STRLCPY/ebpfguard

■ ■ ■ ■ ■ ■

.vim/coc-settings.json

1	1		{
2		-	"rust-analyzer.linkedProjects": ["Cargo.toml", "guardity-ebpf/Cargo.toml"]
	2	+	"rust-analyzer.linkedProjects": ["Cargo.toml", "ebpfguard-ebpf/Cargo.toml"]
3	3		}
4	4

■ ■ ■ ■ ■ ■

.vscode/settings.json

1	1		{
2		-	"rust-analyzer.linkedProjects": ["Cargo.toml", "guardity-ebpf/Cargo.toml"]
	2	+	"rust-analyzer.linkedProjects": ["Cargo.toml", "ebpfguard-ebpf/Cargo.toml"]
3	3		}
4	4

■ ■ ■ ■ ■ ■

Cargo.toml

1	1		[workspace]
2	2		members = [
3		-	"guardity",
4		-	"guardity-common",
	3	+	"ebpfguard",
	4	+	"ebpfguard-common",
5	5		"xtask",
6	6		"examples/*",
7	7		]
		skipped 4 lines

■ ■ ■ ■ ■ ■

README.md

1		-	[![Workflow Status](https://github.com/deepfence/guardity/workflows/build-test/badge.svg)](https://github.com/deepfence/guardity/actions?query=workflow)
	1	+	[![Workflow Status](https://github.com/deepfence/ebpfguard/workflows/build-test/badge.svg)](https://github.com/deepfence/ebpfguard/actions?query=workflow)
2	2
3		-	# guardity
	3	+	# ebpfguard
4	4
5		-	Guardity is a library for managing Linux security policies. It is based on
	5	+	Ebpfguard is a library for managing Linux security policies. It is based on
6	6		[LSM hooks](https://www.kernel.org/doc/html/latest/admin-guide/LSM/index.html),
7	7		but without necessity to write any kernel modules or eBPF programs directly.
8	8		It allows to write policies in Rust (or YAML) in user space.
		skipped 32 lines
41	41
42	42		## LSM hooks
43	43
44		-	LSM hooks supported by Guardity are:
	44	+	LSM hooks supported by Ebpfguard are:
45	45
46	46		* [`bprm_check_security`](https://elixir.bootlin.com/linux/v6.2.12/source/include/linux/lsm_hooks.h#L62)
47	47		* [`file_open`](https://elixir.bootlin.com/linux/v6.2.12/source/include/linux/lsm_hooks.h#L620)
		skipped 7 lines
55	55
56	56		#### `file_open`
57	57
58		-	The [file_open](https://github.com/deepfence/guardity/tree/main/examples/file_open)
	58	+	The [file_open](https://github.com/deepfence/ebpfguard/tree/main/examples/file_open)
59	59		example shows how to define a policy for `file_open` LSM hook as Rust code.
60	60		It denies the given binary (or all processes, if none defined) from opening
61	61		the given directory.
		skipped 30 lines
92	92
93	93		#### `task_fix_setuid`
94	94
95		-	The [task_fix_setuid](https://github.com/deepfence/guardity/tree/main/examples/task_fix_setuid)
	95	+	The [task_fix_setuid](https://github.com/deepfence/ebpfguard/tree/main/examples/task_fix_setuid)
96	96		example shows how to define a policy for `task_fix_setuid` LSM hook as Rust
97	97		code. It denies the `setuid` operation for all processes except for the
98	98		optionally given one.
		skipped 48 lines
147	147		```
148	148
149	149		You can apply policies from the
150		-	[example YAML file](https://github.com/deepfence/guardity/blob/main/examples/cli/policy.yaml):
	150	+	[example YAML file](https://github.com/deepfence/ebpfguard/blob/main/examples/cli/policy.yaml):
151	151
152	152		```bash
153	153		$ cargo xtask run --example cli -- policy add --path examples/cli/policy.yaml
		skipped 1 lines
155	155
156	156		## License
157	157
158		-	Guardity's userspace part is licensed under
159		-	[Apache License, version 2.0](https://github.com/deepfence/guardity/blob/main/LICENSE).
	158	+	Ebpfguard's userspace part is licensed under
	159	+	[Apache License, version 2.0](https://github.com/deepfence/ebpfguard/blob/main/LICENSE).
160	160
161		-	eBPF programs inside guardity-ebpf directory are licensed under
162		-	[GNU General Public License, version 2](https://github.com/deepfence/guardity/blob/main/guardity-ebpf/LICENSE).
	161	+	eBPF programs inside ebpfguard-ebpf directory are licensed under
	162	+	[GNU General Public License, version 2](https://github.com/deepfence/ebpfguard/blob/main/ebpfguard-ebpf/LICENSE).

