bpfrecorder

package

v0.8.4 Latest Latest Go to latest Published: Jun 4, 2024 License: Apache-2.0 Imports: 42 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/security-profiles-operator

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Variables
func BPFLSMEnabled() bool
func Dial() (*grpc.ClientConn, context.CancelFunc, error)
type AppArmorRecorder
type BpfAppArmorFileProcessed
type BpfAppArmorProcessed
type BpfAppArmorSocketTypes
type BpfRecorder
- func New(programName string, logger logr.Logger, recordSeccomp, recordAppArmor bool) *BpfRecorder
type SeccompRecorder

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrNotFound = errors.New("no recorded profile found")

ErrNotFound is the GRPC error if no recorded profile found.

Functions ¶

func BPFLSMEnabled ¶ added in v0.8.4

func BPFLSMEnabled() bool

func Dial ¶

func Dial() (*grpc.ClientConn, context.CancelFunc, error)

Dial can be used to connect to the default GRPC server by creating a new client.

Types ¶

type AppArmorRecorder ¶ added in v0.8.4

type AppArmorRecorder struct {
	// contains filtered or unexported fields
}

func (*AppArmorRecorder) GetAppArmorProcessed ¶ added in v0.8.4

func (b *AppArmorRecorder) GetAppArmorProcessed() BpfAppArmorProcessed

func (*AppArmorRecorder) Load ¶ added in v0.8.4

func (*AppArmorRecorder) Load(b *BpfRecorder) error

func (*AppArmorRecorder) Unload ¶ added in v0.8.4

func (b *AppArmorRecorder) Unload()

type BpfAppArmorFileProcessed ¶ added in v0.8.3

type BpfAppArmorFileProcessed struct {
	AllowedExecutables []string
	AllowedLibraries   []string
	ReadOnlyPaths      []string
	WriteOnlyPaths     []string
	ReadWritePaths     []string
}

type BpfAppArmorProcessed ¶ added in v0.8.3

type BpfAppArmorProcessed struct {
	FileProcessed BpfAppArmorFileProcessed
	Socket        BpfAppArmorSocketTypes
	Capabilities  []string
}

type BpfAppArmorSocketTypes ¶ added in v0.8.4

type BpfAppArmorSocketTypes struct {
	UseRaw bool
	UseTCP bool
	UseUDP bool
}

type BpfRecorder ¶

type BpfRecorder struct {
	api.UnimplementedBpfRecorderServer

	AppArmor *AppArmorRecorder
	Seccomp  *SeccompRecorder
	// contains filtered or unexported fields
}

BpfRecorder is the main structure of this package.

func New ¶

func New(programName string, logger logr.Logger, recordSeccomp, recordAppArmor bool) *BpfRecorder

New returns a new BpfRecorder instance.

func (*BpfRecorder) FindProcMountNamespace ¶ added in v0.7.0

func (b *BpfRecorder) FindProcMountNamespace(pid uint32) (uint32, error)

FindProcMountNamespace is looking up the mnt ns for a given PID.

func (*BpfRecorder) Load ¶ added in v0.7.0

func (b *BpfRecorder) Load(startEventProcessor bool) (err error)

Load prestarts the bpf recorder.

func (*BpfRecorder) Run ¶

func (b *BpfRecorder) Run() error

Run the BpfRecorder.

func (*BpfRecorder) Start ¶

func (b *BpfRecorder) Start(
	context.Context, *api.EmptyRequest,
) (*api.EmptyResponse, error)

func (*BpfRecorder) Stop ¶

func (b *BpfRecorder) Stop(
	context.Context, *api.EmptyRequest,
) (*api.EmptyResponse, error)

func (*BpfRecorder) Syscalls ¶ added in v0.7.0

func (b *BpfRecorder) Syscalls() *bpf.BPFMap

Syscalls returns the bpf map containing the PID (key) to syscalls (value) data.

func (*BpfRecorder) SyscallsForProfile ¶

func (b *BpfRecorder) SyscallsForProfile(
	_ context.Context, r *api.ProfileRequest,
) (*api.SyscallsResponse, error)

SyscallsForProfile returns the syscall names for the provided profile name.

func (*BpfRecorder) Unload ¶ added in v0.7.0

func (b *BpfRecorder) Unload()

Unload can be used to reset the bpf recorder.

func (*BpfRecorder) WaitForPidExit ¶ added in v0.8.3

func (b *BpfRecorder) WaitForPidExit(ctx context.Context, pid uint32) error

When running outside of Kubernetes as spoc, we have the use case of waiting for a specific PID to exit.

type SeccompRecorder ¶ added in v0.8.4

type SeccompRecorder struct {
	// contains filtered or unexported fields
}

func (*SeccompRecorder) Load ¶ added in v0.8.4

func (s *SeccompRecorder) Load(b *BpfRecorder) error

func (*SeccompRecorder) PopSyscalls ¶ added in v0.8.4

func (s *SeccompRecorder) PopSyscalls(b *BpfRecorder, mntns uint32) ([]string, error)

func (*SeccompRecorder) Unload ¶ added in v0.8.4

func (s *SeccompRecorder) Unload()

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
bpfrecorderfakes Code generated by counterfeiter.	Code generated by counterfeiter.
generate
types

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL