PolicyManager: fail instantiation if bpf lsm module is disabled - Commit 6ad65e54 - STRLCPY/ebpfguard

PolicyManager: fail instantiation if bpf lsm module is disabled
Tomasz Jonak committed with Tomasz Jonak 11 months ago

6ad65e54

1 parent 3464ba44

Total 2 files Show one by one

■ ■ ■ ■ ■ ■

ebpfguard/src/error.rs

		skipped 1 lines
2	2
3	3		#[derive(Debug, Error)]
4	4		pub enum EbpfguardError {
	5	+	#[error(
	6	+	"BPF LSM module is not enabled. Check prerequisites doc for instructions how to enable it."
	7	+	)]
	8	+	BpfLsmModuleDisabled,
	9	+
5	10		#[error("Failed to load BPF program: {0}")]
6	11		Bpf(#[from] aya::BpfError),
7	12
		skipped 19 lines

■ ■ ■ ■ ■ ■

ebpfguard/src/lib.rs

		skipped 256 lines
257	257		/// let mut policy_manager = PolicyManager::new(Path::new("/sys/fs/bpf/mypolicies")).unwrap();
258	258		/// ```
259	259		pub fn new<P: AsRef<Path>>(bpf_path: P) -> Result<Self, EbpfguardError> {
	260	+	let bpf_lsm_enabled = std::fs::read_to_string("/sys/kernel/security/lsm")?
	261	+	.split(',')
	262	+	.any(\|x\| x.to_lowercase() == "bpf");
	263	+	if !bpf_lsm_enabled {
	264	+	return Err(EbpfguardError::BpfLsmModuleDisabled);
	265	+	}
	266	+
260	267		#[cfg(debug_assertions)]
261	268		let bpf = BpfLoader::new()
262	269		.map_pin_path(&bpf_path)
		skipped 285 lines

Please wait...

Page is in error, reload to recover