bpfrecorder

package

v0.8.3 Latest Latest Go to latest Published: Apr 8, 2024 License: Apache-2.0 Imports: 39 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/security-profiles-operator

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Variables
func Dial() (*grpc.ClientConn, context.CancelFunc, error)
type AppArmor
- func (*AppArmor) AddSpecificInstrumentation(b *BpfRecorder, module *bpf.Module) error
- func (*AppArmor) SetupAndProcessSpecificEvents(b *BpfRecorder, module *bpf.Module) error
type BpfAppArmorFileProcessed
type BpfAppArmorProcessed
type BpfAppArmorSocketEvent
type BpfRecorder
type Seccomp
- func (*Seccomp) AddSpecificInstrumentation(_ *BpfRecorder, _ *bpf.Module) error
- func (*Seccomp) SetupAndProcessSpecificEvents(_ *BpfRecorder, _ *bpf.Module) error

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrNotFound = errors.New("no recorded profile found")

ErrNotFound is the GRPC error if no recorded profile found.

Functions ¶

func Dial ¶

func Dial() (*grpc.ClientConn, context.CancelFunc, error)

Dial can be used to connect to the default GRPC server by creating a new client.

Types ¶

type AppArmor ¶ added in v0.8.3

type AppArmor struct{}

func (*AppArmor) AddSpecificInstrumentation ¶ added in v0.8.3

func (*AppArmor) AddSpecificInstrumentation(b *BpfRecorder, module *bpf.Module) error

func (*AppArmor) SetupAndProcessSpecificEvents ¶ added in v0.8.3

func (*AppArmor) SetupAndProcessSpecificEvents(b *BpfRecorder, module *bpf.Module) error

type BpfAppArmorFileProcessed ¶ added in v0.8.3

type BpfAppArmorFileProcessed struct {
	AllowedExecutables []string
	AllowedLibraries   []string
	ReadOnlyPaths      []string
	WriteOnlyPaths     []string
	ReadWritePaths     []string
}

type BpfAppArmorProcessed ¶ added in v0.8.3

type BpfAppArmorProcessed struct {
	FileProcessed BpfAppArmorFileProcessed
	Socket        BpfAppArmorSocketEvent
	Capabilities  []string
}

type BpfAppArmorSocketEvent ¶ added in v0.8.3

type BpfAppArmorSocketEvent struct {
	UseRaw bool
	UseTCP bool
	UseUDP bool
}

type BpfRecorder ¶

type BpfRecorder struct {
	api.UnimplementedBpfRecorderServer
	// contains filtered or unexported fields
}

BpfRecorder is the main structure of this package.

func New ¶

func New(logger logr.Logger) *BpfRecorder

New returns a new BpfRecorder instance.

func NewAppArmor ¶ added in v0.8.3

func NewAppArmor(logger logr.Logger) *BpfRecorder

NewAppArmor returns a new BpfRecorder instance.

func NewSeccomp ¶ added in v0.8.3

func NewSeccomp(logger logr.Logger) *BpfRecorder

NewSeccomp returns a new BpfRecorder instance for seccomp profiles.

func (*BpfRecorder) FilterProgramName ¶ added in v0.7.0

func (b *BpfRecorder) FilterProgramName(filter string)

FilterProgramName can be used to filter on a specific program name.

func (*BpfRecorder) FindProcMountNamespace ¶ added in v0.7.0

func (b *BpfRecorder) FindProcMountNamespace(pid uint32) (uint32, error)

FindProcMountNamespace is looking up the mnt ns for a given PID.

func (*BpfRecorder) GetAppArmorProcessed ¶ added in v0.8.3

func (b *BpfRecorder) GetAppArmorProcessed() BpfAppArmorProcessed

func (*BpfRecorder) Load ¶ added in v0.7.0

func (b *BpfRecorder) Load(startEventProcessor bool) (err error)

Load prestarts the bpf recorder.

func (*BpfRecorder) Run ¶

func (b *BpfRecorder) Run() error

Run the BpfRecorder.

func (*BpfRecorder) Start ¶

func (b *BpfRecorder) Start(
	context.Context, *api.EmptyRequest,
) (*api.EmptyResponse, error)

func (*BpfRecorder) Stop ¶

func (b *BpfRecorder) Stop(
	context.Context, *api.EmptyRequest,
) (*api.EmptyResponse, error)

func (*BpfRecorder) Syscalls ¶ added in v0.7.0

func (b *BpfRecorder) Syscalls() *bpf.BPFMap

Syscalls returns the bpf map containing the PID (key) to syscalls (value) data.

func (*BpfRecorder) SyscallsForProfile ¶

func (b *BpfRecorder) SyscallsForProfile(
	_ context.Context, r *api.ProfileRequest,
) (*api.SyscallsResponse, error)

SyscallsForProfile returns the syscall names for the provided profile name.

func (*BpfRecorder) Unload ¶ added in v0.7.0

func (b *BpfRecorder) Unload()

Unload can be used to reset the bpf recorder.

func (*BpfRecorder) WaitForPidExit ¶ added in v0.8.3

func (b *BpfRecorder) WaitForPidExit(pid uint32, timeout time.Duration) error

type Seccomp ¶ added in v0.8.3

type Seccomp struct{}

func (*Seccomp) AddSpecificInstrumentation ¶ added in v0.8.3

func (*Seccomp) AddSpecificInstrumentation(_ *BpfRecorder, _ *bpf.Module) error

func (*Seccomp) SetupAndProcessSpecificEvents ¶ added in v0.8.3

func (*Seccomp) SetupAndProcessSpecificEvents(_ *BpfRecorder, _ *bpf.Module) error

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
bpfrecorderfakes Code generated by counterfeiter.	Code generated by counterfeiter.
generate
types

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL