Skip to content

Commit

Permalink
add bpf object files
Browse files Browse the repository at this point in the history
Signed-off-by: rksharma95 <[email protected]>
  • Loading branch information
rksharma95 committed Dec 23, 2024
1 parent cd03ced commit d44b2ca
Show file tree
Hide file tree
Showing 5 changed files with 73 additions and 1 deletion.
File renamed without changes.
Binary file added KubeArmor/presets/anonmapexec/anonmapexec_bpfeb.o
Binary file not shown.
Binary file added KubeArmor/presets/anonmapexec/anonmapexec_bpfel.o
Binary file not shown.
2 changes: 1 addition & 1 deletion KubeArmor/presets/anonmapexec/preset.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import (
tp "github.com/kubearmor/KubeArmor/KubeArmor/types"
)

//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang anonmapexec ../../BPF/anon_map_exec.bpf.c -type mmap_event -no-global-types -- -I/usr/include/ -O2 -g
//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang anonmapexec ../../BPF/anonmapexec.bpf.c -type mmap_event -no-global-types -- -I/usr/include/ -O2 -g

const (
NAME string = "AnonMapExecutionPreset"
Expand Down
72 changes: 72 additions & 0 deletions KubeArmor/presets/base/containers.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
package base

import (
"errors"
"os"
"sync"

"github.com/cilium/ebpf"
)

// NsKey struct
type NsKey struct {
PidNS uint32
MntNS uint32
}

// ContainerVal struct
type ContainerVal struct {
NsKey NsKey
Policy string
}

// Containers struct
type Containers struct {
BPFContainerMap *ebpf.Map
// ContainerID -> NsKey
ContainerMap map[string]ContainerVal
ContainerMapLock *sync.RWMutex
}

// NewContainers func
func NewContainers(emap *ebpf.Map) *Containers {
c := &Containers{}
c.BPFContainerMap = emap
c.ContainerMap = make(map[string]ContainerVal)
c.ContainerMapLock = new(sync.RWMutex)

return c
}

// AddContainerIDToMap function adds container to containers map
func (c *Containers) AddContainerIDToMap(containerID string, pidns, mntns uint32) {
ckv := NsKey{PidNS: pidns, MntNS: mntns}
c.ContainerMapLock.Lock()
defer c.ContainerMapLock.Unlock()
c.ContainerMap[containerID] = ContainerVal{NsKey: ckv}
}

// DeleteContainerIDFromMap function removed container from container map and subsequently
// from BPF Map as well returns error if failed
func (c *Containers) DeleteContainerIDFromMap(id string) error {
c.ContainerMapLock.Lock()
defer c.ContainerMapLock.Unlock()

if val, ok := c.ContainerMap[id]; ok {
if err := c.DeleteContainerIDFromBPFMap(val.NsKey); err != nil {
return err
}
delete(c.ContainerMap, id)
}
return nil
}

// DeleteContainerIDFromBPFMap deletes the container from BPF map and returns error if failed
func (c *Containers) DeleteContainerIDFromBPFMap(ckv NsKey) error {
if err := c.BPFContainerMap.Delete(ckv); err != nil {
if !errors.Is(err, os.ErrNotExist) {
return err
}
}
return nil
}

0 comments on commit d44b2ca

Please sign in to comment.