STRLCPY/ebpfguard

■ ■ ■ ■ ■ ■

Cargo.toml

1	1		[workspace]
2		-	members = ["guardctl", "guardity", "guardity-common", "xtask"]
	2	+	members = [
	3	+	"guardity",
	4	+	"guardity-common",
	5	+	"xtask",
	6	+	"examples/*",
	7	+	]
3	8
4	9		[patch.crates-io]
5	10		aya = { git = "https://github.com/aya-rs/aya", branch = "main" }
		skipped 1 lines

■ ■ ■ ■ ■ ■

examples/cli/Cargo.toml

1	+	[package]
2	+	name = "cli"
3	+	version = "0.1.0"
4	+	edition = "2021"
5	+
6	+	[dependencies]
7	+	anyhow = { version = "1", features = ["backtrace"] }
8	+	clap = { version = "4.2", features = ["derive"] }
9	+	cli-table = "0.4.7"
10	+	guardity = { path = "../../guardity" }
11	+	tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "signal", "sync"] }
12	+

guardctl/src/policy/file_open.rs examples/cli/examples/cli/file_open.rs

Content is identical

■ ■ ■ ■ ■ ■

examples/cli/examples/cli/main.rs

1	+	use std::path::PathBuf;
2	+
3	+	use clap::{Parser, Subcommand};
4	+	use cli_table::{print_stdout, Cell, Style, Table};
5	+
6	+	mod file_open;
7	+	mod socket_bind;
8	+	mod socket_connect;
9	+	mod task_fix_setuid;
10	+
11	+	use file_open::list_file_open;
12	+	use guardity::{policy::reader, PolicyManager};
13	+	use socket_bind::list_socket_bind;
14	+	use socket_connect::list_socket_connect;
15	+	use task_fix_setuid::list_task_fix_setuid;
16	+
17	+	#[derive(Parser)]
18	+	struct Args {
19	+	#[clap(long, default_value = "/sys/fs/bpf")]
20	+	bpffs_path: PathBuf,
21	+	#[clap(long, default_value = "guardity")]
22	+	bpffs_dir: PathBuf,
23	+	#[command(subcommand)]
24	+	subcommand: Sub,
25	+	}
26	+
27	+	#[derive(Subcommand)]
28	+	enum Sub {
29	+	/// Manage policies.
30	+	Policy {
31	+	#[command(subcommand)]
32	+	policy: SubPolicy,
33	+	},
34	+	}
35	+
36	+	#[derive(Subcommand)]
37	+	enum SubPolicy {
38	+	/// Add policies.
39	+	Add {
40	+	#[clap(long)]
41	+	r#path: PathBuf,
42	+	},
43	+	/// List policies.
44	+	List,
45	+	}
46	+
47	+	#[tokio::main]
48	+	async fn main() -> anyhow::Result<()> {
49	+	let args = Args::parse();
50	+
51	+	let bpf_path = args.bpffs_path.join(args.bpffs_dir);
52	+
53	+	match args.subcommand {
54	+	Sub::Policy { policy } => {
55	+	let mut policy_manager = PolicyManager::new(bpf_path)?;
56	+
57	+	match policy {
58	+	SubPolicy::Add { r#path } => {
59	+	add_policies(&mut policy_manager, path).await?;
60	+	}
61	+	SubPolicy::List => {
62	+	list_policies(&mut policy_manager).await?;
63	+	}
64	+	}
65	+	}
66	+	}
67	+
68	+	Ok(())
69	+	}
70	+
71	+	async fn add_policies(policy_manager: &mut PolicyManager, r#path: PathBuf) -> anyhow::Result<()> {
72	+	let mut all = policy_manager.manage_all()?;
73	+	let policies = reader::read_policies(r#path)?;
74	+	for policy in policies {
75	+	all.add_policy(policy).await?;
76	+	}
77	+	Ok(())
78	+	}
79	+
80	+	async fn list_policies(policy_manager: &mut PolicyManager) -> anyhow::Result<()> {
81	+	let file_open = list_file_open(policy_manager).await?;
82	+	let setuid = list_task_fix_setuid(policy_manager).await?;
83	+	let socket_bind = list_socket_bind(policy_manager).await?;
84	+	let socket_connect = list_socket_connect(policy_manager).await?;
85	+
86	+	let table = vec![
87	+	vec!["file_open".cell()],
88	+	vec![file_open.display()?.cell()],
89	+	vec!["setuid".cell()],
90	+	vec![setuid.display()?.cell()],
91	+	vec!["socket_bind".cell()],
92	+	vec![socket_bind.display()?.cell()],
93	+	vec!["socket_connect".cell()],
94	+	vec![socket_connect.display()?.cell()],
95	+	]
96	+	.table()
97	+	.title(vec!["Policy".cell().bold(true)]);
98	+
99	+	print_stdout(table)?;
100	+
101	+	Ok(())
102	+	}
103	+

