Documentation ¶
Overview ¶
Package kfilters holds kfilters related files
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files ¶
Package kfilters holds kfilters related files
Index ¶
Constants ¶
const ( // BasenameApproverKernelMapName defines the basename approver kernel map name BasenameApproverKernelMapName = "basename_approvers" // BasenameApproverType is the type of basename approver BasenameApproverType = "basename" // FlagApproverType is the type of flags approver FlagApproverType = "flag" // AUIDApproverType is the type of auid approver AUIDApproverType = "auid" )
Variables ¶
var KFilterGetters = make(map[eval.EventType]kfiltersGetter)
KFilterGetters var contains all the kfilter getters
Functions ¶
func GetCapababilities ¶
func GetCapababilities() map[eval.EventType]rules.FieldCapabilities
GetCapababilities returns all the filtering capabilities
Types ¶
type ActiveKFilters ¶
type ActiveKFilters map[interface{}]activeKFilter
ActiveKFilters defines kfilter map
func (ActiveKFilters) HasKey ¶
func (ak ActiveKFilters) HasKey(key interface{}) bool
HasKey returns if a filter exists
func (ActiveKFilters) Sub ¶
func (ak ActiveKFilters) Sub(ak2 ActiveKFilters)
Sub remove filters of the given filters
type ApplyRuleSetReport ¶
type ApplyRuleSetReport struct {
Policies map[string]*PolicyReport
}
ApplyRuleSetReport describes the event types and their associated policy policies
func NewApplyRuleSetReport ¶
NewApplyRuleSetReport returns filtering policy applied per event type
type FilterPolicy ¶
type FilterPolicy struct {
Mode PolicyMode
}
FilterPolicy describes a filtering policy
func (*FilterPolicy) MarshalBinary ¶
func (f *FilterPolicy) MarshalBinary() ([]byte, error)
MarshalBinary returns the binary representation of a FilterPolicy
type PolicyMode ¶
type PolicyMode uint8
PolicyMode represents the policy mode (accept or deny)
const ( PolicyModeNoFilter PolicyMode = iota PolicyModeAccept PolicyModeDeny // need to be aligned with the kernel size BasenameFilterSize = 256 )
Policy modes
func (PolicyMode) MarshalJSON ¶
func (m PolicyMode) MarshalJSON() ([]byte, error)
MarshalJSON returns the JSON encoding of the policy mode
func (PolicyMode) String ¶
func (m PolicyMode) String() string
type PolicyReport ¶
type PolicyReport struct { Mode PolicyMode Approvers rules.Approvers }
PolicyReport describes the result of the kernel policy and the approvers for an event type