policy

package
v0.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 29, 2023 License: Apache-2.0 Imports: 11 Imported by: 1

Documentation

Index

Constants

View Source
const (
	UIDFilterMap         = "uid_filter"
	PIDFilterMap         = "pid_filter"
	MntNSFilterMap       = "mnt_ns_filter"
	PidNSFilterMap       = "pid_ns_filter"
	UTSFilterMap         = "uts_ns_filter"
	CommFilterMap        = "comm_filter"
	ProcessTreeFilterMap = "process_tree_map"
	CgroupIdFilterMap    = "cgroup_id_filter"
	ContIdFilter         = "cont_id_filter"
	BinaryFilterMap      = "binary_filter"
	ProcInfoMap          = "proc_info_map"
)
View Source
const MaxPolicies = 64

Variables

This section is empty.

Functions

func PoliciesMaxExceededError

func PoliciesMaxExceededError() error

func PoliciesOutOfRangeError

func PoliciesOutOfRangeError(idx int) error

func PolicyAlreadyExists

func PolicyAlreadyExists(policy *Policy, id int) error

func PolicyNilError

func PolicyNilError() error

func PolicyNotFoundError

func PolicyNotFoundError(idx int) error

Types

type Policies

type Policies struct {
	// contains filtered or unexported fields
}

TODO: add locking mechanism as policies will change at runtime

func NewPolicies

func NewPolicies() *Policies

func (*Policies) Add

func (ps *Policies) Add(p *Policy) error

Add adds a policy to Policies. Its ID (index) is set to the first room found. Returns nil if policy is already inserted.

func (*Policies) Compute

func (ps *Policies) Compute()

Compute recalculates values, updates flags, fills the reduced userland map, and sets the related bitmap that is used to prevent the iteration of the entire map.

It must be called at initialization and at every runtime policies changes.

func (*Policies) ContainerFilterEnabled

func (ps *Policies) ContainerFilterEnabled() uint64

ContainerFilterEnabled returns a bitmap of policies that have at least one container filter type enabled.

TODO: make sure the stores are also atomic (an atomic load is only protecting the read from context switches, not from CPU cache coherency issues).

func (*Policies) Count

func (ps *Policies) Count() int

func (*Policies) Delete

func (ps *Policies) Delete(id int) error

Delete deletes a policy from Policies.

func (*Policies) FilterableInUserland added in v0.16.0

func (ps *Policies) FilterableInUserland() uint64

FilterableInUserland returns a bitmap of policies that must be filtered in userland (ArgFilter, RetFilter, ContextFilter, UIDFilter and PIDFilter).

TODO: make sure the stores are also atomic (an atomic load is only protecting the read from context switches, not from CPU cache coherency issues).

func (*Policies) FilterableInUserlandMap added in v0.16.0

func (ps *Policies) FilterableInUserlandMap() map[*Policy]int

FilterableInUserlandMap returns a reduced policies map which must be filtered in userland (ArgFilter, RetFilter, ContextFilter, UIDFilter and PIDFilter).

func (*Policies) Lookup

func (ps *Policies) Lookup(id int) (*Policy, error)

func (*Policies) Map

func (ps *Policies) Map() map[*Policy]int

Map returns map with all policies.

func (*Policies) MatchedNames added in v0.15.0

func (ps *Policies) MatchedNames(matched uint64) []string

MatchedNames returns a list of matched policies names based on the given matched bitmap.

func (*Policies) PIDFilterMax

func (ps *Policies) PIDFilterMax() uint64

func (*Policies) PIDFilterMin

func (ps *Policies) PIDFilterMin() uint64

func (*Policies) PIDFilterableInUserland added in v0.16.0

func (ps *Policies) PIDFilterableInUserland() bool

func (*Policies) Set

func (ps *Policies) Set(p *Policy) error

func (*Policies) UIDFilterMax

func (ps *Policies) UIDFilterMax() uint64

func (*Policies) UIDFilterMin

func (ps *Policies) UIDFilterMin() uint64

func (*Policies) UIDFilterableInUserland added in v0.16.0

func (ps *Policies) UIDFilterableInUserland() bool

type Policy

type Policy struct {
	ID                int
	Name              string
	EventsToTrace     map[events.ID]string
	UIDFilter         *filters.BPFUIntFilter[uint32]
	PIDFilter         *filters.BPFUIntFilter[uint32]
	NewPidFilter      *filters.BoolFilter
	MntNSFilter       *filters.BPFUIntFilter[uint64]
	PidNSFilter       *filters.BPFUIntFilter[uint64]
	UTSFilter         *filters.BPFStringFilter
	CommFilter        *filters.BPFStringFilter
	ContFilter        *filters.BoolFilter
	NewContFilter     *filters.BoolFilter
	ContIDFilter      *filters.ContainerFilter
	RetFilter         *filters.RetFilter
	ArgFilter         *filters.ArgFilter
	ContextFilter     *filters.ContextFilter
	ProcessTreeFilter *filters.ProcessTreeFilter
	BinaryFilter      *filters.BPFBinaryFilter
	Follow            bool
}

func NewPolicy

func NewPolicy() *Policy

func (*Policy) ContainerFilterEnabled

func (ps *Policy) ContainerFilterEnabled() bool

ContainerFilterEnabled returns true when the policy has at least one container filter type enabled

type PolicyFile added in v0.15.0

type PolicyFile struct {
	Name           string   `yaml:"name"`
	Description    string   `yaml:"description"`
	Scope          []string `yaml:"scope"`
	DefaultActions []string `yaml:"defaultActions"`
	Rules          []Rule   `yaml:"rules"`
}

PolicyFile is the structure of the policy file

func PoliciesFromPaths added in v0.15.0

func PoliciesFromPaths(paths []string) ([]PolicyFile, error)

PoliciesFromPaths returns a slice of policies from the given paths

func (PolicyFile) Validate added in v0.15.0

func (p PolicyFile) Validate() error

type Rule added in v0.15.0

type Rule struct {
	Event   string   `yaml:"event"`
	Filters []string `yaml:"filters"`
	Actions []string `yaml:"actions"`
}

Rule is the structure of the rule in the policy file

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL