Skip to content

Commit

Permalink
update bpf readme (#50674)
Browse files Browse the repository at this point in the history
  • Loading branch information
@stevenGravy
stevenGravy authored Jan 3, 2025
1 parent 194beeb commit dc933c5
Showing 1 changed file with 2 additions and 8 deletions.
10 changes: 2 additions & 8 deletions bpf/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,17 +79,11 @@ Example:

## BPF in Teleport

Teleport uses BPF to implement enhanced session recording and restricted networking. Both features work only on Linux with
Teleport uses BPF to implement enhanced session recording. Enhanced session recording works only on Linux with
the kernel 5.8+. Enhanced session recording records all:
* exec family system calls
* open family system calls
* network connections

All events are recorded in the audit log. See https://goteleport.com/docs/server-access/guides/bpf-session-recording/.

Restricted networking allows you to restrict network access for users.
It's implemented by using LSM hooks and BPF programs (
see https://goteleport.com/docs/server-access/guides/restricted-session/).
On ubuntu systems LSM hooks are not enabled in some versions.
Here are the instructions on how to enable them https://github.com/gravitational/teleport/issues/8089#issuecomment-924990678.
All events are recorded in the audit log. See https://goteleport.com/docs/enroll-resources/server-access/guides/bpf-session-recording/.

0 comments on commit dc933c5

Please sign in to comment.