Documentation
¶
Index ¶
- Constants
- func PoliciesMaxExceededError() error
- func PoliciesOutOfRangeError(idx int) error
- func PolicyAlreadyExists(policy *Policy, id int) error
- func PolicyNilError() error
- func PolicyNotFoundError(idx int) error
- type Policies
- func (ps *Policies) Add(p *Policy) error
- func (ps *Policies) Compute()
- func (ps *Policies) ContainerFilterEnabled() uint64
- func (ps *Policies) Count() int
- func (ps *Policies) Delete(id int) error
- func (ps *Policies) Lookup(id int) (*Policy, error)
- func (ps *Policies) Map() map[*Policy]int
- func (ps *Policies) PIDFilterMax() uint64
- func (ps *Policies) PIDFilterMin() uint64
- func (ps *Policies) PIDFilterableInUserSpace() bool
- func (ps *Policies) Set(p *Policy) error
- func (ps *Policies) UIDFilterMax() uint64
- func (ps *Policies) UIDFilterMin() uint64
- func (ps *Policies) UIDFilterableInUserSpace() bool
- func (ps *Policies) UserSpaceMap() map[*Policy]int
- type Policy
- type PolicyFile
- type Rule
Constants ¶
const ( UIDFilterMap = "uid_filter" PIDFilterMap = "pid_filter" MntNSFilterMap = "mnt_ns_filter" PidNSFilterMap = "pid_ns_filter" UTSFilterMap = "uts_ns_filter" CommFilterMap = "comm_filter" ProcessTreeFilterMap = "process_tree_map" CgroupIdFilterMap = "cgroup_id_filter" ContIdFilter = "cont_id_filter" BinaryFilterMap = "binary_filter" ProcInfoMap = "proc_info_map" )
const MaxPolicies = 64
Variables ¶
This section is empty.
Functions ¶
func PoliciesMaxExceededError ¶
func PoliciesMaxExceededError() error
func PoliciesOutOfRangeError ¶
func PolicyAlreadyExists ¶
func PolicyNilError ¶
func PolicyNilError() error
func PolicyNotFoundError ¶
Types ¶
type Policies ¶
type Policies struct {
// contains filtered or unexported fields
}
TODO: add locking mechanism as policies will change at runtime
func NewPolicies ¶
func NewPolicies() *Policies
func (*Policies) Add ¶
Add adds a policy to Policies. Its ID (index) is set to the first room found. Returns nil if policy is already inserted.
func (*Policies) Compute ¶
func (ps *Policies) Compute()
Compute recalculates values, updates flags and fills the reduced user space map. It must be called at initialization and at every runtime policies changes
func (*Policies) ContainerFilterEnabled ¶
ContainerFilterEnabled returns a bitmask of policies that have at least one container filter type enabled
func (*Policies) PIDFilterMax ¶
func (*Policies) PIDFilterMin ¶
func (*Policies) PIDFilterableInUserSpace ¶
func (*Policies) UIDFilterMax ¶
func (*Policies) UIDFilterMin ¶
func (*Policies) UIDFilterableInUserSpace ¶
func (*Policies) UserSpaceMap ¶
UserSpaceMap returns a reduced policies map which must be filtered in user space (ArgFilter, RetFilter, ContextFilter, UIDFilter and PIDFilter).
type Policy ¶
type Policy struct {
ID int
Name string
EventsToTrace map[events.ID]string
UIDFilter *filters.BPFUIntFilter[uint32]
PIDFilter *filters.BPFUIntFilter[uint32]
NewPidFilter *filters.BoolFilter
MntNSFilter *filters.BPFUIntFilter[uint64]
PidNSFilter *filters.BPFUIntFilter[uint64]
UTSFilter *filters.BPFStringFilter
CommFilter *filters.BPFStringFilter
ContFilter *filters.BoolFilter
NewContFilter *filters.BoolFilter
ContIDFilter *filters.ContainerFilter
RetFilter *filters.RetFilter
ArgFilter *filters.ArgFilter
ContextFilter *filters.ContextFilter
ProcessTreeFilter *filters.ProcessTreeFilter
BinaryFilter *filters.BPFBinaryFilter
Follow bool
}
func (*Policy) ContainerFilterEnabled ¶
ContainerFilterEnabled returns true when the policy has at least one container filter type enabled
type PolicyFile ¶
type PolicyFile struct {
Name string `yaml:"name"`
Description string `yaml:"description"`
Scope []string `yaml:"scope"`
DefaultAction string `yaml:"defaultAction"`
Rules []Rule `yaml:"rules"`
}
PolicyFile is the structure of the policy file
func PoliciesFromPaths ¶
func PoliciesFromPaths(paths []string) ([]PolicyFile, error)
PoliciesFromPaths returns a slice of policies from the given paths
func (PolicyFile) Validate ¶
func (p PolicyFile) Validate() error
Source Files