Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IMA hashes in LSM events #2818

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

IMA hashes in LSM events #2818

wants to merge 6 commits into from

Commits on Sep 19, 2024

  1. bpf: Add lsm.s/* bpf programs for IMA hash collection 

    Due to restrictions of bpf sleepable programs (no tailcalls,
no perf buffer and per_cpu maps, etc.), we need to split
generic LSM sensor into three parts (collections)
and load them in this order:

- bpf_generic_output sends event using perf buffer
- bpf_generic_lsm_ima_*  calculates hash using IMA helpers
- bpf_generic_lsm_core does everything else

Signed-off-by: Andrei Fedotov <[email protected]>
    @anfedotoff
    anfedotoff committed Sep 19, 2024
    Configuration menu
    Copy the full SHA
    109f288 View commit details
    Browse the repository at this point in the history

  2. tetragon: Support IMA hash collection for LSM sensor 

    Adding support for IMA hash collection in Post Action.
Adding IMA hashes in LSM events. Hash is represented by
a string algorithm:value. Support loading lsm.s/generic_lsm_ima_* programs.

Signed-off-by: Andrei Fedotov <[email protected]>
    @anfedotoff
    anfedotoff committed Sep 19, 2024
    Configuration menu
    Copy the full SHA
    4b1d038 View commit details
    Browse the repository at this point in the history

  3. tetra: Add IMA hashes in compact printing 

    Signed-off-by: Andrei Fedotov <[email protected]>
    @anfedotoff
    anfedotoff committed Sep 19, 2024
    Configuration menu
    Copy the full SHA
    ccc1c90 View commit details
    Browse the repository at this point in the history

  4. tetragon: Add TestLSMIMAHash 

    Adding test for ImaHash Post action.

Signed-off-by: Andrei Fedotov <[email protected]>
    @anfedotoff
    anfedotoff committed Sep 19, 2024
    Configuration menu
    Copy the full SHA
    dd40a5d View commit details
    Browse the repository at this point in the history

  5. Update LSM tracingPolicy examples 

    Add imaHash post action to lsm_bprm_check.yaml

Signed-off-by: Andrei Fedotov <[email protected]>
    @anfedotoff
    anfedotoff committed Sep 19, 2024
    Configuration menu
    Copy the full SHA
    9aad938 View commit details
    Browse the repository at this point in the history

  6. docs: imaHash flag for Post Action selector 

    Signed-off-by: Andrei Fedotov <[email protected]>
    @anfedotoff
    anfedotoff committed Sep 19, 2024
    Configuration menu
    Copy the full SHA
    a85b65e View commit details
    Browse the repository at this point in the history