■ ■ ■ ■ ■ ■

README.tpl

1		-	[![Workflow Status](https://github.com/deepfence/guardity/workflows/build-test/badge.svg)](https://github.com/deepfence/guardity/actions?query=workflow)
	1	+	[![Workflow Status](https://github.com/deepfence/ebpfguard/workflows/build-test/badge.svg)](https://github.com/deepfence/ebpfguard/actions?query=workflow)
2	2
3	3		# {{crate}}
4	4
		skipped 1 lines
6	6
7	7		## License
8	8
9		-	Guardity's userspace part is licensed under
10		-	[Apache License, version 2.0](https://github.com/deepfence/guardity/blob/main/LICENSE).
	9	+	Ebpfguard's userspace part is licensed under
	10	+	[Apache License, version 2.0](https://github.com/deepfence/ebpfguard/blob/main/LICENSE).
11	11
12		-	eBPF programs inside guardity-ebpf directory are licensed under
13		-	[GNU General Public License, version 2](https://github.com/deepfence/guardity/blob/main/guardity-ebpf/LICENSE).
	12	+	eBPF programs inside ebpfguard-ebpf directory are licensed under
	13	+	[GNU General Public License, version 2](https://github.com/deepfence/ebpfguard/blob/main/ebpfguard-ebpf/LICENSE).
14	14

■ ■ ■ ■ ■ ■

guardity/Cargo.toml ebpfguard/Cargo.toml

1	1		[package]
2		-	name = "guardity"
	2	+	name = "ebpfguard"
3	3		version = "0.1.0"
4	4		edition = "2021"
5	5
		skipped 1 lines
7	7		aya = { git = "https://github.com/aya-rs/aya", branch = "main", features=["async_tokio"] }
8	8		bytes = "1.4"
9	9		clap = { version = "4.2", features = ["derive"] }
10		-	guardity-common = { path = "../guardity-common", features = ["user"] }
	10	+	ebpfguard-common = { path = "../ebpfguard-common", features = ["user"] }
11	11		env_logger = "0.10"
12	12		log = "0.4"
13	13		once_cell = "1.17"
		skipped 4 lines
18	18		thiserror = "1.0"
19	19
20	20		[lib]
21		-	name = "guardity"
	21	+	name = "ebpfguard"
22	22		path = "src/lib.rs"
23	23

■ ■ ■ ■ ■ ■

guardity/src/alerts.rs ebpfguard/src/alerts.rs

1		-	use guardity_common::alerts;
	1	+	use ebpfguard_common::alerts;
2	2		use std::{
3	3		net::{IpAddr, Ipv4Addr, Ipv6Addr},
4	4		path::PathBuf,
		skipped 110 lines

■ ■ ■ ■ ■ ■

guardity/src/error.rs ebpfguard/src/error.rs

1	1		use thiserror::Error;
2	2
3	3		#[derive(Debug, Error)]
4		-	pub enum GuardityError {
	4	+	pub enum EbpfguardError {
5	5		#[error("Failed to load BPF program: {0}")]
6	6		Bpf(#[from] aya::BpfError),
7	7
		skipped 19 lines