guardctl/src/policy/socket_bind.rs examples/cli/examples/cli/socket_bind.rs

Content is identical

guardctl/src/policy/socket_connect.rs examples/cli/examples/cli/socket_connect.rs

Content is identical

guardctl/src/policy/task_fix_setuid.rs examples/cli/examples/cli/task_fix_setuid.rs

Content is identical

■ ■ ■ ■ ■ ■

examples/daemon/Cargo.toml

1	+	[package]
2	+	name = "daemon"
3	+	version = "0.1.0"
4	+	edition = "2021"
5	+
6	+	[dependencies]
7	+	anyhow = { version = "1", features = ["backtrace"] }
8	+	clap = { version = "4.2", features = ["derive"] }
9	+	env_logger = "0.10"
10	+	guardity = { path = "../../guardity" }
11	+	log = "0.4"
12	+	tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "signal", "sync"] }
13	+

guardity/src/main.rs examples/daemon/examples/daemon.rs

Content is identical

■ ■ ■ ■ ■ ■

guardctl/Cargo.toml

1	-	[package]
2	-	name = "guardctl"
3	-	version = "0.1.0"
4	-	edition = "2021"
5	-
6	-	[dependencies]
7	-	anyhow = { version = "1.0", features = ["backtrace"] }
8	-	aya = "0.11"
9	-	clap = { version = "4.1", features = ["derive"] }
10	-	cli-table = "0.4"
11	-	guardity = { path = "../guardity" }
12	-	guardity-common = { path = "../guardity-common", features = ["user"] }
13	-	tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "signal", "sync"] }
14	-

■ ■ ■ ■ ■ ■

guardctl/src/main.rs

1	-	use std::path::PathBuf;
2	-
3	-	use clap::{Parser, Subcommand};
4	-	use guardity::PolicyManager;
5	-	use policy::{add_policies, list_policies};
6	-
7	-	mod policy;
8	-
9	-	#[derive(Parser)]
10	-	struct Args {
11	-	#[clap(long, default_value = "/sys/fs/bpf")]
12	-	bpffs_path: PathBuf,
13	-	#[clap(long, default_value = "guardity")]
14	-	bpffs_dir: PathBuf,
15	-	#[command(subcommand)]
16	-	subcommand: Sub,
17	-	}
18	-
19	-	#[derive(Subcommand)]
20	-	enum Sub {
21	-	/// Manage policies.
22	-	Policy {
23	-	#[command(subcommand)]
24	-	policy: SubPolicy,
25	-	},
26	-	}
27	-
28	-	#[derive(Subcommand)]
29	-	enum SubPolicy {
30	-	/// Add policies.
31	-	Add {
32	-	#[clap(long)]
33	-	r#path: PathBuf,
34	-	},
35	-	/// List policies.
36	-	List,
37	-	}
38	-
39	-	#[tokio::main]
40	-	async fn main() -> anyhow::Result<()> {
41	-	let args = Args::parse();
42	-
43	-	let bpf_path = args.bpffs_path.join(args.bpffs_dir);
44	-
45	-	match args.subcommand {
46	-	Sub::Policy { policy } => {
47	-	let mut policy_manager = PolicyManager::new(bpf_path)?;
48	-
49	-	match policy {
50	-	SubPolicy::Add { r#path } => {
51	-	add_policies(&mut policy_manager, path).await?;
52	-	}
53	-	SubPolicy::List => {
54	-	list_policies(&mut policy_manager).await?;
55	-	}
56	-	}
57	-	}
58	-	}
59	-
60	-	Ok(())
61	-	}
62	-

