Skip to content

Commit

Permalink
Merge pull request #1856 from Aryan-sharma11/fix--bpflsm
Browse files Browse the repository at this point in the history 
fix: BPFLSM enforcer fails to load on newer kernels (6.8+)
  • Loading branch information
@Aryan-sharma11
Aryan-sharma11 authored Sep 3, 2024
2 parents 8525ec6 + d164813 commit 15d146b
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions KubeArmor/BPF/enforcer.bpf.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -428,9 +428,11 @@ int BPF_PROG(enforce_net_create, int family, int type, int protocol) {

#define LSM_NET(name, ID) \
int BPF_PROG(name, struct socket *sock) { \
int type = sock->type; \
int protocol = sock->sk->sk_protocol; \
return match_net_rules(type, protocol, ID); \
int sock_type = BPF_CORE_READ(sock, type); \
struct sock *sk; \
sk = BPF_CORE_READ(sock, sk); \
int protocol = BPF_CORE_READ(sk, sk_protocol); \
return match_net_rules(sock_type, protocol, ID); \
}

SEC("lsm/socket_connect")
Expand Down
Binary file modified KubeArmor/enforcer/bpflsm/enforcer_bpfeb.o
View file
Binary file not shown.
Binary file modified KubeArmor/enforcer/bpflsm/enforcer_bpfel.o
View file
Binary file not shown.

0 comments on commit 15d146b

Please sign in to comment.