guardity/src/fs.rs ebpfguard/src/fs.rs

Content is identical

■ ■ ■ ■ ■ ■

guardity/src/hooks.rs ebpfguard/src/hooks.rs

		skipped 8 lines
9	9		util::online_cpus,
10	10		};
11	11		use bytes::BytesMut;
12		-	use guardity_common::{
	12	+	use ebpfguard_common::{
13	13		alerts as ebpf_alerts,
14	14		policy::{self as ebpf_policy, IpAddrs},
15	15		};
		skipped 6 lines
22	22		task,
23	23		};
24	24
25		-	use crate::{alerts, error::GuardityError, policy, InodeSubjectMap};
	25	+	use crate::{alerts, error::EbpfguardError, policy, InodeSubjectMap};
26	26
27	27		static INODE_SUBJECT_MAP: Lazy<Mutex<InodeSubjectMap>> =
28	28		Lazy::new(\|\| Mutex::new(InodeSubjectMap::default()));
		skipped 7 lines
36	36		}
37	37
38	38		impl All {
39		-	pub async fn add_policy(&mut self, policy: policy::Policy) -> Result<(), GuardityError> {
	39	+	pub async fn add_policy(&mut self, policy: policy::Policy) -> Result<(), EbpfguardError> {
40	40		match policy {
41	41		policy::Policy::FileOpen(policy) => self.file_open.add_policy(policy).await?,
42	42		policy::Policy::TaskFixSetuid(policy) => {
		skipped 14 lines
57	57		}
58	58
59	59		impl BprmCheckSecurity {
60		-	pub async fn alerts(&mut self) -> Result<Receiver<alerts::BprmCheckSecurity>, GuardityError> {
	60	+	pub async fn alerts(&mut self) -> Result<Receiver<alerts::BprmCheckSecurity>, EbpfguardError> {
61	61		perf_array_alerts::<ebpf_alerts::BprmCheckSecurity, alerts::BprmCheckSecurity>(
62	62		&mut self.perf_array,
63	63		)
		skipped 10 lines
74	74		}
75	75
76	76		impl FileOpen {
77		-	pub async fn add_policy(&mut self, policy: policy::FileOpen) -> Result<(), GuardityError> {
	77	+	pub async fn add_policy(&mut self, policy: policy::FileOpen) -> Result<(), EbpfguardError> {
78	78		let bin_inode = {
79	79		let mut map = INODE_SUBJECT_MAP.lock().await;
80	80		map.resolve_path(policy.subject)?
		skipped 8 lines
89	89		Ok(())
90	90		}
91	91
92		-	pub async fn list_policies(&self) -> Result<Vec<policy::FileOpen>, GuardityError> {
	92	+	pub async fn list_policies(&self) -> Result<Vec<policy::FileOpen>, EbpfguardError> {
93	93		let mut policies = Vec::new();
94	94
95	95		for res in self.allowed_map.iter() {
		skipped 15 lines
111	111		Ok(policies)
112	112		}
113	113
114		-	pub async fn alerts(&mut self) -> Result<Receiver<alerts::FileOpen>, GuardityError> {
	114	+	pub async fn alerts(&mut self) -> Result<Receiver<alerts::FileOpen>, EbpfguardError> {
115	115		perf_array_alerts::<ebpf_alerts::FileOpen, alerts::FileOpen>(&mut self.perf_array).await
116	116		}
117	117		}
		skipped 7 lines
125	125		}
126	126
127	127		impl TaskFixSetuid {
128		-	pub async fn add_policy(&mut self, policy: policy::TaskFixSetuid) -> Result<(), GuardityError> {
	128	+	pub async fn add_policy(
	129	+	&mut self,
	130	+	policy: policy::TaskFixSetuid,
	131	+	) -> Result<(), EbpfguardError> {
129	132		let bin_inode = {
130	133		let mut map = INODE_SUBJECT_MAP.lock().await;
131	134		map.resolve_path(policy.subject)?
		skipped 8 lines
140	143		Ok(())
141	144		}
142	145
143		-	pub async fn list_policies(&self) -> Result<Vec<policy::TaskFixSetuid>, GuardityError> {
