Skip to content

Commit

Permalink
tetragon: Add missing policy setup for generic sensors
Browse files Browse the repository at this point in the history
We need that for proper overhead metrics.

Signed-off-by: Jiri Olsa <[email protected]>
  • Loading branch information
olsajiri committed Oct 6, 2024
1 parent 41864cf commit f0033f9
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 10 deletions.
6 changes: 4 additions & 2 deletions pkg/sensors/tracing/enforcer.go
Original file line number Diff line number Diff line change
Expand Up @@ -291,7 +291,8 @@ func (kp *enforcerPolicy) createEnforcerSensor(
label,
"kprobe",
"enforcer").
SetLoaderData(policyName)
SetLoaderData(policyName).
SetPolicy(policyName)

progs = append(progs, load)
case OverrideMethodFmodRet:
Expand All @@ -304,7 +305,8 @@ func (kp *enforcerPolicy) createEnforcerSensor(
"fmod_ret/security_task_prctl",
fmt.Sprintf("fmod_ret_%s", syscallSym),
"enforcer").
SetLoaderData(policyName)
SetLoaderData(policyName).
SetPolicy(policyName)
progs = append(progs, load)
}
default:
Expand Down
9 changes: 6 additions & 3 deletions pkg/sensors/tracing/genericlsm.go
Original file line number Diff line number Diff line change
Expand Up @@ -443,7 +443,8 @@ func createLsmSensorFromEntry(lsmEntry *genericLsm,
"lsm/generic_lsm_output",
lsmEntry.hook,
"generic_lsm").
SetLoaderData(lsmEntry.tableId)
SetLoaderData(lsmEntry.tableId).
SetPolicy(lsmEntry.policyName)
progs = append(progs, loadOutput)

load := program.Builder(
Expand All @@ -452,7 +453,8 @@ func createLsmSensorFromEntry(lsmEntry *genericLsm,
"lsm/generic_lsm_core",
lsmEntry.hook,
"generic_lsm").
SetLoaderData(lsmEntry.tableId)
SetLoaderData(lsmEntry.tableId).
SetPolicy(lsmEntry.policyName)

// Load ima program for hash calculating
if lsmEntry.imaProgLoad {
Expand All @@ -465,7 +467,8 @@ func createLsmSensorFromEntry(lsmEntry *genericLsm,
"lsm.s/generic_lsm_ima_"+loadProgImaType,
lsmEntry.hook,
"generic_lsm").
SetLoaderData(lsmEntry.tableId)
SetLoaderData(lsmEntry.tableId).
SetPolicy(lsmEntry.policyName)
progs = append(progs, loadIma)
imaHashMap := program.MapBuilderProgram("ima_hash_map", loadIma)
maps = append(maps, imaHashMap)
Expand Down
2 changes: 1 addition & 1 deletion pkg/sensors/tracing/generictracepoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -400,7 +400,7 @@ func createGenericTracepointSensor(
"tracepoint/generic_tracepoint",
pinProg,
"generic_tracepoint",
)
).SetPolicy(policyName)

err := tp.InitKernelSelectors(lists)
if err != nil {
Expand Down
10 changes: 6 additions & 4 deletions pkg/sensors/tracing/genericuprobe.go
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,7 @@ func createGenericUprobeSensor(
}

if in.useMulti {
progs, maps, err = createMultiUprobeSensor(name, ids)
progs, maps, err = createMultiUprobeSensor(name, ids, policyName)
} else {
progs, maps, err = createSingleUprobeSensor(ids)
}
Expand Down Expand Up @@ -397,7 +397,7 @@ func multiUprobePinPath(sensorPath string) string {
return sensors.PathJoin(sensorPath, "multi_kprobe")
}

func createMultiUprobeSensor(sensorPath string, multiIDs []idtable.EntryID) ([]*program.Program, []*program.Map, error) {
func createMultiUprobeSensor(sensorPath string, multiIDs []idtable.EntryID, policyName string) ([]*program.Program, []*program.Map, error) {
var progs []*program.Program
var maps []*program.Map

Expand All @@ -411,7 +411,8 @@ func createMultiUprobeSensor(sensorPath string, multiIDs []idtable.EntryID) ([]*
"uprobe.multi/generic_uprobe",
pinPath,
"generic_uprobe").
SetLoaderData(multiIDs)
SetLoaderData(multiIDs).
SetPolicy(policyName)

progs = append(progs, load)

Expand Down Expand Up @@ -465,7 +466,8 @@ func createUprobeSensorFromEntry(uprobeEntry *genericUprobe,
fmt.Sprintf("%d-%s", uprobeEntry.tableId.ID, uprobeEntry.symbol),
"generic_uprobe").
SetAttachData(attachData).
SetLoaderData(uprobeEntry)
SetLoaderData(uprobeEntry).
SetPolicy(uprobeEntry.policyName)

progs = append(progs, load)

Expand Down

0 comments on commit f0033f9

Please sign in to comment.