Added new hooks and updated map fields to support new sudo module.

src/user/include/modules/fs.h

@@ -16,9 +16,15 @@ int attach_tp_sys_exit_read(struct kit_bpf *skel){
     skel->links.tp_sys_exit_read = bpf_program__attach(skel->progs.tp_sys_exit_read);
 	return libbpf_get_error(skel->links.tp_sys_exit_read);
 }
+int attach_tp_sys_enter_openat(struct kit_bpf *skel){
+    skel->links.tp_sys_enter_openat = bpf_program__attach(skel->progs.tp_sys_enter_openat);
+	return libbpf_get_error(skel->links.tp_sys_enter_openat);
+}
 
 int attach_fs_all(struct kit_bpf *skel){
-    return attach_tp_sys_enter_read(skel) || attach_tp_sys_exit_read(skel);
+    return attach_tp_sys_enter_read(skel) || 
+        attach_tp_sys_exit_read(skel) ||
+        attach_tp_sys_enter_openat(skel);
 }
 
 
@@ -38,9 +44,19 @@ int detach_tp_sys_exit_read(struct kit_bpf *skel){
     }
     return 0;
 }
+int detach_tp_sys_enter_openat(struct kit_bpf *skel){
+    int err = detach_link_generic(skel->links.tp_sys_enter_openat);
+    if(err<0){
+        fprintf(stderr, "Failed to detach fs link\n");
+        return -1;
+    }
+    return 0;
+}
 
 int detach_fs_all(struct kit_bpf *skel){
-    return detach_tp_sys_enter_read(skel) || detach_tp_sys_exit_read(skel);
+    return detach_tp_sys_enter_read(skel) || 
+        detach_tp_sys_exit_read(skel) ||
+        detach_tp_sys_enter_openat(skel);
 }
 
 #endif