policy

package
v0.22.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 31, 2024 License: Apache-2.0 Imports: 19 Imported by: 1

Documentation

Index

Constants

View Source
const (
	// outer maps
	UIDFilterMapVersion         = "uid_filter_version"
	PIDFilterMapVersion         = "pid_filter_version"
	MntNSFilterMapVersion       = "mnt_ns_filter_version"
	PidNSFilterMapVersion       = "pid_ns_filter_version"
	UTSFilterMapVersion         = "uts_ns_filter_version"
	CommFilterMapVersion        = "comm_filter_version"
	CgroupIdFilterVersion       = "cgroup_id_filter_version"
	ProcessTreeFilterMapVersion = "process_tree_map_version"
	BinaryFilterMapVersion      = "binary_filter_version"
	PoliciesConfigVersion       = "policies_config_version"

	// inner maps
	UIDFilterMap         = "uid_filter"
	PIDFilterMap         = "pid_filter"
	MntNSFilterMap       = "mnt_ns_filter"
	PidNSFilterMap       = "pid_ns_filter"
	UTSFilterMap         = "uts_ns_filter"
	CommFilterMap        = "comm_filter"
	CgroupIdFilterMap    = "cgroup_id_filter"
	ProcessTreeFilterMap = "process_tree_map"
	BinaryFilterMap      = "binary_filter"
	PoliciesConfigMap    = "policies_config_map"

	ProcInfoMap = "proc_info_map"
)
View Source
const (
	PolicyMax  = int(64)
	PolicyAll  = ^uint64(0)
	PolicyNone = uint64(0)
)

Variables

View Source
var AlwaysSubmit = events.EventState{
	Submit: PolicyAll,
}

Functions

func NewPolicies

func NewPolicies() *policies

func PoliciesMaxExceededError

func PoliciesMaxExceededError() error

func PoliciesOutOfRangeError

func PoliciesOutOfRangeError(idx int) error

func PolicyAlreadyExistsError added in v0.21.0

func PolicyAlreadyExistsError(name string, idx int) error

func PolicyNilError

func PolicyNilError() error

func PolicyNotFoundByIDError added in v0.18.0

func PolicyNotFoundByIDError(idx int) error

func PolicyNotFoundByNameError added in v0.18.0

func PolicyNotFoundByNameError(name string) error

func Snapshots added in v0.20.0

func Snapshots() *snapshots

Types

type PoliciesConfig added in v0.20.0

type PoliciesConfig struct {
	UIDFilterEnabledScopes      uint64
	PIDFilterEnabledScopes      uint64
	MntNsFilterEnabledScopes    uint64
	PidNsFilterEnabledScopes    uint64
	UtsNsFilterEnabledScopes    uint64
	CommFilterEnabledScopes     uint64
	CgroupIdFilterEnabledScopes uint64
	ContFilterEnabledScopes     uint64
	NewContFilterEnabledScopes  uint64
	NewPidFilterEnabledScopes   uint64
	ProcTreeFilterEnabledScopes uint64
	BinPathFilterEnabledScopes  uint64
	FollowFilterEnabledScopes   uint64

	UIDFilterOutScopes      uint64
	PIDFilterOutScopes      uint64
	MntNsFilterOutScopes    uint64
	PidNsFilterOutScopes    uint64
	UtsNsFilterOutScopes    uint64
	CommFilterOutScopes     uint64
	CgroupIdFilterOutScopes uint64
	ContFilterOutScopes     uint64
	NewContFilterOutScopes  uint64
	NewPidFilterOutScopes   uint64
	ProcTreeFilterOutScopes uint64
	BinPathFilterOutScopes  uint64

	EnabledScopes uint64

	UidMax uint64
	UidMin uint64
	PidMax uint64
	PidMin uint64
}

PoliciesConfig mirrors the C struct policies_config (policies_config_t). Order of fields is important, as it is used as a value for the PoliciesConfigMap BPF map.

