kfilters

package
v0.0.0-...-67210db Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 3, 2025 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package kfilters holds kfilters related files

Package kfilters holds kfilters related files

Index

Constants

View Source
const (
	// BasenameApproverKernelMapName defines the basename approver kernel map name
	BasenameApproverKernelMapName = "basename_approvers"

	// BasenameApproverType is the type of basename approver
	BasenameApproverType = "basename"
	// FlagApproverType is the type of flags approver
	FlagApproverType = "flag"
	// AUIDApproverType is the type of auid approver
	AUIDApproverType = "auid"
)

Variables

View Source
var KFilterGetters = make(map[eval.EventType]kfiltersGetter)

KFilterGetters var contains all the kfilter getters

Functions

func GetCapababilities

func GetCapababilities() map[eval.EventType]rules.FieldCapabilities

GetCapababilities returns all the filtering capabilities

Types

type ActiveKFilters

type ActiveKFilters map[interface{}]activeKFilter

ActiveKFilters defines kfilter map

func (ActiveKFilters) Add

func (ak ActiveKFilters) Add(a activeKFilter)

Add a filter

func (ActiveKFilters) HasKey

func (ak ActiveKFilters) HasKey(key interface{}) bool

HasKey returns if a filter exists

func (ActiveKFilters) Remove

func (ak ActiveKFilters) Remove(a activeKFilter)

Remove a filter

func (ActiveKFilters) Sub

func (ak ActiveKFilters) Sub(ak2 ActiveKFilters)

Sub remove filters of the given filters

type ApplyRuleSetReport

type ApplyRuleSetReport struct {
	Policies map[string]*PolicyReport
}

ApplyRuleSetReport describes the event types and their associated policy policies

func NewApplyRuleSetReport

func NewApplyRuleSetReport(config *config.Config, rs *rules.RuleSet) (*ApplyRuleSetReport, error)

NewApplyRuleSetReport returns filtering policy applied per event type

type FilterPolicy

type FilterPolicy struct {
	Mode PolicyMode
}

FilterPolicy describes a filtering policy

func (*FilterPolicy) MarshalBinary

func (f *FilterPolicy) MarshalBinary() ([]byte, error)

MarshalBinary returns the binary representation of a FilterPolicy

type PolicyMode

type PolicyMode uint8

PolicyMode represents the policy mode (accept or deny)

const (
	PolicyModeNoFilter PolicyMode = iota
	PolicyModeAccept
	PolicyModeDeny

	// need to be aligned with the kernel size
	BasenameFilterSize = 256
)

Policy modes

func (PolicyMode) MarshalJSON

func (m PolicyMode) MarshalJSON() ([]byte, error)

MarshalJSON returns the JSON encoding of the policy mode

func (PolicyMode) String

func (m PolicyMode) String() string

type PolicyReport

type PolicyReport struct {
	Mode      PolicyMode
	Approvers rules.Approvers
}

PolicyReport describes the result of the kernel policy and the approvers for an event type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL