averello/Bear-mirror
1
0
Fork 0
mirror of https://github.com/rizsotto/Bear.git synced 2026-05-28 00:20:45 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
Bear-mirror/intercept-preload
T
History
Laszlo Nagy 9033e598fb intercept: drop Event wrapper, send Execution directly 
The Event wrapper carried a pid field that no production code ever read.
The captured pid was the shim/wrapper's process id (not the compiler's),
so it was semantically misleading and only invited future misuse.

The TCP wire and on-disk JSON Lines format now carry bare Execution
objects rather than {"pid": N, "execution": {...}}. The trim invariant
(strip env vars irrelevant for compilation database generation) moved
from the deleted Event::new into ReporterOnTcp::report, so the
boundary that emits to the wire is the single place that enforces it.

The on-disk format break is hard: prior .events files will be skipped
on read with a warning per line. The output/intercept.rs module
already documents the format as not stable.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 08:24:27 +00:00
..
src
intercept: drop Event wrapper, send Execution directly
2026-05-03 08:24:27 +00:00
build.rs
docs: explain the build pipeline per crate
2026-04-30 11:57:36 +00:00
Cargo.toml
build: run platform-checks detection once per workspace build
2026-04-30 11:39:48 +00:00
CLAUDE.md
docs: explain the build pipeline per crate
2026-04-30 11:57:36 +00:00
README.md
docs(intercept-preload): update README for actual platform support
2026-02-08 15:17:58 +11:00

README.md

Dynamic library for Bear interception

This crate provides a dynamic library for Unix systems that can be used with Bear for intercepting system calls via the LD_PRELOAD mechanism (or DYLD_INSERT_LIBRARIES on macOS).

Overview

libexec is designed to work with the Bear compilation database generator. It intercepts system calls like execve to track command execution during builds.

The library is split into a C shim (src/c/shim.c) and Rust implementation (src/implementation.rs). This separation exists because:

  1. Stable Rust cannot handle C variadic arguments (execl family)
  2. On FreeBSD, libc functions may call each other internally — having all exported symbols in C call into Rust (which uses dlsym(RTLD_NEXT, ...)) avoids recursive interception issues

Supported Platforms

  • Linux — uses LD_PRELOAD and ELF version scripts for symbol visibility
  • macOS — uses DYLD_INSERT_LIBRARIES and -exported_symbols_list for symbol visibility

On unsupported platforms, the build process will display a warning and skip library generation.

Features

  • Intercepts exec family calls, posix_spawn, popen, and system
  • Automatically "doctors" child process environments to maintain interception across exec calls
  • Reports intercepted executions to a TCP collector
  • Platform capability detection at build time (only intercepts functions available on the host)

Building

To build libexec in debug mode:

cargo build -p intercept-preload

For the release version:

cargo build -p intercept-preload --release

The resulting shared library will be in target/debug/libexec.so (or .dylib on macOS) and target/release/libexec.so respectively.

Reference in New Issue View Git Blame Copy Permalink