	146	+	pub async fn list_policies(&self) -> Result<Vec<policy::TaskFixSetuid>, EbpfguardError> {
144	147		let mut policies = Vec::new();
145	148
146	149		for res in self.allowed_map.iter() {
		skipped 27 lines
174	177		Ok(policies)
175	178		}
176	179
177		-	pub async fn alerts(&mut self) -> Result<Receiver<alerts::TaskFixSetuid>, GuardityError> {
	180	+	pub async fn alerts(&mut self) -> Result<Receiver<alerts::TaskFixSetuid>, EbpfguardError> {
178	181		perf_array_alerts::<ebpf_alerts::TaskFixSetuid, alerts::TaskFixSetuid>(&mut self.perf_array)
179	182		.await
180	183		}
		skipped 8 lines
189	192		}
190	193
191	194		impl SocketBind {
192		-	pub async fn add_policy(&mut self, policy: policy::SocketBind) -> Result<(), GuardityError> {
	195	+	pub async fn add_policy(&mut self, policy: policy::SocketBind) -> Result<(), EbpfguardError> {
193	196		let bin_inode = {
194	197		let mut map = INODE_SUBJECT_MAP.lock().await;
195	198		map.resolve_path(policy.subject)?
		skipped 8 lines
204	207		Ok(())
205	208		}
206	209
207		-	pub async fn list_policies(&self) -> Result<Vec<policy::SocketBind>, GuardityError> {
	210	+	pub async fn list_policies(&self) -> Result<Vec<policy::SocketBind>, EbpfguardError> {
208	211		let mut policies = Vec::new();
209	212
210	213		for res in self.allowed_map.iter() {
		skipped 15 lines
226	229		Ok(policies)
227	230		}
228	231
229		-	pub async fn alerts(&mut self) -> Result<Receiver<alerts::SocketBind>, GuardityError> {
	232	+	pub async fn alerts(&mut self) -> Result<Receiver<alerts::SocketBind>, EbpfguardError> {
230	233		perf_array_alerts::<ebpf_alerts::SocketBind, alerts::SocketBind>(&mut self.perf_array).await
231	234		}
232	235		}
		skipped 9 lines
242	245		}
243	246
244	247		impl SocketConnect {
245		-	pub async fn add_policy(&mut self, policy: policy::SocketConnect) -> Result<(), GuardityError> {
	248	+	pub async fn add_policy(
	249	+	&mut self,
	250	+	policy: policy::SocketConnect,
	251	+	) -> Result<(), EbpfguardError> {
246	252		let bin_inode = {
247	253		let mut map = INODE_SUBJECT_MAP.lock().await;
248	254		map.resolve_path(policy.subject)?
		skipped 10 lines
259	265		Ok(())
260	266		}
261	267
262		-	pub async fn list_policies(&self) -> Result<Vec<policy::SocketConnect>, GuardityError> {
	268	+	pub async fn list_policies(&self) -> Result<Vec<policy::SocketConnect>, EbpfguardError> {
263	269		let mut policies = Vec::new();
264	270
265	271		for res in self.allowed_map_v4.iter() {
		skipped 54 lines
320	326		Ok(policies)
321	327		}
322	328
323		-	pub async fn alerts(&mut self) -> Result<Receiver<alerts::SocketConnect>, GuardityError> {
	329	+	pub async fn alerts(&mut self) -> Result<Receiver<alerts::SocketConnect>, EbpfguardError> {
324	330		perf_array_alerts::<ebpf_alerts::SocketConnect, alerts::SocketConnect>(&mut self.perf_array)
325	331		.await
326	332		}
		skipped 1 lines
328	334
329	335		pub async fn perf_array_alerts<E, U>(
330	336		perf_array: &mut AsyncPerfEventArray<MapData>,
331		-	) -> Result<Receiver<U>, GuardityError>
	337	+	) -> Result<Receiver<U>, EbpfguardError>
332	338		where
333	339		E: ebpf_alerts::Alert,
334	340		U: alerts::Alert + Debug + Send + From<E> + 'static,
		skipped 29 lines

