[Profiler] Log information about secure-execution mode (#4196)

* Log information about secure-execution mode * Do not log user/group id
DataDog · May 30, 2023 · 5a0f7f5 · 5a0f7f5
1 parent d789ad5
commit 5a0f7f5
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/profiler/src/ProfilerEngine/Datadog.Profiler.Native/OpSysTools.cpp b/profiler/src/ProfilerEngine/Datadog.Profiler.Native/OpSysTools.cpp
@@ -22,6 +22,7 @@
 #define _GNU_SOURCE
 #include <errno.h>
 #include "cgroup.h"
+#include <sys/auxv.h>
 #endif
 
 #include <chrono>
@@ -386,6 +387,17 @@ bool OpSysTools::IsSafeToStartProfiler(double coresThreshold)
             }
         }
 
+        // Check if process is running is a secure-execution mode
+        auto at_secure = getauxval(AT_SECURE);
+        Log::Info("Is process running in a secure execution mode ? ", std::boolalpha, at_secure);
+        // Reasons for which AT_SECURE is true:
+        //   User ID != Effective User ID
+        Log::Info("Process User ID differs from Effective User ID ? ", std::boolalpha, getuid() != geteuid());
+        //   Group ID != Effective Group ID
+        Log::Info("Process Group ID differs from Effective Group ID ? ", std::boolalpha, getgid() != getegid());
+        // TODO check capabilities (for now checking capabilities requires additional packages/libraries)
+        // if at_secure is true, we know that it due to the capabilities
+
         return false;
     }