func (*PoliciesConfig) UpdateBPF added in v0.20.0

func (pc *PoliciesConfig) UpdateBPF(bpfConfigMap *bpf.BPFMapLow) error

type Policy

type Policy struct {
	ID                int
	Name              string
	EventsToTrace     map[events.ID]string
	UIDFilter         *filters.UIntFilter[uint32]
	PIDFilter         *filters.UIntFilter[uint32]
	NewPidFilter      *filters.BoolFilter
	MntNSFilter       *filters.UIntFilter[uint64]
	PidNSFilter       *filters.UIntFilter[uint64]
	UTSFilter         *filters.StringFilter
	CommFilter        *filters.StringFilter
	ContFilter        *filters.BoolFilter
	NewContFilter     *filters.BoolFilter
	ContIDFilter      *filters.StringFilter
	RetFilter         *filters.RetFilter
	DataFilter        *filters.DataFilter
	ScopeFilter       *filters.ScopeFilter
	ProcessTreeFilter *filters.ProcessTreeFilter
	BinaryFilter      *filters.BinaryFilter
	Follow            bool
}

func NewPolicy

func NewPolicy() *Policy

func (*Policy) Clone added in v0.20.0

func (p *Policy) Clone() *Policy

func (*Policy) ContainerFilterEnabled

func (p *Policy) ContainerFilterEnabled() bool

ContainerFilterEnabled returns true if the policy has at least one container filter type enabled.

type PolicyManager added in v0.22.0

type PolicyManager struct {
	// contains filtered or unexported fields
}

PolicyManager is a thread-safe struct that manages the enabled policies for each rule

func NewPolicyManager added in v0.22.0

func NewPolicyManager(policies ...*Policy) *PolicyManager

func (*PolicyManager) CreateAllIterator added in v0.22.0

func (pm *PolicyManager) CreateAllIterator() utils.Iterator[*Policy]

func (*PolicyManager) CreateUserlandIterator added in v0.22.0

func (pm *PolicyManager) CreateUserlandIterator() utils.Iterator[*Policy]

func (*PolicyManager) DisableEvent added in v0.22.0

func (pm *PolicyManager) DisableEvent(id events.ID)

DisableEvent disables a given event

func (*PolicyManager) DisableRule added in v0.22.0

func (pm *PolicyManager) DisableRule(policyId int, id events.ID) error

DisableRule disables a rule for a given event policy

func (*PolicyManager) EnableEvent added in v0.22.0

func (pm *PolicyManager) EnableEvent(id events.ID)

EnableEvent enables a given event

func (*PolicyManager) EnableRule added in v0.22.0

func (pm *PolicyManager) EnableRule(policyId int, id events.ID) error

EnableRule enables a rule for a given event policy

func (*PolicyManager) FilterableInUserland added in v0.22.0

func (pm *PolicyManager) FilterableInUserland(bitmap uint64) bool

func (*PolicyManager) IsEnabled added in v0.22.0

func (pm *PolicyManager) IsEnabled(matchedPolicies uint64, id events.ID) bool

IsEnabled tests if a event, or a policy per event is enabled (in the future it will also check if a policy is enabled) TODO: add metrics about an event being enabled/disabled, or a policy being enabled/disabled?

func (*PolicyManager) IsEventEnabled added in v0.22.0

func (pm *PolicyManager) IsEventEnabled(id events.ID) bool

IsEventEnabled returns true if a given event policy is enabled for a given rule

func (*PolicyManager) IsRuleEnabled added in v0.22.0

func (pm *PolicyManager) IsRuleEnabled(matchedPolicies uint64, id events.ID) bool

IsRuleEnabled returns true if a given event policy is enabled for a given rule

func (*PolicyManager) LookupByName added in v0.22.0

func (pm *PolicyManager) LookupByName(name string) (*Policy, error)

func (*PolicyManager) MatchedNames added in v0.22.0

func (pm *PolicyManager) MatchedNames(matched uint64) []string

func (*PolicyManager) UpdateBPF added in v0.22.0

func (pm *PolicyManager) UpdateBPF(
	bpfModule *bpf.Module,
	cts *containers.Containers,
	eventsState map[events.ID]events.EventState,
	eventsParams map[events.ID][]bufferdecoder.ArgType,
	createNewMaps bool,
	updateProcTree bool,
) (*PoliciesConfig, error)

func (*PolicyManager) WithContainerFilterEnabled added in v0.22.0

func (pm *PolicyManager) WithContainerFilterEnabled() uint64

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL