Skip to content

Commit

Permalink
apparmor recorder: add readdir support
Browse files Browse the repository at this point in the history
  • Loading branch information
mhils authored and k8s-ci-robot committed Nov 14, 2024
1 parent 0201f61 commit 445c559
Show file tree
Hide file tree
Showing 5 changed files with 9,995 additions and 9,184 deletions.
20 changes: 17 additions & 3 deletions internal/pkg/daemon/bpfrecorder/bpf/recorder.bpf.c
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
#define PROT_NONE 0x0

#define S_IFIFO 0010000
#define S_IFDIR 0040000

#define CAP_OPT_NOAUDIT 0b10

Expand Down Expand Up @@ -165,13 +166,26 @@ static __always_inline int register_file_event(struct file * file, u64 flags)
return 0;
}

int ok = bpf_d_path(&file->f_path, event->data, sizeof(event->data));
if (ok < 0) {
bpf_printk("register_file_event bpf_d_path failed: %i\n", ok);
int pathlen = bpf_d_path(&file->f_path, event->data, sizeof(event->data));
if (pathlen < 0) {
bpf_printk("register_file_event bpf_d_path failed: %i\n", pathlen);
bpf_ringbuf_discard(event, 0);
return 0;
}

if (file->f_inode->i_mode & S_IFDIR) {
// overly pedantic check to make ebpf verifier happy
if (pathlen - 2 < sizeof(event->data) && pathlen - 1 < sizeof(event->data) && pathlen < sizeof(event->data)){
if(event->data[pathlen - 2] != '/') {
// No trailing slash, add `/` and move null byte.
event->data[pathlen - 1] = '/';
event->data[pathlen] = '\0';
}
} else {
bpf_printk("failed to fixup directory entry, not enough space.");
}
}

event->pid = pid;
event->mntns = mntns;
event->type = EVENT_TYPE_APPARMOR_FILE;
Expand Down
3 changes: 0 additions & 3 deletions internal/pkg/daemon/bpfrecorder/bpfrecorder_apparmor.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ import (
"errors"
"fmt"
"log"
"path/filepath"
"regexp"
"slices"
"strings"
Expand Down Expand Up @@ -241,8 +240,6 @@ func (b *AppArmorRecorder) GetAppArmorProcessed(mntns uint32) BpfAppArmorProcess
}

func replaceVarianceInFilePath(filePath string) string {
filePath = filepath.Clean(filePath)

// Replace PID value with a apparmor variable.
pathWithPid := regexp.MustCompile(`^/proc/\d+/`)
filePath = pathWithPid.ReplaceAllString(filePath, "/proc/@{pid}/")
Expand Down
Loading

0 comments on commit 445c559

Please sign in to comment.