■ ■ ■ ■ ■ ■

guardity/src/lib.rs ebpfguard/src/lib.rs

1		-	//! Guardity is a library for managing Linux security policies. It is based on
	1	+	//! Ebpfguard is a library for managing Linux security policies. It is based on
2	2		//! [LSM hooks](https://www.kernel.org/doc/html/latest/admin-guide/LSM/index.html),
3	3		//! but without necessity to write any kernel modules or eBPF programs directly.
4	4		//! It allows to write policies in Rust (or YAML) in user space.
		skipped 32 lines
37	37		//!
38	38		//! # LSM hooks
39	39		//!
40		-	//! LSM hooks supported by Guardity are:
	40	+	//! LSM hooks supported by Ebpfguard are:
41	41		//!
42	42		//! * [`bprm_check_security`](https://elixir.bootlin.com/linux/v6.2.12/source/include/linux/lsm_hooks.h#L62)
43	43		//! * [`file_open`](https://elixir.bootlin.com/linux/v6.2.12/source/include/linux/lsm_hooks.h#L620)
		skipped 7 lines
51	51		//!
52	52		//! ### `file_open`
53	53		//!
54		-	//! The [file_open](https://github.com/deepfence/guardity/tree/main/examples/file_open)
	54	+	//! The [file_open](https://github.com/deepfence/ebpfguard/tree/main/examples/file_open)
55	55		//! example shows how to define a policy for `file_open` LSM hook as Rust code.
56	56		//! It denies the given binary (or all processes, if none defined) from opening
57	57		//! the given directory.
		skipped 30 lines
88	88		//!
89	89		//! ### `task_fix_setuid`
90	90		//!
91		-	//! The [task_fix_setuid](https://github.com/deepfence/guardity/tree/main/examples/task_fix_setuid)
	91	+	//! The [task_fix_setuid](https://github.com/deepfence/ebpfguard/tree/main/examples/task_fix_setuid)
92	92		//! example shows how to define a policy for `task_fix_setuid` LSM hook as Rust
93	93		//! code. It denies the `setuid` operation for all processes except for the
94	94		//! optionally given one.
		skipped 48 lines
143	143		//! ```
144	144		//!
145	145		//! You can apply policies from the
146		-	//! [example YAML file](https://github.com/deepfence/guardity/blob/main/examples/cli/policy.yaml):
	146	+	//! [example YAML file](https://github.com/deepfence/ebpfguard/blob/main/examples/cli/policy.yaml):
147	147		//!
148	148		//! ```bash
149	149		//! $ cargo xtask run --example cli -- policy add --path examples/cli/policy.yaml
		skipped 13 lines
163	163		pub mod hooks;
164	164		pub mod policy;
165	165
166		-	use error::GuardityError;
	166	+	use error::EbpfguardError;
167	167		use hooks::{All, BprmCheckSecurity, FileOpen, SocketBind, SocketConnect, TaskFixSetuid};
168	168		use policy::inode::InodeSubjectMap;
169	169
		skipped 7 lines
177	177		/// # Example
178	178		///
179	179		/// ```no_run
180		-	/// use guardity::PolicyManager;
	180	+	/// use ebpfguard::PolicyManager;
181	181		/// use std::path::Path;
182	182		///
183	183		/// let mut policy_manager = PolicyManager::new(Path::new("/sys/fs/bpf/mypolicies")).unwrap();
184	184		/// ```
185		-	pub fn new<P: AsRef<Path>>(bpf_path: P) -> Result<Self, GuardityError> {
	185	+	pub fn new<P: AsRef<Path>>(bpf_path: P) -> Result<Self, EbpfguardError> {
186	186		#[cfg(debug_assertions)]
187	187		let bpf = BpfLoader::new()
188	188		.map_pin_path(&bpf_path)
189	189		.load(include_bytes_aligned!(
190		-	"../../target/bpfel-unknown-none/debug/guardity"
	190	+	"../../target/bpfel-unknown-none/debug/ebpfguard"
191	191		))?;
192	192		#[cfg(not(debug_assertions))]
193	193		let bpf = BpfLoader::new()
194	194		.map_pin_path(&bpf_path)
195	195		.load(include_bytes_aligned!(
196		-	"../../target/bpfel-unknown-none/release/guardity"
	196	+	"../../target/bpfel-unknown-none/release/ebpfguard"
197	197		))?;
198	198
199	199		Ok(Self { bpf })
200	200		}
201	201
202	202		/// Attaches and returns a handle to all LSM hooks.
203		-	pub fn attach_all(&mut self) -> Result<All, GuardityError> {
	203	+	pub fn attach_all(&mut self) -> Result<All, EbpfguardError> {
204	204		let bprm_check_security = self.attach_bprm_check_security()?;
205	205		let file_open = self.attach_file_open()?;