■ ■ ■ ■ ■ ■

guardctl/src/policy/mod.rs

1	-	use std::path::PathBuf;
2	-
3	-	use cli_table::{print_stdout, Cell, Style, Table};
4	-	use guardity::{policy::reader, PolicyManager};
5	-
6	-	use self::{
7	-	file_open::list_file_open, socket_bind::list_socket_bind, socket_connect::list_socket_connect,
8	-	task_fix_setuid::list_task_fix_setuid,
9	-	};
10	-
11	-	pub(crate) mod file_open;
12	-	pub(crate) mod socket_bind;
13	-	pub(crate) mod socket_connect;
14	-	pub(crate) mod task_fix_setuid;
15	-
16	-	pub(crate) async fn add_policies(
17	-	policy_manager: &mut PolicyManager,
18	-	r#path: PathBuf,
19	-	) -> anyhow::Result<()> {
20	-	let mut all = policy_manager.manage_all()?;
21	-	let policies = reader::read_policies(r#path)?;
22	-	for policy in policies {
23	-	all.add_policy(policy).await?;
24	-	}
25	-	Ok(())
26	-	}
27	-
28	-	pub(crate) async fn list_policies(policy_manager: &mut PolicyManager) -> anyhow::Result<()> {
29	-	let file_open = list_file_open(policy_manager).await?;
30	-	let setuid = list_task_fix_setuid(policy_manager).await?;
31	-	let socket_bind = list_socket_bind(policy_manager).await?;
32	-	let socket_connect = list_socket_connect(policy_manager).await?;
33	-
34	-	let table = vec![
35	-	vec!["file_open".cell()],
36	-	vec![file_open.display()?.cell()],
37	-	vec!["setuid".cell()],
38	-	vec![setuid.display()?.cell()],
39	-	vec!["socket_bind".cell()],
40	-	vec![socket_bind.display()?.cell()],
41	-	vec!["socket_connect".cell()],
42	-	vec![socket_connect.display()?.cell()],
43	-	]
44	-	.table()
45	-	.title(vec!["Policy".cell().bold(true)]);
46	-
47	-	print_stdout(table)?;
48	-
49	-	Ok(())
50	-	}
51	-

■ ■ ■ ■ ■ ■

guardity/Cargo.toml

		skipped 1 lines
2	2		name = "guardity"
3	3		version = "0.1.0"
4	4		edition = "2021"
5		-	publish = false
6	5
7	6		[dependencies]
	7	+	anyhow = { version = "1", features = ["backtrace"] }
8	8		aya = { git = "https://github.com/aya-rs/aya", branch = "main", features=["async_tokio"] }
9	9		bytes = "1.4"
10	10		clap = { version = "4.2", features = ["derive"] }
11	11		guardity-common = { path = "../guardity-common", features = ["user"] }
12		-	anyhow = { version = "1", features = ["backtrace"] }
13	12		env_logger = "0.10"
14	13		log = "0.4"
15	14		once_cell = "1.17"
		skipped 3 lines
19	18		tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "signal", "sync"] }
20	19		thiserror = "1.0"
21	20
22		-	[[bin]]
	21	+	[lib]
23	22		name = "guardity"
24		-	path = "src/main.rs"
	23	+	path = "src/lib.rs"
25	24

■ ■ ■ ■ ■ ■

xtask/src/run.rs

		skipped 18 lines
19	19		/// Arguments to pass to your application
20	20		#[clap(name = "args", last = true)]
21	21		pub run_args: Vec<String>,
	22	+	#[clap(long)]
	23	+	pub example: String,
22	24		}
23	25
24		-	/// Build the project
	26	+	/// Build the examples
25	27		fn build(opts: &Options) -> Result<(), anyhow::Error> {
26		-	let mut args = vec!["build"];
	28	+	let mut args = vec!["build", "--example", &opts.example];
27	29		if opts.release {
28	30		args.push("--release")
29	31		}
30	32		let status = Command::new("cargo")
31	33		.args(&args)
32	34		.status()
33		-	.expect("failed to build userspace");
	35	+	.expect("failed to build user space examples");
34	36		assert!(status.success());
35	37		Ok(())
36	38		}
		skipped 10 lines
47	49
48	50		// profile we are building (release or debug)
49	51		let profile = if opts.release { "release" } else { "debug" };
50		-	let bin_path = format!("target/{profile}/guardity");
	52	+	let example = opts.example;
	53	+	let bin_path = format!("target/{profile}/examples/{example}");
51	54
52	55		// arguments to pass to the application
53	56		let mut run_args: Vec<_> = opts.run_args.iter().map(String::as_str).collect();
		skipped 18 lines

Make separation between library and examples