diff --git a/KubeArmor/BPF/anon_map_exec.bpf.c b/KubeArmor/BPF/anonmapexec.bpf.c similarity index 100% rename from KubeArmor/BPF/anon_map_exec.bpf.c rename to KubeArmor/BPF/anonmapexec.bpf.c diff --git a/KubeArmor/presets/anonmapexec/anonmapexec_bpfeb.o b/KubeArmor/presets/anonmapexec/anonmapexec_bpfeb.o new file mode 100644 index 0000000000..3a074eec27 Binary files /dev/null and b/KubeArmor/presets/anonmapexec/anonmapexec_bpfeb.o differ diff --git a/KubeArmor/presets/anonmapexec/anonmapexec_bpfel.o b/KubeArmor/presets/anonmapexec/anonmapexec_bpfel.o new file mode 100644 index 0000000000..21c2967d88 Binary files /dev/null and b/KubeArmor/presets/anonmapexec/anonmapexec_bpfel.o differ diff --git a/KubeArmor/presets/anonmapexec/preset.go b/KubeArmor/presets/anonmapexec/preset.go index 7ba6dda86f..a198f14557 100644 --- a/KubeArmor/presets/anonmapexec/preset.go +++ b/KubeArmor/presets/anonmapexec/preset.go @@ -23,7 +23,7 @@ import ( tp "github.com/kubearmor/KubeArmor/KubeArmor/types" ) -//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang anonmapexec ../../BPF/anon_map_exec.bpf.c -type mmap_event -no-global-types -- -I/usr/include/ -O2 -g +//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang anonmapexec ../../BPF/anonmapexec.bpf.c -type mmap_event -no-global-types -- -I/usr/include/ -O2 -g const ( NAME string = "AnonMapExecutionPreset" diff --git a/KubeArmor/presets/base/containers.go b/KubeArmor/presets/base/containers.go new file mode 100644 index 0000000000..e3f5f20918 --- /dev/null +++ b/KubeArmor/presets/base/containers.go @@ -0,0 +1,72 @@ +package base + +import ( + "errors" + "os" + "sync" + + "github.com/cilium/ebpf" +) + +// NsKey struct +type NsKey struct { + PidNS uint32 + MntNS uint32 +} + +// ContainerVal struct +type ContainerVal struct { + NsKey NsKey + Policy string +} + +// Containers struct +type Containers struct { + BPFContainerMap *ebpf.Map + // ContainerID -> NsKey + ContainerMap map[string]ContainerVal + ContainerMapLock *sync.RWMutex +} + +// NewContainers func +func NewContainers(emap *ebpf.Map) *Containers { + c := &Containers{} + c.BPFContainerMap = emap + c.ContainerMap = make(map[string]ContainerVal) + c.ContainerMapLock = new(sync.RWMutex) + + return c +} + +// AddContainerIDToMap function adds container to containers map +func (c *Containers) AddContainerIDToMap(containerID string, pidns, mntns uint32) { + ckv := NsKey{PidNS: pidns, MntNS: mntns} + c.ContainerMapLock.Lock() + defer c.ContainerMapLock.Unlock() + c.ContainerMap[containerID] = ContainerVal{NsKey: ckv} +} + +// DeleteContainerIDFromMap function removed container from container map and subsequently +// from BPF Map as well returns error if failed +func (c *Containers) DeleteContainerIDFromMap(id string) error { + c.ContainerMapLock.Lock() + defer c.ContainerMapLock.Unlock() + + if val, ok := c.ContainerMap[id]; ok { + if err := c.DeleteContainerIDFromBPFMap(val.NsKey); err != nil { + return err + } + delete(c.ContainerMap, id) + } + return nil +} + +// DeleteContainerIDFromBPFMap deletes the container from BPF map and returns error if failed +func (c *Containers) DeleteContainerIDFromBPFMap(ckv NsKey) error { + if err := c.BPFContainerMap.Delete(ckv); err != nil { + if !errors.Is(err, os.ErrNotExist) { + return err + } + } + return nil +}