environment

package
v0.0.0-...-9194542 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const BpfLsmModule = "bpf"
View Source 
const LsmBootOption = "lsm"

Variables

View Source 
var (
	ErrSecurityFSNotMounted = errors.New("security filesystem not mounted (CONFIG_SECURITY likely disabled)")
	ErrProcFSNotAvailable   = errors.New("proc filesystem not available (CONFIG_PROC_FS disabled or not mounted)")
)

Functions

func CheckBPFInBootParamsEnabled 

func CheckBPFInBootParamsEnabled() (bool, error)

CheckBPFInBootParamsEnabled is a convenience function that returns only the BPF enabled status for backward compatibility. It uses the OS filesystem.

func CheckBPFInKernelConfigLSM 

func CheckBPFInKernelConfigLSM(getKernelConfigValue KernelConfigValueFunc) (bool, error)

CheckBPFInKernelConfigLSM checks if 'bpf' is present in CONFIG_LSM kernel configuration. Returns true if CONFIG_LSM contains "bpf", false if not present, error if CONFIG_LSM is malformed.

func CheckBPFLSMConfigSupport 

func CheckBPFLSMConfigSupport(getKernelConfigValue KernelConfigValueFunc, filesystem fs.FS) (bool, error)

CheckBPFLSMConfigSupport determines whether the Linux Security Module (LSM) framework is enabled and supports BPF modules on the current system, based on kernel configuration and boot parameters.

func CheckBPFLSMInKernelConfig 

func CheckBPFLSMInKernelConfig(getKernelConfigValue KernelConfigValueFunc) (bool, error)

CheckBPFLSMInKernelConfig checks if CONFIG_BPF_LSM is enabled in kernel configuration. Returns true if BPF LSM is compiled into the kernel.

func CheckLSMSupport 

func CheckLSMSupport(filesystem fs.FS, getKernelConfigValue KernelConfigValueFunc) (bool, error)

CheckLSMSupport checks if BPF LSM is supported using runtime securityfs detection with kernel config fallback. It first attempts runtime detection, falling back to kernel config if securityfs is not mounted.

func FtraceEnabled 

func FtraceEnabled() (bool, error)

func GetBootOptions 

func GetBootOptions() (map[string]string, error)

GetBootOptions is a convenience function that uses the OS filesystem. It is recommended to use GetBootOptionsFromFS instead to increase testability.

func GetBootOptionsFromFS 

func GetBootOptionsFromFS(filesystem fs.FS) (map[string]string, error)

GetBootOptionsFromFS parses all boot options from /proc/cmdline using provided filesystem Returns a map of boot parameters (key -> value, empty string for boolean params)

func GetCPUAmount 

func GetCPUAmount() (int, error)

func GetMEMAmountInMBs 

func GetMEMAmountInMBs() int

GetMEMAmountInMBs reads meminfo file and returns MemTotal in megabytes

func IsBPFEnabledInLSMFromOS 

func IsBPFEnabledInLSMFromOS() (bool, error)

IsBPFEnabledInLSMFromOS is a convenience function that uses the OS filesystem. It is recommended to use IsLSMSupportedInSecurityFs instead to increase testability.

func IsLSMSupportedInSecurityFs 

func IsLSMSupportedInSecurityFs(filesystem fs.FS) (bool, error)

IsLSMSupportedInSecurityFs checks if BPF is enabled in the LSM framework by reading securityfs. It first checks if /sys/kernel/security exists, then parses the LSM file for 'bpf' entry.

func OSBTFEnabled 

func OSBTFEnabled() bool

OSBTFEnabled checks if kernel has embedded BTF vmlinux file

func UnameMachine 

func UnameMachine() (string, error)

UnameMachine gets the version string of host's architecture

func UnameRelease 

func UnameRelease() (string, error)

UnameRelease gets the version string of the current running kernel

Types

type KernelConfig 

type KernelConfig struct {
	// contains filtered or unexported fields
}

KernelConfig is a set of kernel configuration options (currently for running OS only)

func InitKernelConfig 

func InitKernelConfig() (*KernelConfig, error)

InitKernelConfig inits external KernelConfig object

func (*KernelConfig) AddCustomKernelConfig 

func (k *KernelConfig) AddCustomKernelConfig(key KernelConfigOption, value string) error

AddCustomKernelConfig allows user to extend list of possible existing kconfigs to be parsed from kConfigFilePath

func (*KernelConfig) AddNeeded 

func (k *KernelConfig) AddNeeded(option KernelConfigOption, value interface{})

AddNeeded adds a KernelConfigOption and its value, if needed, as required for further checks with CheckMissing

Examples: kernelConfig.AddNeeded(environment.CONFIG_BPF, environment.ANY) kernelConfig.AddNeeded(environment.CONFIG_BPF_PRELOAD, environment.ANY) kernelConfig.AddNeeded(environment.CONFIG_HZ, "250")

func (*KernelConfig) CheckMissing 

func (k *KernelConfig) CheckMissing() []KernelConfigOption

CheckMissing returns an array of KernelConfigOption's that were added to KernelConfig as needed but couldn't be found. It returns an empty array if nothing is missing.

func (*KernelConfig) Exists 

func (k *KernelConfig) Exists(option KernelConfigOption) bool

Exists will return true if a given KernelConfigOption was found in provided KernelConfig and it will return false if the KernelConfigOption is not set (# XXXXX is not set)

Examples: kernelConfig.Exists(environment.CONFIG_BPF) kernelConfig.Exists(environment.CONFIG_BPF_PRELOAD) kernelConfig.Exists(environment.CONFIG_HZ)

func (*KernelConfig) ExistsValue 

func (k *KernelConfig) ExistsValue(option KernelConfigOption, value interface{}) bool

ExistsValue will return true if a given KernelConfigOption was found in provided KernelConfig AND its value is the same as the one provided by KernelConfigOptionValue

func (*KernelConfig) GetKernelConfigFilePath 

func (k *KernelConfig) GetKernelConfigFilePath() string

GetKernelConfigFilePath gives the kconfig file chosen by InitKernelConfig during initialization

func (*KernelConfig) GetValue 

func (k *KernelConfig) GetValue(option KernelConfigOption) KernelConfigOptionValue

GetValue will return a KernelConfigOptionValue for a given KernelConfigOption when this is a BUILTIN or a MODULE

func (*KernelConfig) GetValueString 

func (k *KernelConfig) GetValueString(option KernelConfigOption) (string, error)

GetValueString will return a KernelConfigOptionValue for a given KernelConfigOption when this is actually a string

func (*KernelConfig) LoadKernelConfig 

func (k *KernelConfig) LoadKernelConfig() error

LoadKernelConfig will (re)read kconfig file (likely after AddCustomKernelConfig was called)

type KernelConfigOption 

type KernelConfigOption uint32

KernelConfigOption is an abstraction of the key in key=value syntax of the kernel config file 

const (
	CONFIG_BPF KernelConfigOption = iota + 1
	CONFIG_BPF_SYSCALL
	CONFIG_HAVE_EBPF_JIT
	CONFIG_BPF_JIT
	CONFIG_BPF_JIT_ALWAYS_ON
	CONFIG_CGROUPS
	CONFIG_CGROUP_BPF
	CONFIG_CGROUP_NET_CLASSID
	CONFIG_SOCK_CGROUP_DATA
	CONFIG_BPF_EVENTS
	CONFIG_KPROBE_EVENTS
	CONFIG_UPROBE_EVENTS
	CONFIG_TRACING
	CONFIG_FTRACE_SYSCALLS
	CONFIG_FUNCTION_ERROR_INJECTION
	CONFIG_BPF_KPROBE_OVERRIDE
	CONFIG_NET
	CONFIG_XDP_SOCKETS
	CONFIG_LWTUNNEL_BPF
	CONFIG_NET_ACT_BPF
	CONFIG_NET_CLS_BPF
	CONFIG_NET_CLS_ACT
	CONFIG_NET_SCH_INGRESS
	CONFIG_XFRM
	CONFIG_IP_ROUTE_CLASSID
	CONFIG_IPV6_SEG6_BPF
	CONFIG_BPF_LIRC_MODE2
	CONFIG_BPF_STREAM_PARSER
	CONFIG_NETFILTER_XT_MATCH_BPF
	CONFIG_BPFILTER
	CONFIG_BPFILTER_UMH
	CONFIG_TEST_BPF
	CONFIG_HZ
	CONFIG_DEBUG_INFO_BTF
	CONFIG_DEBUG_INFO_BTF_MODULES
	CONFIG_BPF_LSM
	CONFIG_BPF_PRELOAD
	CONFIG_BPF_PRELOAD_UMD
	CONFIG_LSM
	CUSTOM_OPTION_START KernelConfigOption = 1000
)

func (KernelConfigOption) String 

func (k KernelConfigOption) String() string

type KernelConfigOptionValue 

type KernelConfigOptionValue uint8

KernelConfigOptionValue is an abstraction of the value in key=value syntax of kernel config file 

const (
	UNDEFINED KernelConfigOptionValue = iota
	BUILTIN
	MODULE
	STRING
	ANY
)

func (KernelConfigOptionValue) String 

func (k KernelConfigOptionValue) String() string

type KernelConfigValueFunc 

type KernelConfigValueFunc func(option KernelConfigOption) (KernelConfigOptionValue, string, error)

KernelConfigValueFunc is a function type for retrieving kernel configuration values. This allows for abstraction of kernel config access for testing purposes.

type KernelVersionComparison 

type KernelVersionComparison int
const (
	KernelVersionInvalid KernelVersionComparison = iota - 1
	KernelVersionEqual
	KernelVersionOlder
	KernelVersionNewer
)

func CompareKernelRelease 

func CompareKernelRelease(base, given string) (KernelVersionComparison, error)

CompareKernelRelease will compare two given kernel version/release strings and returns a KernelVersionComparison constant that shows the relationship of the given kernel version to the base. For example CompareKernelRelease("5.8.1", "4.12.3") == KernelVersionOlder because 4.12.3 is older than 5.8.1

It also returns an error incase of a malformed kernel version.

Consumers should use the constants defined in this package for checking the results: KernelVersionOlder, KernelVersionEqual, KernelVersionNewer

Examples of $(uname -r):

5.11.0-31-generic (ubuntu) 4.18.0-305.12.1.el8_4.x86_64 (alma) 4.18.0-338.el8.x86_64 (stream8) 4.18.0-305.7.1.el8_4.centos.x86_64 (centos) 4.18.0-305.7.1.el8_4.centos.plus.x86_64 (centos + plus repo) 5.13.13-arch1-1 (archlinux) 5.4.228+ (ubuntu-gke 5.4) 5.15.153.1-microsoft-standard-WSL2+

type LSMBootResult 

type LSMBootResult struct {
	BPFEnabled     bool // true if BPF is found in the lsm boot parameter
	ParameterFound bool // true if lsm= boot parameter exists (even if empty)
}

LSMBootResult contains information about BPF LSM status in boot parameters

func CheckBPFInBootParams 

func CheckBPFInBootParams(filesystem fs.FS) (LSMBootResult, error)

CheckBPFInBootParams checks if BPF LSM is enabled in boot parameters using provided filesystem Returns LSMBootResult containing BPF status and whether the lsm parameter was found

func CheckBPFInBootParamsOS 

func CheckBPFInBootParamsOS() (LSMBootResult, error)

CheckBPFInBootParamsOS is a convenience function that uses the OS filesystem. It is recommended to use CheckBPFInBootParams(fs.FS) instead to increase testability.

type LockdownMode 

type LockdownMode int32
const (
	NOVALUE LockdownMode = iota
	NONE
	INTEGRITY
	CONFIDENTIALITY
)

func Lockdown 

func Lockdown() (LockdownMode, error)

func (LockdownMode) String 

func (l LockdownMode) String() string

type OSInfo 

type OSInfo struct {
	// contains filtered or unexported fields
}

OSInfo object contains all OS relevant information

OSRelease is relevant to examples such as: 1) OSInfo.OSReleaseInfo[environment.OS_KERNEL_RELEASE] => will provide $(uname -r) string 2) if OSInfo.GetReleaseID() == environment.UBUNTU => {} will allow running code in specific distribution

func GetOSInfo 

func GetOSInfo() (*OSInfo, error)

GetOSInfo creates a OSInfo object and runs discoverOSDistro() on its creation

func (*OSInfo) CompareOSBaseKernelRelease 

func (btfi *OSInfo) CompareOSBaseKernelRelease(version string) (KernelVersionComparison, error)

CompareOSBaseKernelRelease will compare a given kernel version/release string to the current running version and returns a KernelVersionComparison constant that shows the relationship of the given kernel version to the running kernel.

For example, if the running kernel is 5.18.0 and pass "4.3.2", the result would be KernelVersionOlder because 4.3.2 is older than the running kernel

Consumers should use the constants defined in this package for checking the results: KernelVersionOlder, KernelVersionEqual, KernelVersionNewer

func (*OSInfo) GetOSReleaseAllFieldValues 

func (btfi *OSInfo) GetOSReleaseAllFieldValues() map[OSReleaseField]string

GetOSReleaseAllFieldValues allows user to dump, as strings, the existing OSReleaseField's and its values

func (*OSInfo) GetOSReleaseFieldValue 

func (btfi *OSInfo) GetOSReleaseFieldValue(value OSReleaseField) string

GetOSReleaseFieldValue provides access to internal OSInfo OSReleaseField's

func (*OSInfo) GetOSReleaseFilePath 

func (btfi *OSInfo) GetOSReleaseFilePath() string

GetOSReleaseFilePath provides the path for the used os-release file as it might not necessarily be /etc/os-release, depending on the environment variable

func (*OSInfo) GetOSReleaseID 

func (btfi *OSInfo) GetOSReleaseID() OSReleaseID

GetOSReleaseID provides the ID of current Linux distribution

type OSReleaseField 

type OSReleaseField uint32
const (
	OS_NAME OSReleaseField = iota + 0
	OS_ID
	OS_ID_LIKE
	OS_PRETTY_NAME
	OS_VARIANT
	OS_VARIANT_ID
	OS_VERSION
	OS_VERSION_ID
	OS_VERSION_CODENAME
	OS_BUILD_ID
	OS_IMAGE_ID
	OS_IMAGE_VERSION
	// not part of default os-release:
	OS_KERNEL_RELEASE
	OS_ARCH
)

func (OSReleaseField) String 

func (o OSReleaseField) String() string

type OSReleaseID 

type OSReleaseID uint32
const (
	UBUNTU OSReleaseID = iota + 1
	FEDORA
	ARCH
	DEBIAN
	CENTOS
	STREAM
	ALMA
	RHEL
)

func (OSReleaseID) String 

func (o OSReleaseID) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.