Documentation ¶
Index ¶
Constants ¶
View Source
const (
// DefaultRuntimePoliciesDir is the default policies directory used by the runtime security module
DefaultRuntimePoliciesDir = "/etc/datadog-agent/runtime-security.d"
)
Variables ¶
View Source
var All = []api.Factory{ NetworkTracer, TCPQueueLength, OOMKillProbe, SecurityRuntime, Process, }
All System Probe modules should register their factories here
View Source
var ErrProcessUnsupported = errors.New("process module unsupported")
ErrProcessUnsupported is an error type indicating that the process module is not support in the running environment
View Source
var ErrSysprobeUnsupported = errors.New("system-probe unsupported")
ErrSysprobeUnsupported is the unsupported error prefix, for error-class matching from callers
View Source
var NetworkTracer = api.Factory{ Name: config.NetworkTracerModule, Fn: func(cfg *config.Config) (api.Module, error) { ncfg := networkconfig.New() if supported, msg := tracer.IsTracerSupportedByOS(ncfg.ExcludedBPFLinuxVersions); !supported { return nil, fmt.Errorf("%w: %s", ErrSysprobeUnsupported, msg) } klog.Infof("Creating tracer for: %s", filepath.Base(os.Args[0])) t, err := tracer.NewTracer(ncfg) return &networkTracer{tracer: t}, err }, }
NetworkTracer is a factory for NPM's tracer
View Source
var OOMKillProbe = api.Factory{ Name: config.OOMKillProbeModule, Fn: func(cfg *config.Config) (api.Module, error) { klog.Infof("Starting the OOM Kill probe") okp, err := probe.NewOOMKillProbe(ebpf.NewConfig()) if err != nil { return nil, errors.Wrapf(err, "unable to start the OOM kill probe") } return &oomKillModule{okp}, nil }, }
OOMKillProbe Factory
View Source
var Process = api.Factory{ Name: config.ProcessModule, Fn: func(cfg *config.Config) (api.Module, error) { klog.Infof("Creating process module for: %s", filepath.Base(os.Args[0])) p := procutil.NewProcessProbe(procutil.WithReturnZeroPermStats(false)) if p == nil { return nil, ErrProcessUnsupported } return &process{probe: p}, nil }, }
Process is a module that fetches process level data
View Source
var SecurityRuntime = api.Factory{ Name: config.SecurityRuntimeModule, Fn: func(agentConfig *config.Config) (api.Module, error) { config, err := sconfig.NewConfig(agentConfig) if err != nil { return nil, errors.Wrap(err, "invalid security runtime module configuration") } module, err := secmodule.NewModule(config) if err == ebpf.ErrNotImplemented { klog.Info("Datadog runtime security agent is only supported on Linux") return nil, api.ErrNotEnabled } return module, err }, }
SecurityRuntime - Security runtime Factory
View Source
var TCPQueueLength = api.Factory{ Name: config.TCPQueueLengthTracerModule, Fn: func(cfg *config.Config) (api.Module, error) { t, err := probe.NewTCPQueueLengthTracer(ebpf.NewConfig()) if err != nil { return nil, errors.Wrapf(err, "unable to start the TCP queue length tracer") } return &tcpQueueLengthModule{t}, nil }, }
TCPQueueLength Factory
Functions ¶
This section is empty.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.