policy

package
v0.16.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 12, 2023 License: Apache-2.0 Imports: 11 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	UIDFilterMap         = "uid_filter"
	PIDFilterMap         = "pid_filter"
	MntNSFilterMap       = "mnt_ns_filter"
	PidNSFilterMap       = "pid_ns_filter"
	UTSFilterMap         = "uts_ns_filter"
	CommFilterMap        = "comm_filter"
	ProcessTreeFilterMap = "process_tree_map"
	CgroupIdFilterMap    = "cgroup_id_filter"
	ContIdFilter         = "cont_id_filter"
	BinaryFilterMap      = "binary_filter"
	ProcInfoMap          = "proc_info_map"
)
View Source 
const MaxPolicies = 64

Variables

This section is empty.

Functions

func PoliciesMaxExceededError 

func PoliciesMaxExceededError() error

func PoliciesOutOfRangeError 

func PoliciesOutOfRangeError(idx int) error

func PolicyAlreadyExists 

func PolicyAlreadyExists(policy *Policy, id int) error

func PolicyNilError 

func PolicyNilError() error

func PolicyNotFoundError 

func PolicyNotFoundError(idx int) error

Types

type Policies 

type Policies struct {
	// contains filtered or unexported fields
}

TODO: add locking mechanism as policies will change at runtime

func NewPolicies 

func NewPolicies() *Policies

func (*Policies) Add 

func (ps *Policies) Add(p *Policy) error

Add adds a policy to Policies. Its ID (index) is set to the first room found. Returns nil if policy is already inserted.

func (*Policies) Compute 

func (ps *Policies) Compute()

Compute recalculates values, updates flags, fills the reduced userland map, and sets the related bitmap that is used to prevent the iteration of the entire map.

It must be called at initialization and at every runtime policies changes.

func (*Policies) ContainerFilterEnabled 

func (ps *Policies) ContainerFilterEnabled() uint64

ContainerFilterEnabled returns a bitmap of policies that have at least one container filter type enabled.

TODO: make sure the stores are also atomic (an atomic load is only protecting the read from context switches, not from CPU cache coherency issues).

func (*Policies) Count 

func (ps *Policies) Count() int

func (*Policies) Delete 

func (ps *Policies) Delete(id int) error

Delete deletes a policy from Policies.

func (*Policies) FilterableInUserland added in v0.16.0 

func (ps *Policies) FilterableInUserland() uint64

FilterableInUserland returns a bitmap of policies that must be filtered in userland (ArgFilter, RetFilter, ContextFilter, UIDFilter and PIDFilter).

TODO: make sure the stores are also atomic (an atomic load is only protecting the read from context switches, not from CPU cache coherency issues).

func (*Policies) FilterableInUserlandMap added in v0.16.0 

func (ps *Policies) FilterableInUserlandMap() map[*Policy]int

FilterableInUserlandMap returns a reduced policies map which must be filtered in userland (ArgFilter, RetFilter, ContextFilter, UIDFilter and PIDFilter).

func (*Policies) Lookup 

func (ps *Policies) Lookup(id int) (*Policy, error)

func (*Policies) Map 

func (ps *Policies) Map() map[*Policy]int

Map returns map with all policies.

func (*Policies) MatchedNames added in v0.15.0 

func (ps *Policies) MatchedNames(matched uint64) []string

MatchedNames returns a list of matched policies names based on the given matched bitmap.

func (*Policies) PIDFilterMax 

func (ps *Policies) PIDFilterMax() uint64

func (*Policies) PIDFilterMin 

func (ps *Policies) PIDFilterMin() uint64

func (*Policies) PIDFilterableInUserland added in v0.16.0 

func (ps *Policies) PIDFilterableInUserland() bool

func (*Policies) Set 

func (ps *Policies) Set(p *Policy) error

func (*Policies) UIDFilterMax 

func (ps *Policies) UIDFilterMax() uint64

func (*Policies) UIDFilterMin 

func (ps *Policies) UIDFilterMin() uint64

func (*Policies) UIDFilterableInUserland added in v0.16.0 

func (ps *Policies) UIDFilterableInUserland() bool

type Policy 

type Policy struct {
	ID                int
	Name              string
	EventsToTrace     map[events.ID]string
	UIDFilter         *filters.BPFUIntFilter[uint32]
	PIDFilter         *filters.BPFUIntFilter[uint32]
	NewPidFilter      *filters.BoolFilter
	MntNSFilter       *filters.BPFUIntFilter[uint64]
	PidNSFilter       *filters.BPFUIntFilter[uint64]
	UTSFilter         *filters.BPFStringFilter
	CommFilter        *filters.BPFStringFilter
	ContFilter        *filters.BoolFilter
	NewContFilter     *filters.BoolFilter
	ContIDFilter      *filters.ContainerFilter
	RetFilter         *filters.RetFilter
	ArgFilter         *filters.ArgFilter
	ContextFilter     *filters.ContextFilter
	ProcessTreeFilter *filters.ProcessTreeFilter
	BinaryFilter      *filters.BPFBinaryFilter
	Follow            bool
}

func NewPolicy 

func NewPolicy() *Policy

func (*Policy) ContainerFilterEnabled 

func (ps *Policy) ContainerFilterEnabled() bool

ContainerFilterEnabled returns true when the policy has at least one container filter type enabled

type PolicyFile added in v0.15.0 

type PolicyFile struct {
	Name           string   `yaml:"name"`
	Description    string   `yaml:"description"`
	Scope          []string `yaml:"scope"`
	DefaultActions []string `yaml:"defaultActions"`
	Rules          []Rule   `yaml:"rules"`
}

PolicyFile is the structure of the policy file

func PoliciesFromPaths added in v0.15.0 

func PoliciesFromPaths(paths []string) ([]PolicyFile, error)

PoliciesFromPaths returns a slice of policies from the given paths

func (PolicyFile) Validate added in v0.15.0 

func (p PolicyFile) Validate() error

type Rule added in v0.15.0 

type Rule struct {
	Event   string   `yaml:"event"`
	Filters []string `yaml:"filters"`
	Actions []string `yaml:"actions"`
}

Rule is the structure of the rule in the policy file

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.