tetragon: Add support to set policy name for program

Signed-off-by: Jiri Olsa <[email protected]>
cilium · Jun 12, 2024 · c6c171f · c6c171f
1 parent 5d12504
commit c6c171f
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 11 deletions.
diff --git a/pkg/sensors/base/base.go b/pkg/sensors/base/base.go
@@ -16,45 +16,47 @@ import (
 )
 
 var (
+	basePolicy = "__base__"
+
 	Execve = program.Builder(
 		ExecObj(),
 		"sched/sched_process_exec",
 		"tracepoint/sys_execve",
 		"event_execve",
 		"execve",
-	)
+	).SetPolicy(basePolicy)
 
 	ExecveBprmCommit = program.Builder(
 		"bpf_execve_bprm_commit_creds.o",
 		"security_bprm_committing_creds",
 		"kprobe/security_bprm_committing_creds",
 		"tg_kp_bprm_committing_creds",
 		"kprobe",
-	)
+	).SetPolicy(basePolicy)
 
 	Exit = program.Builder(
 		"bpf_exit.o",
 		"acct_process",
 		"kprobe/acct_process",
 		"event_exit",
 		"kprobe",
-	)
+	).SetPolicy(basePolicy)
 
 	Fork = program.Builder(
 		"bpf_fork.o",
 		"wake_up_new_task",
 		"kprobe/wake_up_new_task",
 		"kprobe_pid_clear",
 		"kprobe",
-	)
+	).SetPolicy(basePolicy)
 
 	CgroupRmdir = program.Builder(
 		"bpf_cgroup.o",
 		"cgroup/cgroup_rmdir",
 		"raw_tracepoint/cgroup_rmdir",
 		"tg_cgroup_rmdir",
 		"raw_tracepoint",
-	)
+	).SetPolicy(basePolicy)
 
 	/* Event Ring map */
 	TCPMonMap = program.MapBuilder("tcpmon_map", Execve)
@@ -77,12 +79,12 @@ var (
 	CgroupRateOptionsMap = program.MapBuilder("cgroup_rate_options_map", Execve)
 
 	sensor = sensors.Sensor{
-		Name: "__base__",
+		Name: basePolicy,
 	}
 	sensorInit sync.Once
 
 	sensorTest = sensors.Sensor{
-		Name: "__base__",
+		Name: basePolicy,
 	}
 	sensorTestInit sync.Once
 )

diff --git a/pkg/sensors/program/program.go b/pkg/sensors/program/program.go
@@ -117,6 +117,9 @@ type Program struct {
 
 	Link link.Link
 	Prog *ebpf.Program
+
+	// policy name the program belongs to
+	Policy string
 }
 
 func (p *Program) SetRetProbe(ret bool) *Program {
@@ -134,6 +137,11 @@ func (p *Program) SetAttachData(d interface{}) *Program {
 	return p
 }
 
+func (p *Program) SetPolicy(policy string) *Program {
+	p.Policy = policy
+	return p
+}
+
 func (p *Program) Unload() error {
 	if p.unloader == nil {
 		return nil

diff --git a/pkg/sensors/tracing/generickprobe.go b/pkg/sensors/tracing/generickprobe.go
@@ -292,7 +292,8 @@ func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.E
 		"kprobe.multi/generic_kprobe",
 		pinPath,
 		"generic_kprobe").
-		SetLoaderData(multiIDs)
+		SetLoaderData(multiIDs).
+		SetPolicy(policyName)
 	progs = append(progs, load)
 
 	fdinstall := program.MapBuilderPin("fdinstall_map", sensors.PathJoin(sensorPath, "fdinstall_map"), load)
@@ -345,7 +346,8 @@ func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.E
 			"multi_retkprobe",
 			"generic_kprobe").
 			SetRetProbe(true).
-			SetLoaderData(multiRetIDs)
+			SetLoaderData(multiRetIDs).
+			SetPolicy(policyName)
 		progs = append(progs, loadret)
 
 		retProbe := program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), loadret)
@@ -824,7 +826,8 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string,
 		"kprobe/generic_kprobe",
 		pinProg,
 		"generic_kprobe").
-		SetLoaderData(kprobeEntry.tableId)
+		SetLoaderData(kprobeEntry.tableId).
+		SetPolicy(kprobeEntry.policyName)
 	load.Override = kprobeEntry.hasOverride
 	if load.Override {
 		load.OverrideFmodRet = isSecurityFunc && bpf.HasModifyReturn()
@@ -884,7 +887,8 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string,
 			pinRetProg,
 			"generic_kprobe").
 			SetRetProbe(true).
-			SetLoaderData(kprobeEntry.tableId)
+			SetLoaderData(kprobeEntry.tableId).
+			SetPolicy(kprobeEntry.policyName)
 		progs = append(progs, loadret)
 
 		retProbe := program.MapBuilderPin("retprobe_map", sensors.PathJoin(pinPath, "retprobe_map"), loadret)