policy

package
v0.15.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 13, 2023 License: Apache-2.0 Imports: 11 Imported by: 1

Documentation

Index

Constants

View Source
const (
	UIDFilterMap         = "uid_filter"
	PIDFilterMap         = "pid_filter"
	MntNSFilterMap       = "mnt_ns_filter"
	PidNSFilterMap       = "pid_ns_filter"
	UTSFilterMap         = "uts_ns_filter"
	CommFilterMap        = "comm_filter"
	ProcessTreeFilterMap = "process_tree_map"
	CgroupIdFilterMap    = "cgroup_id_filter"
	ContIdFilter         = "cont_id_filter"
	BinaryFilterMap      = "binary_filter"
	ProcInfoMap          = "proc_info_map"
)
View Source
const MaxPolicies = 64

Variables

This section is empty.

Functions

func PoliciesMaxExceededError

func PoliciesMaxExceededError() error

func PoliciesOutOfRangeError

func PoliciesOutOfRangeError(idx int) error

func PolicyAlreadyExists

func PolicyAlreadyExists(policy *Policy, id int) error

func PolicyNilError

func PolicyNilError() error

func PolicyNotFoundError

func PolicyNotFoundError(idx int) error

Types

type Policies

type Policies struct {
	// contains filtered or unexported fields
}

TODO: add locking mechanism as policies will change at runtime

func NewPolicies

func NewPolicies() *Policies

func (*Policies) Add

func (ps *Policies) Add(p *Policy) error

Add adds a policy to Policies. Its ID (index) is set to the first room found. Returns nil if policy is already inserted.

func (*Policies) Compute

func (ps *Policies) Compute()

Compute recalculates values, updates flags and fills the reduced user space map. It must be called at initialization and at every runtime policies changes

func (*Policies) ContainerFilterEnabled

func (ps *Policies) ContainerFilterEnabled() uint64

ContainerFilterEnabled returns a bitmask of policies that have at least one container filter type enabled. TODO: make sure the stores are also atomic (an atomic load is only protecting the read from context switches, not from CPU cache coherency issues).

func (*Policies) Count

func (ps *Policies) Count() int

func (*Policies) Delete

func (ps *Policies) Delete(id int) error

Delete deletes a policy from Policies.

func (*Policies) Lookup

func (ps *Policies) Lookup(id int) (*Policy, error)

func (*Policies) Map

func (ps *Policies) Map() map[*Policy]int

func (*Policies) MatchedNames added in v0.15.0

func (ps *Policies) MatchedNames(matched uint64) []string

MatchedNames returns a list of matched policies names based on the given matched bitmask.

func (*Policies) PIDFilterMax

func (ps *Policies) PIDFilterMax() uint64

func (*Policies) PIDFilterMin

func (ps *Policies) PIDFilterMin() uint64

func (*Policies) PIDFilterableInUserSpace

func (ps *Policies) PIDFilterableInUserSpace() bool

func (*Policies) Set

func (ps *Policies) Set(p *Policy) error

func (*Policies) UIDFilterMax

func (ps *Policies) UIDFilterMax() uint64

func (*Policies) UIDFilterMin

func (ps *Policies) UIDFilterMin() uint64

func (*Policies) UIDFilterableInUserSpace

func (ps *Policies) UIDFilterableInUserSpace() bool

func (*Policies) UserSpaceMap

func (ps *Policies) UserSpaceMap() map[*Policy]int

UserSpaceMap returns a reduced policies map which must be filtered in user space (ArgFilter, RetFilter, ContextFilter, UIDFilter and PIDFilter).

type Policy

type Policy struct {
	ID                int
	Name              string
	EventsToTrace     map[events.ID]string
	UIDFilter         *filters.BPFUIntFilter[uint32]
	PIDFilter         *filters.BPFUIntFilter[uint32]
	NewPidFilter      *filters.BoolFilter
	MntNSFilter       *filters.BPFUIntFilter[uint64]
	PidNSFilter       *filters.BPFUIntFilter[uint64]
	UTSFilter         *filters.BPFStringFilter
	CommFilter        *filters.BPFStringFilter
	ContFilter        *filters.BoolFilter
	NewContFilter     *filters.BoolFilter
	ContIDFilter      *filters.ContainerFilter
	RetFilter         *filters.RetFilter
	ArgFilter         *filters.ArgFilter
	ContextFilter     *filters.ContextFilter
	ProcessTreeFilter *filters.ProcessTreeFilter
	BinaryFilter      *filters.BPFBinaryFilter
	Follow            bool
}

func NewPolicy

func NewPolicy() *Policy

func (*Policy) ContainerFilterEnabled

func (ps *Policy) ContainerFilterEnabled() bool

ContainerFilterEnabled returns true when the policy has at least one container filter type enabled

type PolicyFile added in v0.15.0

type PolicyFile struct {
	Name          string   `yaml:"name"`
	Description   string   `yaml:"description"`
	Scope         []string `yaml:"scope"`
	DefaultAction string   `yaml:"defaultAction"`
	Rules         []Rule   `yaml:"rules"`
}

PolicyFile is the structure of the policy file

func PoliciesFromPaths added in v0.15.0

func PoliciesFromPaths(paths []string) ([]PolicyFile, error)

PoliciesFromPaths returns a slice of policies from the given paths

func (PolicyFile) Validate added in v0.15.0

func (p PolicyFile) Validate() error

type Rule added in v0.15.0

type Rule struct {
	Event  string   `yaml:"event"`
	Filter []string `yaml:"filter"`
	Action []string `yaml:"action"`
}

Rule is the structure of the rule in the policy file

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL