Documentation
¶
Overview ¶
Package securityprofile holds security profiles related files
Package securityprofile holds security profiles related files ¶
Package securityprofile holds security profiles related files ¶
Package securityprofile holds security profiles related files ¶
Package securityprofile holds security profiles related files ¶
Package securityprofile holds profile related files ¶
Package securityprofile holds security profiles related files ¶
Package securityprofile holds security profiles related files ¶
Package securityprofile holds security profiles related files
Index ¶
- Constants
- Variables
- func GenerateRules(ads []*profile.Profile, opts SECLRuleOpts) []*rules.RuleDefinition
- func LoadActivityDumpsFromFiles(path string) ([]*profile.Profile, error)
- type EventFilteringResult
- type Manager
- func (m *Manager) DumpActivity(params *api.ActivityDumpParams) (*api.ActivityDumpMessage, error)
- func (m *Manager) FillProfileContextFromContainerID(id string, ctx *model.SecurityProfileContext, imageTag string)
- func (m *Manager) GenerateTranscoding(params *api.TranscodingRequestParams) (*api.TranscodingRequestMessage, error)
- func (m *Manager) HandleCGroupTracingEvent(event *model.CgroupTracingEvent)
- func (m *Manager) HasActiveActivityDump(event *model.Event) bool
- func (m *Manager) ListActivityDumps(_ *api.ActivityDumpListParams) (*api.ActivityDumpListMessage, error)
- func (m *Manager) ListSecurityProfiles(params *api.SecurityProfileListParams) (*api.SecurityProfileListMessage, error)
- func (m *Manager) LookupEventInProfiles(event *model.Event)
- func (m *Manager) ProcessEvent(event *model.Event)
- func (m *Manager) SaveSecurityProfile(params *api.SecurityProfileSaveParams) (*api.SecurityProfileSaveMessage, error)
- func (m *Manager) SendStats() error
- func (m *Manager) SnapshotTracedCgroups()
- func (m *Manager) Start(ctx context.Context)
- func (m *Manager) StopActivityDump(params *api.ActivityDumpStopParams) (*api.ActivityDumpStopMessage, error)
- type SECLRuleOpts
- type SeccompProfile
- type SyscallPolicy
Constants ¶
const ( // ActivityDumpSource defines the source of activity dumps ActivityDumpSource = "runtime-security-agent" // DefaultProfileName used as default profile name DefaultProfileName = "default" )
Variables ¶
var ErrActivityDumpManagerDisabled = errors.New("ActivityDumpManager is disabled")
ErrActivityDumpManagerDisabled is returned when the activity dump manager is disabled
var ErrSecurityProfileManagerDisabled = errors.New("SecurityProfileManager is disabled")
ErrSecurityProfileManagerDisabled is returned when the security profile manager is disabled
var ( // TracedEventTypesReductionOrder is the order by which event types are reduced TracedEventTypesReductionOrder = []model.EventType{model.BindEventType, model.IMDSEventType, model.DNSEventType, model.SyscallsEventType, model.FileOpenEventType} )
Functions ¶
func GenerateRules ¶
func GenerateRules(ads []*profile.Profile, opts SECLRuleOpts) []*rules.RuleDefinition
GenerateRules return rules from activity dumps
Types ¶
type EventFilteringResult ¶
type EventFilteringResult uint8
EventFilteringResult is used to compute metrics for the event filtering feature
const ( // NA not applicable for profil NoProfile and ProfileAtMaxSize state NA EventFilteringResult = iota // InProfile is used to count the events that matched a profile InProfile // NotInProfile is used to count the events that didn't match their profile NotInProfile )
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager is the manager for activity dumps and security profiles
func NewManager ¶
func NewManager(cfg *config.Config, statsdClient statsd.ClientInterface, ebpf *ebpfmanager.Manager, resolvers *resolvers.EBPFResolvers, kernelVersion *kernel.Version, newEvent func() *model.Event, dumpHandler storage.ActivityDumpHandler) (*Manager, error)
NewManager returns a new instance of the security profile manager
func (*Manager) DumpActivity ¶
func (m *Manager) DumpActivity(params *api.ActivityDumpParams) (*api.ActivityDumpMessage, error)
DumpActivity handles an activity dump request
func (*Manager) FillProfileContextFromContainerID ¶
func (m *Manager) FillProfileContextFromContainerID(id string, ctx *model.SecurityProfileContext, imageTag string)
FillProfileContextFromContainerID populates a SecurityProfileContext for the given container ID
func (*Manager) GenerateTranscoding ¶
func (m *Manager) GenerateTranscoding(params *api.TranscodingRequestParams) (*api.TranscodingRequestMessage, error)
GenerateTranscoding executes the requested transcoding operation
func (*Manager) HandleCGroupTracingEvent ¶
func (m *Manager) HandleCGroupTracingEvent(event *model.CgroupTracingEvent)
HandleCGroupTracingEvent handles a cgroup tracing event
func (*Manager) HasActiveActivityDump ¶
HasActiveActivityDump returns true if the given event has an active dump
func (*Manager) ListActivityDumps ¶
func (m *Manager) ListActivityDumps(_ *api.ActivityDumpListParams) (*api.ActivityDumpListMessage, error)
ListActivityDumps returns the list of active activity dumps
func (*Manager) ListSecurityProfiles ¶
func (m *Manager) ListSecurityProfiles(params *api.SecurityProfileListParams) (*api.SecurityProfileListMessage, error)
ListSecurityProfiles returns the list of security profiles
func (*Manager) LookupEventInProfiles ¶
LookupEventInProfiles lookups event in profiles
func (*Manager) ProcessEvent ¶
ProcessEvent processes a new event and insert it in an activity dump if applicable
func (*Manager) SaveSecurityProfile ¶
func (m *Manager) SaveSecurityProfile(params *api.SecurityProfileSaveParams) (*api.SecurityProfileSaveMessage, error)
SaveSecurityProfile saves the requested security profile to disk
func (*Manager) SnapshotTracedCgroups ¶
func (m *Manager) SnapshotTracedCgroups()
SnapshotTracedCgroups recovers lost CGroup tracing events by going through the kernel space map of cgroups
func (*Manager) StopActivityDump ¶
func (m *Manager) StopActivityDump(params *api.ActivityDumpStopParams) (*api.ActivityDumpStopMessage, error)
StopActivityDump stops an active activity dump
type SECLRuleOpts ¶
type SECLRuleOpts struct {
EnableKill bool
AllowList bool
Lineage bool
ImageName string
ImageTag string
Service string
FIM bool
}
SECLRuleOpts defines SECL rules options
type SeccompProfile ¶
type SeccompProfile struct {
DefaultAction string `yaml:"defaultAction" json:"defaultAction"`
Syscalls []SyscallPolicy `yaml:"syscalls" json:"syscalls"`
}
SeccompProfile represents a Seccomp profile
func GenerateSeccompProfile ¶
func GenerateSeccompProfile(ads []*profile.Profile) *SeccompProfile
GenerateSeccompProfile returns a seccomp a profile
type SyscallPolicy ¶
type SyscallPolicy struct {
Names []string `yaml:"names" json:"names"`
Action string `yaml:"action" json:"action"`
}
SyscallPolicy represents the policy in a seccomp profile
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package activitytree holds activitytree related files
|
Package activitytree holds activitytree related files |
|
metadata
Package metadata holds metadata related files
|
Package metadata holds metadata related files |
|
Package dump holds activity dump related files
|
Package dump holds activity dump related files |
|
Package profile holds profile related files
|
Package profile holds profile related files |
|
Package storage holds files related to storages for security profiles
|
Package storage holds files related to storages for security profiles |