From c5b5afb17bad8a69e5e6f5a952d684f16cf4c2a8 Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Fri, 26 Apr 2024 19:55:12 +0000 Subject: [PATCH] tetragon: Add support to set policy name for program Signed-off-by: Jiri Olsa --- pkg/sensors/base/base.go | 8 ++++---- pkg/sensors/program/program.go | 8 ++++++++ pkg/sensors/tracing/generickprobe.go | 12 ++++++++---- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/pkg/sensors/base/base.go b/pkg/sensors/base/base.go index 36fae85eed1..41aa3739bd2 100644 --- a/pkg/sensors/base/base.go +++ b/pkg/sensors/base/base.go @@ -22,7 +22,7 @@ var ( "tracepoint/sys_execve", "event_execve", "execve", - ) + ).SetPolicy("base") ExecveBprmCommit = program.Builder( "bpf_execve_bprm_commit_creds.o", @@ -30,7 +30,7 @@ var ( "kprobe/security_bprm_committing_creds", "tg_kp_bprm_committing_creds", "kprobe", - ) + ).SetPolicy("base") Exit = program.Builder( "bpf_exit.o", @@ -38,7 +38,7 @@ var ( "kprobe/acct_process", "event_exit", "kprobe", - ) + ).SetPolicy("base") Fork = program.Builder( "bpf_fork.o", @@ -46,7 +46,7 @@ var ( "kprobe/wake_up_new_task", "kprobe_pid_clear", "kprobe", - ) + ).SetPolicy("base") CgroupRmdir = program.Builder( "bpf_cgroup.o", diff --git a/pkg/sensors/program/program.go b/pkg/sensors/program/program.go index cede3c1966e..4146ab2f0bb 100644 --- a/pkg/sensors/program/program.go +++ b/pkg/sensors/program/program.go @@ -117,6 +117,9 @@ type Program struct { Link link.Link Prog *ebpf.Program + + // policy name the program belongs to + Policy string } func (p *Program) SetRetProbe(ret bool) *Program { @@ -134,6 +137,11 @@ func (p *Program) SetAttachData(d interface{}) *Program { return p } +func (p *Program) SetPolicy(policy string) *Program { + p.Policy = policy + return p +} + func (p *Program) Unload() error { if p.unloader == nil { return nil diff --git a/pkg/sensors/tracing/generickprobe.go b/pkg/sensors/tracing/generickprobe.go index 87c4007c173..222b31fc68c 100644 --- a/pkg/sensors/tracing/generickprobe.go +++ b/pkg/sensors/tracing/generickprobe.go @@ -292,7 +292,8 @@ func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.E "kprobe.multi/generic_kprobe", pinPath, "generic_kprobe"). - SetLoaderData(multiIDs) + SetLoaderData(multiIDs). + SetPolicy(policyName) progs = append(progs, load) fdinstall := program.MapBuilderPin("fdinstall_map", sensors.PathJoin(sensorPath, "fdinstall_map"), load) @@ -345,7 +346,8 @@ func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.E "multi_retkprobe", "generic_kprobe"). SetRetProbe(true). - SetLoaderData(multiRetIDs) + SetLoaderData(multiRetIDs). + SetPolicy(policyName) progs = append(progs, loadret) retProbe := program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), loadret) @@ -824,7 +826,8 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string, "kprobe/generic_kprobe", pinProg, "generic_kprobe"). - SetLoaderData(kprobeEntry.tableId) + SetLoaderData(kprobeEntry.tableId). + SetPolicy(kprobeEntry.policyName) load.Override = kprobeEntry.hasOverride if load.Override { load.OverrideFmodRet = isSecurityFunc && bpf.HasModifyReturn() @@ -884,7 +887,8 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string, pinRetProg, "generic_kprobe"). SetRetProbe(true). - SetLoaderData(kprobeEntry.tableId) + SetLoaderData(kprobeEntry.tableId). + SetPolicy(kprobeEntry.policyName) progs = append(progs, loadret) retProbe := program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), loadret)