Add support for flags in fcntl, socket, socketpair, accept4

[albe19029]

For monitoring process files it is good to know CLOEXEC flag. But for now only part of method support it (inotify_init1, eventfd2, signalfd4, dup3, pipe2, open, openat, open_by_handle_at, pidfd_open,epoll_create1, memfd_create)

But I think this one are very important too:

fcntl (F_DUPFD_CLOEXEC -FD_CLOEXEC, F_SETFD - FD_CLOEXEC)
socket (SOCK_CLOEXEC)
socketpair (SOCK_CLOEXEC)
accept4 (SOCK_CLOEXEC)

Is it possible to add this, as when execve will be called, it is impossible to see which file descriptors should be copy to new process, and which should not.

I also noticed that for some methods flags exists, but in native format, not scap portable PPM_*_CLOEXEC (pidfd_getfd, timerfd_create, userfaultfd)

[Andreagit97]

Hi @albe19029, yes you are right we need to improve the flags management in our syscalls. Your request makes sense! I will add it to the backlog

[albe19029]

Thanks a lot.
Forgot about one more moment:
is it also possible to add open_flags for not only SCAP_FD_FILE_V2 (for now scap_fd_flags_file this flags only added there).

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[albe19029]

/remove-lifecycle stale

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[poiana]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

[poiana]

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community.
/close

[poiana]

@poiana: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.