.com/inspektor-gadget/inspektor-gadget/pkg/types"
 	events "github.com/kubescape/node-agent/pkg/ebpf/events"
-	"golang.org/x/sys/unix"
 )
 
 func (ch *IGContainerWatcher) openEventCallback(event *traceropentype.Event) {
@@ -16,7 +15,7 @@ func (ch *IGContainerWatcher) openEventCallback(event *traceropentype.Event) {
 	}
 
 	openEvent := &events.OpenEvent{Event: *event}
-	ch.enrichEvent(openEvent, []uint64{unix.SYS_OPEN, unix.SYS_OPENAT})
+	ch.enrichEvent(openEvent, []uint64{SYS_OPEN, SYS_OPENAT})
 
 	if event.Err > -1 && event.FullPath != "" {
 		ch.openWorkerChan <- openEvent
diff --git a/pkg/containerwatcher/v1/symlink.go b/pkg/containerwatcher/v1/symlink.go
index 47c6a49a..4054ad8b 100644
--- a/pkg/containerwatcher/v1/symlink.go
+++ b/pkg/containerwatcher/v1/symlink.go
@@ -5,7 +5,6 @@ import (
 
 	tracersymlink "github.com/kubescape/node-agent/pkg/ebpf/gadgets/symlink/tracer"
 	tracersymlinktype "github.com/kubescape/node-agent/pkg/ebpf/gadgets/symlink/types"
-	"golang.org/x/sys/unix"
 
 	"github.com/inspektor-gadget/inspektor-gadget/pkg/types"
 	"github.com/kubescape/go-logger"
@@ -17,7 +16,7 @@ func (ch *IGContainerWatcher) symlinkEventCallback(event *tracersymlinktype.Even
 		return
 	}
 
-	ch.enrichEvent(event, []uint64{unix.SYS_SYMLINK, unix.SYS_SYMLINKAT})
+	ch.enrichEvent(event, []uint64{SYS_SYMLINK, SYS_SYMLINKAT})
 
 	if isDroppedEvent(event.Type, event.Message) {
 		logger.L().Ctx(ch.ctx).Warning("symlink tracer got drop events - we may miss some realtime data", helpers.Interface("event", event), helpers.String("error", event.Message))