Use LPM_TRIE maps in sb_mount LSM hook #134
Assignees
Comments
vadorovsky
added a commit
to vadorovsky/lockc
that referenced
this issue
May 3, 2022
Finally, we are getting rid of C and libbpf here. This PR replaces all the eBPF programs with Rust programs written in Aya. The part of this PR is also: * fetching recent, relevant changes in aya-template * using LpmTrie maps for mount policies (TODO) * detecting new processes only with tracepoints, the task LSM program was removed Fixes: lockc-project#49 Fixes: lockc-project#134 Fixes: lockc-project#137 Fixes: lockc-project#138 Signed-off-by: Michal Rostecki <[email protected]>
Merged
vadorovsky
added a commit
to vadorovsky/lockc
that referenced
this issue
May 4, 2022
Finally, we are getting rid of C and libbpf here. This PR replaces all the eBPF programs with Rust programs written in Aya. The part of this PR is also: * fetching recent, relevant changes in aya-template * using LpmTrie maps for mount policies (TODO) * detecting new processes only with tracepoints, the task LSM program was removed Fixes: lockc-project#49 Fixes: lockc-project#134 Fixes: lockc-project#137 Fixes: lockc-project#138 Signed-off-by: Michal Rostecki <[email protected]>
vadorovsky
added a commit
to vadorovsky/lockc
that referenced
this issue
May 4, 2022
Finally, we are getting rid of C and libbpf here. This PR replaces all the eBPF programs with Rust programs written in Aya. The part of this PR is also: * fetching recent, relevant changes in aya-template * using LpmTrie maps for mount policies (TODO) * detecting new processes only with tracepoints, the task LSM program was removed Fixes: lockc-project#49 Fixes: lockc-project#134 Fixes: lockc-project#137 Fixes: lockc-project#138 Signed-off-by: Michal Rostecki <[email protected]>
vadorovsky
added a commit
to vadorovsky/lockc
that referenced
this issue
May 4, 2022
Finally, we are getting rid of C and libbpf here. This PR replaces all the eBPF programs with Rust programs written in Aya. The part of this PR is also: * fetching recent, relevant changes in aya-template * using LpmTrie maps for mount policies (TODO) * detecting new processes only with tracepoints, the task LSM program was removed Fixes: lockc-project#49 Fixes: lockc-project#134 Fixes: lockc-project#137 Fixes: lockc-project#138 Signed-off-by: Michal Rostecki <[email protected]>
vadorovsky
added a commit
to vadorovsky/lockc
that referenced
this issue
May 13, 2022
Finally, we are getting rid of C and libbpf here. This PR replaces all the eBPF programs with Rust programs written in Aya. The part of this PR is also: * fetching recent, relevant changes in aya-template * using LpmTrie maps for mount policies (TODO) * detecting new processes only with tracepoints, the task LSM program was removed Fixes: lockc-project#49 Fixes: lockc-project#134 Fixes: lockc-project#137 Fixes: lockc-project#138 Signed-off-by: Michal Rostecki <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently we put allowed mount paths in a BPF hash map, where those paths are values and for cheching each mount, we iterate over that whole map and search for the string match. Not very optimal.
Instead, we should try to use LPM_TRIE maps which allow to match the prefix in optimal way:
The text was updated successfully, but these errors were encountered: