-
Notifications
You must be signed in to change notification settings - Fork 301
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: DavadDi <[email protected]>
- Loading branch information
Showing
3 changed files
with
78 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| #include "vmlinux.h" | ||
| #include <bpf/bpf_helpers.h> | ||
| #include <bpf/bpf_tracing.h> | ||
| #include <errno.h> | ||
|
|
||
| char LICENSE[] SEC("license") = "GPL"; | ||
|
|
||
| SEC("lsm/bpf") | ||
| int BPF_PROG(lsm_bpf, int cmd, union bpf_attr *attr, unsigned int size, int ret) | ||
| { | ||
| /* ret is the return value from the previous BPF program | ||
| * or 0 if it's the first hook. | ||
| */ | ||
| if (ret != 0) | ||
| return ret; | ||
|
|
||
| bpf_printk("LSM: block bpf() worked"); | ||
| return -EPERM; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| // SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) | ||
| /* Copyright (c) 2024 dave | ||
| * Based on minimal.c by Facebook */ | ||
| #include <stdio.h> | ||
| #include <unistd.h> | ||
| #include <sys/resource.h> | ||
| #include <bpf/libbpf.h> | ||
| #include "lsm.skel.h" | ||
|
|
||
| // Notice: Ensure your kernel version is 5.7 or higher, BTF (BPF Type Format) is enabled, | ||
| // and the file '/sys/kernel/security/lsm' includes 'bpf'. | ||
| static int libbpf_print_fn(enum libbpf_print_level level, const char *format, va_list args) | ||
| { | ||
| return vfprintf(stderr, format, args); | ||
| } | ||
|
|
||
| int main(int argc, char **argv) | ||
| { | ||
| struct lsm_bpf *skel; | ||
| int err; | ||
|
|
||
| /* Set up libbpf errors and debug info callback */ | ||
| libbpf_set_print(libbpf_print_fn); | ||
|
|
||
| /* Open BPF application */ | ||
| skel = lsm_bpf__open(); | ||
| if (!skel) { | ||
| fprintf(stderr, "Failed to open BPF skeleton\n"); | ||
| return 1; | ||
| } | ||
|
|
||
| /* Load & verify BPF programs */ | ||
| err = lsm_bpf__load(skel); | ||
| if (err) { | ||
| fprintf(stderr, "Failed to load and verify BPF skeleton\n"); | ||
| goto cleanup; | ||
| } | ||
|
|
||
| /* Attach tracepoint handler */ | ||
| err = lsm_bpf__attach(skel); | ||
| if (err) { | ||
| fprintf(stderr, "Failed to attach BPF skeleton\n"); | ||
| goto cleanup; | ||
| } | ||
|
|
||
| printf("Successfully started! Please run `sudo cat /sys/kernel/debug/tracing/trace_pipe` " | ||
| "to see output of the BPF programs.\n"); | ||
|
|
||
| for (;;) { | ||
| /* trigger our BPF program */ | ||
| fprintf(stderr, "."); | ||
| sleep(1); | ||
| } | ||
|
|
||
| cleanup: | ||
| lsm_bpf__destroy(skel); | ||
| return -err; | ||
| } |