You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ebpfguard is a library for managing Linux security policies. It is based on
LSM hooks,
but without necessity to write any kernel modules or eBPF programs directly.
It allows to write policies in Rust (or YAML) in user space.
It's based on eBPF and Aya library, but takes away
the need to use them directly.
Usage example
Deny mount operation for all users.
constBPF_MAPS_PATH:&str = "/sys/fs/bpf/example_sb_mount";// Create a directory where ebpfguard policy manager can store its BPF// objects (maps).
std::fs::create_dir_all(BPF_MAPS_PATH)?;// Create a policy manager.letmut policy_manager = PolicyManager::new(BPF_MAPS_PATH)?;// Attach the policy manager to the mount LSM hook.letmut sb_mount = policy_manager.attach_sb_mount()?;// Get the receiver end of the alerts channel (for the `file_open` LSM// hook).letmut sb_mount_rx = sb_mount.alerts().await?;// Define policies which deny mount operations for all processes (except// for the specified subject, if defined).
sb_mount
.add_policy(SbMount{subject:PolicySubject::All,allow:false,}).await?;ifletSome(alert) = sb_mount_rx.recv().await{info!("sb_mount alert: pid={} subject={}",
alert.pid, alert.subject
);}
Got a question, need some help? Find the Deepfence team on Slack
Got a feature request or found a bug? Raise an issue
