From ce73f4748fd292918d44a90ae4d044a6e8bbb2c8 Mon Sep 17 00:00:00 2001
From: Aviram Hassan <aviram@metalbear.co>
Date: Tue, 15 Oct 2024 14:41:24 +0300
Subject: [PATCH] ..

---
 mirrord/layer/src/exec_utils.rs | 10 ++++++++++
 mirrord/layer/src/load.rs       |  6 +++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/mirrord/layer/src/exec_utils.rs b/mirrord/layer/src/exec_utils.rs
index d027c82649c..ffb93572707 100644
--- a/mirrord/layer/src/exec_utils.rs
+++ b/mirrord/layer/src/exec_utils.rs
@@ -62,6 +62,16 @@ pub(crate) unsafe fn enable_macos_hooks(
 #[mirrord_layer_macro::instrument(level = "trace")]
 pub(super) fn patch_if_sip(path: &str) -> Detour<String> {
     let patch_binaries = PATCH_BINARIES.get().expect("patch binaries not set");
+    // some binaries don't need to be sip patched, because they don't chain-execute (i.e we don't
+    // care about the commands they run) for example, "go run" needs to be sip patched because
+    // it builds then executes. but gcc never executes the binary, so we don't need to sip patch
+    // it.
+    const BYPASS_BINARIES: &[&str] = &[
+        "/uname",
+    ];
+    if BYPASS_BINARIES.iter().any(|bin| path.ends_with(bin)) {
+        return Bypass(NoSipDetected(path.to_string()));
+    }
     match sip_patch(path, patch_binaries) {
         Ok(None) => Bypass(NoSipDetected(path.to_string())),
         Ok(Some(new_path)) => Success(new_path),
diff --git a/mirrord/layer/src/load.rs b/mirrord/layer/src/load.rs
index 649e82dd980..1f41f5eaa27 100644
--- a/mirrord/layer/src/load.rs
+++ b/mirrord/layer/src/load.rs
@@ -27,13 +27,17 @@ static BUILD_TOOL_PROCESSES: LazyLock<HashSet<&str>> = LazyLock::new(|| {
         "link",
         "math",
         "cargo",
+        "clang",
+        "compile",
         "hpack",
         "rustc",
-        "compile",
         "collect2",
         "cargo-watch",
         "debugserver",
         "jspawnhelper",
+        "strip",
+        "dsymutil",
+
     ])
 });