securityprofile

package
v0.0.0-...-340919a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 9, 2026 License: Apache-2.0 Imports: 43 Imported by: 0

Documentation

Overview

Package securityprofile holds security profiles related files

Package securityprofile holds security profiles related files

Index

Constants

View Source 
const (
	// ActivityDumpSource defines the source of activity dumps
	ActivityDumpSource = "runtime-security-agent"
	// DefaultProfileName used as default profile name
	DefaultProfileName = "default"
)

Variables

View Source 
var ErrActivityDumpManagerDisabled = errors.New("ActivityDumpManager is disabled")

ErrActivityDumpManagerDisabled is returned when the activity dump manager is disabled

View Source 
var ErrSecurityProfileManagerDisabled = errors.New("SecurityProfileManager is disabled")

ErrSecurityProfileManagerDisabled is returned when the security profile manager is disabled

View Source 
var (
	// TracedEventTypesReductionOrder is the order by which event types are reduced
	TracedEventTypesReductionOrder = []model.EventType{model.BindEventType, model.IMDSEventType, model.DNSEventType, model.SyscallsEventType, model.FileOpenEventType}
)

Functions

func GenerateRules 

func GenerateRules(ads []*profile.Profile, opts SECLRuleOpts) []*rules.RuleDefinition

GenerateRules return rules from activity dumps

func LoadActivityDumpsFromFiles 

func LoadActivityDumpsFromFiles(path string) ([]*profile.Profile, error)

LoadActivityDumpsFromFiles load ads from a file or a directory

Types

type EventFilteringResult 

type EventFilteringResult uint8

EventFilteringResult is used to compute metrics for the event filtering feature 

const (
	// NA not applicable for profil NoProfile and ProfileAtMaxSize state
	NA EventFilteringResult = iota
	// InProfile is used to count the events that matched a profile
	InProfile
	// NotInProfile is used to count the events that didn't match their profile
	NotInProfile
)

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager is the manager for activity dumps and security profiles

func NewManager 

func NewManager(cfg *config.Config, statsdClient statsd.ClientInterface, ebpf *ebpfmanager.Manager, resolvers *resolvers.EBPFResolvers, kernelVersion *kernel.Version, newEvent func() *model.Event, dumpHandler backend.ActivityDumpHandler, ipc ipc.Component) (*Manager, error)

NewManager returns a new instance of the security profile manager

func (*Manager) DumpActivity 

func (m *Manager) DumpActivity(params *api.ActivityDumpParams) (*api.ActivityDumpMessage, error)

DumpActivity handles an activity dump request

func (*Manager) FillProfileContextFromWorkloadID 

func (m *Manager) FillProfileContextFromWorkloadID(id containerutils.WorkloadID, ctx *model.SecurityProfileContext, imageTag string)

FillProfileContextFromWorkloadID fills the given ctx with workload id infos

func (*Manager) FinalizeKernelEventCollection 

func (m *Manager) FinalizeKernelEventCollection(ad *dump.ActivityDump, releaseTracedCgroupSpot bool)

FinalizeKernelEventCollection finalizes an active dump: envs and args are scrubbed, tags, service and container ID are set. If a cgroup spot can be released, the dump will be fully stopped.

func (*Manager) GenerateTranscoding 

func (m *Manager) GenerateTranscoding(params *api.TranscodingRequestParams) (*api.TranscodingRequestMessage, error)

GenerateTranscoding executes the requested transcoding operation

func (*Manager) GetNodesInProcessCache 

func (m *Manager) GetNodesInProcessCache() map[activity_tree.ImageProcessKey]bool

GetNodesInProcessCache returns a map with ImageProcessKey as key and bool as value for all filepaths in the process cache

func (*Manager) HandleCGroupTracingEvent 

func (m *Manager) HandleCGroupTracingEvent(event *model.CgroupTracingEvent)

HandleCGroupTracingEvent handles a cgroup tracing event

func (*Manager) HasActiveActivityDump 

func (m *Manager) HasActiveActivityDump(event *model.Event) bool

HasActiveActivityDump returns true if the given event has an active dump

func (*Manager) ListActivityDumps 

func (m *Manager) ListActivityDumps(_ *api.ActivityDumpListParams) (*api.ActivityDumpListMessage, error)

ListActivityDumps returns the list of active activity dumps

func (*Manager) ListSecurityProfiles 

func (m *Manager) ListSecurityProfiles(params *api.SecurityProfileListParams) (*api.SecurityProfileListMessage, error)

ListSecurityProfiles returns the list of security profiles

func (*Manager) LookupEventInProfiles 

func (m *Manager) LookupEventInProfiles(event *model.Event)

LookupEventInProfiles lookups event in profiles

func (*Manager) ProcessEvent 

func (m *Manager) ProcessEvent(event *model.Event)

ProcessEvent processes a new event and insert it in an activity dump if applicable

func (*Manager) SaveSecurityProfile 

func (m *Manager) SaveSecurityProfile(params *api.SecurityProfileSaveParams) (*api.SecurityProfileSaveMessage, error)

SaveSecurityProfile saves the requested security profile to disk

func (*Manager) SendStats 

func (m *Manager) SendStats() error

SendStats sends the manager stats

func (*Manager) Start 

func (m *Manager) Start(ctx context.Context)

Start runs the manager

func (*Manager) StopActivityDump 

func (m *Manager) StopActivityDump(params *api.ActivityDumpStopParams) (*api.ActivityDumpStopMessage, error)

StopActivityDump stops an active activity dump

func (*Manager) SyncTracedCgroups 

func (m *Manager) SyncTracedCgroups()

SyncTracedCgroups recovers lost CGroup tracing events by going through the kernel space map of cgroups

type SECLRuleOpts 

type SECLRuleOpts struct {
	EnableKill bool
	AllowList  bool
	Lineage    bool
	ImageName  string
	ImageTag   string
	Service    string
	FIM        bool
}

SECLRuleOpts defines SECL rules options

type SeccompProfile 

type SeccompProfile struct {
	DefaultAction string          `yaml:"defaultAction" json:"defaultAction"`
	Syscalls      []SyscallPolicy `yaml:"syscalls" json:"syscalls"`
}

SeccompProfile represents a Seccomp profile

func GenerateSeccompProfile 

func GenerateSeccompProfile(ads []*profile.Profile) *SeccompProfile

GenerateSeccompProfile returns a seccomp a profile

type SyscallPolicy 

type SyscallPolicy struct {
	Names  []string `yaml:"names" json:"names"`
	Action string   `yaml:"action" json:"action"`
}

SyscallPolicy represents the policy in a seccomp profile

type WorkloadEvent 

type WorkloadEvent struct {
	Type     WorkloadEventType
	Workload *tags.Workload
}

WorkloadEvent represents an ordered workload event

type WorkloadEventType 

type WorkloadEventType int

WorkloadEventType represents the type of workload event 

const (
	// WorkloadEventResolved indicates a workload selector was resolved
	WorkloadEventResolved WorkloadEventType = iota
	// WorkloadEventDeleted indicates a workload was deleted
	WorkloadEventDeleted
)

Source Files

View all Source files

Directories

Path Synopsis
Package activitytree holds activitytree related files
 Package activitytree holds activitytree related files
metadata
Package metadata holds metadata related files
 Package metadata holds metadata related files
Package dump holds activity dump related files
 Package dump holds activity dump related files
Package profile holds profile related files
 Package profile holds profile related files
Package storage holds files related to storages for security profiles
 Package storage holds files related to storages for security profiles
backend
Package backend holds files related to forwarder backends for security profiles
 Package backend holds files related to forwarder backends for security profiles

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.