Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AppArmorEvent ¶
type AppArmorEvent struct { Version uint32 `json:"version"` Event uint32 `json:"event"` PID uint64 `json:"pid"` PeerPID uint64 `json:"peerPID"` Task uint64 `json:"task"` MagicToken uint64 `json:"magicToken"` Epoch int64 `json:"epoch"` AuditSubId uint32 `json:"auditSubId"` BitMask int32 `json:"bitMask"` AuditId string `json:"auditID"` Operation string `json:"operation"` DeniedMask string `json:"deniedMask"` RequestedMask string `json:"requestedMask"` Fsuid uint64 `json:"fsuid"` Ouid uint64 `json:"ouid"` Profile string `json:"profile"` PeerProfile string `json:"peerProfile"` Comm string `json:"comm"` Name string `json:"name"` Name2 string `json:"name2"` Namespace string `json:"namespace"` Attribute string `json:"attribute"` Parent uint64 `json:"parent"` Info string `json:"info"` PeerInfo string `json:"peerInfo"` ErrorCode int32 `json:"errorCode"` ActiveHat string `json:"activeHat"` NetFamily string `json:"netFamily"` NetProtocol string `json:"netProtocol"` NetSockType string `json:"netSockType"` NetLocalAddr string `json:"netLocalAddr"` NetLocalPort uint64 `json:"netLocalPort"` NetForeignAddr string `json:"netForeignAddr"` NetForeignPort uint64 `json:"netForeignPort"` DbusBus string `json:"dbusBus"` DbusPath string `json:"dbusPath"` DbusInterface string `json:"dbusInterface"` DbusMember string `json:"dbusMember"` Signal string `json:"signal"` Peer string `json:"peer"` FsType string `json:"fsType"` Flags string `json:"flags"` SrcName string `json:"srcName"` }
type Auditor ¶
type Auditor struct { TaskStartCh chan varmortypes.ContainerInfo TaskDeleteCh chan varmortypes.ContainerInfo TaskDeleteSyncCh chan bool // contains filtered or unexported fields }
func NewAuditor ¶
func NewAuditor(nodeName string, appArmorSupported, bpfLsmSupported, enableBehaviorModeling bool, auditLogPaths string, log logr.Logger) (*Auditor, error)
NewAuditor creates an auditor to audit the violations of target containers
func (*Auditor) AddBehaviorEventNotifyChs ¶
func (auditor *Auditor) AddBehaviorEventNotifyChs(subscriber string, auditEventCh *chan string, bpfEventCh *chan bpfenforcer.BpfEvent)
func (*Auditor) DeleteBehaviorEventNotifyCh ¶
type BpfCapabilityEvent ¶
type BpfCapabilityEvent struct {
Capability string `json:"capability"`
}
type BpfMountEvent ¶
type BpfNetworkConnectEvent ¶
type BpfNetworkCreateEvent ¶
type BpfPathEvent ¶
type BpfPtraceEvent ¶
Click to show internal directories.
Click to hide internal directories.