Skip to content

Commit

Permalink
tetragon: Add support to set policy name for program
Browse files Browse the repository at this point in the history 
Signed-off-by: Jiri Olsa <[email protected]>
  • Loading branch information
@olsajiri
olsajiri committed May 11, 2024
1 parent 708d347 commit c5b5afb
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 8 deletions.
8 changes: 4 additions & 4 deletions pkg/sensors/base/base.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,31 +22,31 @@ var (
"tracepoint/sys_execve",
"event_execve",
"execve",
)
).SetPolicy("base")

ExecveBprmCommit = program.Builder(
"bpf_execve_bprm_commit_creds.o",
"security_bprm_committing_creds",
"kprobe/security_bprm_committing_creds",
"tg_kp_bprm_committing_creds",
"kprobe",
)
).SetPolicy("base")

Exit = program.Builder(
"bpf_exit.o",
"acct_process",
"kprobe/acct_process",
"event_exit",
"kprobe",
)
).SetPolicy("base")

Fork = program.Builder(
"bpf_fork.o",
"wake_up_new_task",
"kprobe/wake_up_new_task",
"kprobe_pid_clear",
"kprobe",
)
).SetPolicy("base")

CgroupRmdir = program.Builder(
"bpf_cgroup.o",
Expand Down
8 changes: 8 additions & 0 deletions pkg/sensors/program/program.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,9 @@ type Program struct {

Link link.Link
Prog *ebpf.Program

// policy name the program belongs to
Policy string
}

func (p *Program) SetRetProbe(ret bool) *Program {
Expand All @@ -134,6 +137,11 @@ func (p *Program) SetAttachData(d interface{}) *Program {
return p
}

func (p *Program) SetPolicy(policy string) *Program {
p.Policy = policy
return p
}

func (p *Program) Unload() error {
if p.unloader == nil {
return nil
Expand Down
12 changes: 8 additions & 4 deletions pkg/sensors/tracing/generickprobe.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,8 @@ func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.E
"kprobe.multi/generic_kprobe",
pinPath,
"generic_kprobe").
SetLoaderData(multiIDs)
SetLoaderData(multiIDs).
SetPolicy(policyName)
progs = append(progs, load)

fdinstall := program.MapBuilderPin("fdinstall_map", sensors.PathJoin(sensorPath, "fdinstall_map"), load)
Expand Down Expand Up @@ -345,7 +346,8 @@ func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.E
"multi_retkprobe",
"generic_kprobe").
SetRetProbe(true).
SetLoaderData(multiRetIDs)
SetLoaderData(multiRetIDs).
SetPolicy(policyName)
progs = append(progs, loadret)

retProbe := program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), loadret)
Expand Down Expand Up @@ -824,7 +826,8 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string,
"kprobe/generic_kprobe",
pinProg,
"generic_kprobe").
SetLoaderData(kprobeEntry.tableId)
SetLoaderData(kprobeEntry.tableId).
SetPolicy(kprobeEntry.policyName)
load.Override = kprobeEntry.hasOverride
if load.Override {
load.OverrideFmodRet = isSecurityFunc && bpf.HasModifyReturn()
Expand Down Expand Up @@ -884,7 +887,8 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string,
pinRetProg,
"generic_kprobe").
SetRetProbe(true).
SetLoaderData(kprobeEntry.tableId)
SetLoaderData(kprobeEntry.tableId).
SetPolicy(kprobeEntry.policyName)
progs = append(progs, loadret)

retProbe := program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), loadret)
Expand Down

0 comments on commit c5b5afb

Please sign in to comment.