deepfence / ebpfguard Goto Github PK
View Code? Open in Web Editor NEWRust library for writing Linux security policies using eBPF
License: Apache License 2.0
Rust library for writing Linux security policies using eBPF
License: Apache License 2.0
Right now we only return inode of a binary, addr and pid.
Right now we default to bpfel-unknown-none
for eBPF object. Users may want bpfeb
.
As title states. Ubuntu 22.04 LTS. Kernel 5.19.0-46-generic
socket_connect.add_policy(SocketConnect {
subject: PolicySubject::Binary("/usr/bin/curl".into()),
allow: Addresses::All,
deny: Addresses::Addresses(vec![IpAddr::from([127u8, 1u8, 2u8, 3u8])]),
}).await?;
error: linking with `bpf-linker` failed: signal: 11 (SIGSEGV) (core dumped)
|
= note: LC_ALL="C" PATH="/home/user/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/x86_64-unknown-linux-gnu/bin:/home/user/.local/bin:/home/user/.local/bin:/home/user/.local/bin:/home/user/.cargo/bin:/home/user/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/snap/bin:/usr/local/go/bin:/usr/local/go/bin:/usr/local/go/bin" VSLANG="1033" "bpf-linker" "--export-symbols" "/tmp/rustcxgmdFZ/symbols" "/tmp/rustcxgmdFZ/symbols.o" "/home/user/deepfence/experimental/ebpfguard/ebpfguard-ebpf/../target/bpfel-unknown-none/release/deps/ebpfguard-04a7e4f8d4e9bade.ebpfguard.97ac88886015d5ba-cgu.0.rcgu.o" "-L" "/home/user/deepfence/experimental/ebpfguard/ebpfguard-ebpf/../target/bpfel-unknown-none/release/deps" "-L" "/home/user/deepfence/experimental/ebpfguard/ebpfguard-ebpf/../target/release/deps" "-L" "/home/user/deepfence/experimental/ebpfguard/ebpfguard-ebpf/../target/bpfel-unknown-none/release/build/ebpfguard-ebpf-09853f90652e03f0/out" "-L" "/home/user/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/bpfel-unknown-none/lib" "/home/user/deepfence/experimental/ebpfguard/ebpfguard-ebpf/../target/bpfel-unknown-none/release/build/ebpfguard-ebpf-09853f90652e03f0/out/vmlinux_access.o" "--cpu" "generic" "--cpu-features" "" "-L" "/home/user/.rustup/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/bpfel-unknown-none/lib" "-o" "/home/user/deepfence/experimental/ebpfguard/ebpfguard-ebpf/../target/bpfel-unknown-none/release/deps/ebpfguard-04a7e4f8d4e9bade" "-O3" "--debug"
= note: PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0. Running pass 'Function Pass Manager' on module 'ebpfguard-04a7e4f8d4e9bade'.
1. Running pass 'BPF Assembly Printer' on function '@prog_bprm_check_security'
16:54:59 [WARN] ignoring file "/tmp/rustcxgmdFZ/symbols.o": no embedded bitcode
error: could not compile `ebpfguard-ebpf` (bin "ebpfguard") due to previous error
Can be similar to aya one. Github label based release notes. Granularity tbd.
Encountered this while running demo_socket_listen
in docker. kill -9
on host machine hanged container. Ended up rebooting the machine.
Debian 12 as a kvm based vm on ubuntu 22.04. Kernel 6.1.0-7-amd64
.
Source code: demo_socket_listen
Postponed till we get more LSM hooks integrated.
Ref: #32
Top level tracking issue. Will be done in batches.
Compiling clap v4.2.7
Compiling ebpfguard-common v0.1.0 (/home/ubuntu/ebpfguard/ebpfguard-common)
Compiling ebpfguard v0.1.0 (/home/ubuntu/ebpfguard/ebpfguard)
Compiling file_open v0.1.0 (/home/ubuntu/ebpfguard/examples/file_open)
Finished dev [unoptimized + debuginfo] target(s) in 34.36s
sudo: target/debug/examples/file_open: command not found
Failed to run `sudo -E target/debug/examples/file_open --path-to-deny /tmp/test`
let me known if I'm missing anything @noboruma @tomaszjonak
Likewise run build container and try out compilation.
Since we depend on a shim c layer differences in GLIBC versions may matter if build and runtime environments are different enough. This may result in errors akin to the following.
./demo_socket_listen: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by ./demo_socket_listen)
./demo_socket_listen: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by ./demo_socket_listen)
./demo_socket_listen: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by ./demo_socket_listen)
If app deployment is containerized it shouldn't matter as the user controls libc version. Still calling this out explicitly wont hurt.
Error: attach_sb_mount
Caused by:
0: Failed to load BPF program: the BPF_PROG_LOAD syscall failed. Verifier output: 0: (bf) r6 = r1
1: (85) call unknown#158
invalid func unknown#158
verification time 783 usec
stack depth 0
processed 2 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0
1: the BPF_PROG_LOAD syscall failed. Verifier output: 0: (bf) r6 = r1
1: (85) call unknown#158
invalid func unknown#158
verification time 783 usec
stack depth 0
processed 2 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0
2: Invalid argument (os error 22)
Poked a little today but no satisfying results. Looks like this would be a clean solution rust-lang/cargo#9096. It is not stabilized yet though.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.