Introduce evt trigger

[geyslan]

Close: #4412

1. Explain what the PR does

2. Explain how to test it

3. Other comments

[NDStrahilevitz]

Just to note that at first I thought the PR refers to the uprobe triggering mechanism, we may want to rethink one of the names...
Anyway, promising tool.

[geyslan]

The current idea is to have this new binary evt with two main commands trigger and stress. The former would only run an underlying script related to a single Tracee event chosen. The former would accept multiple events or policies to run Tracee first and in the sequence the evt trigger itself for each event chosen.

How do you see the name conflicting with uname? What do you suggest then? I'm all ears.

[NDStrahilevitz]

Member

It's just that there is this package:
https://github.com/aquasecurity/tracee/tree/main/pkg/events/trigger
Which conflicts in name. So we need to rename on of them imo since we have the concept of "triggered events (through uprobes)" as a, rather underdeveloped, internal mechanism of tracee.