206	206		let task_fix_setuid = self.attach_task_fix_setuid()?;
		skipped 9 lines
216	216		})
217	217		}
218	218
219		-	pub fn manage_all(&mut self) -> Result<All, GuardityError> {
	219	+	pub fn manage_all(&mut self) -> Result<All, EbpfguardError> {
220	220		let bprm_check_security = self.manage_bprm_check_security()?;
221	221		let file_open = self.manage_file_open()?;
222	222		let task_fix_setuid = self.manage_task_fix_setuid()?;
		skipped 9 lines
232	232		})
233	233		}
234	234
235		-	pub fn attach_bprm_check_security(&mut self) -> Result<BprmCheckSecurity, GuardityError> {
	235	+	pub fn attach_bprm_check_security(&mut self) -> Result<BprmCheckSecurity, EbpfguardError> {
236	236		let mut bprm_check_security = self.manage_bprm_check_security()?;
237	237		let program_link = self.attach_program("bprm_check_security")?;
238	238		bprm_check_security.program_link = Some(program_link);
		skipped 1 lines
240	240		Ok(bprm_check_security)
241	241		}
242	242
243		-	pub fn manage_bprm_check_security(&mut self) -> Result<BprmCheckSecurity, GuardityError> {
	243	+	pub fn manage_bprm_check_security(&mut self) -> Result<BprmCheckSecurity, EbpfguardError> {
244	244		let perf_array = self
245	245		.bpf
246	246		.take_map("ALERT_BPRM_CHECK_SECURITY")
		skipped 6 lines
253	253		})
254	254		}
255	255
256		-	pub fn attach_file_open(&mut self) -> Result<FileOpen, GuardityError> {
	256	+	pub fn attach_file_open(&mut self) -> Result<FileOpen, EbpfguardError> {
257	257		let mut file_open = self.manage_file_open()?;
258	258		let program_link = self.attach_program("file_open")?;
259	259		file_open.program_link = Some(program_link);
		skipped 1 lines
261	261		Ok(file_open)
262	262		}
263	263
264		-	pub fn manage_file_open(&mut self) -> Result<FileOpen, GuardityError> {
	264	+	pub fn manage_file_open(&mut self) -> Result<FileOpen, EbpfguardError> {
265	265		let allowed_map = self.bpf.take_map("ALLOWED_FILE_OPEN").unwrap().try_into()?;
266	266		let denied_map = self.bpf.take_map("DENIED_FILE_OPEN").unwrap().try_into()?;
267	267		let perf_array = self.bpf.take_map("ALERT_FILE_OPEN").unwrap().try_into()?;
		skipped 6 lines
274	274		})
275	275		}
276	276
277		-	pub fn attach_task_fix_setuid(&mut self) -> Result<TaskFixSetuid, GuardityError> {
	277	+	pub fn attach_task_fix_setuid(&mut self) -> Result<TaskFixSetuid, EbpfguardError> {
278	278		let mut task_fix_setuid = self.manage_task_fix_setuid()?;
279	279		let program_link = self.attach_program("task_fix_setuid")?;
280	280		task_fix_setuid.program_link = Some(program_link);
		skipped 1 lines
282	282		Ok(task_fix_setuid)
283	283		}
284	284
285		-	pub fn manage_task_fix_setuid(&mut self) -> Result<TaskFixSetuid, GuardityError> {
	285	+	pub fn manage_task_fix_setuid(&mut self) -> Result<TaskFixSetuid, EbpfguardError> {
286	286		let allowed_map = self
287	287		.bpf
288	288		.take_map("ALLOWED_TASK_FIX_SETUID")
		skipped 18 lines
307	307		})
308	308		}
309	309
310		-	pub fn attach_socket_bind(&mut self) -> Result<SocketBind, GuardityError> {
	310	+	pub fn attach_socket_bind(&mut self) -> Result<SocketBind, EbpfguardError> {
311	311		let mut socket_bind = self.manage_socket_bind()?;
312	312		let program_link = self.attach_program("socket_bind")?;
313	313		socket_bind.program_link = Some(program_link);
		skipped 1 lines
315	315		Ok(socket_bind)
316	316		}
317	317
318		-	pub fn manage_socket_bind(&mut self) -> Result<SocketBind, GuardityError> {
	318	+	pub fn manage_socket_bind(&mut self) -> Result<SocketBind, EbpfguardError> {
319	319		let allowed_map = self
320	320		.bpf
321	321		.take_map("ALLOWED_SOCKET_BIND")
		skipped 14 lines
336	336		})
337	337		}
338	338
339		-	pub fn attach_socket_connect(&mut self) -> Result<SocketConnect, GuardityError> {
	339	+	pub fn attach_socket_connect(&mut self) -> Result<SocketConnect, EbpfguardError> {
340	340		let mut socket_connect = self.manage_socket_connect()?;
341	341		let program_link = self.attach_program("socket_connect")?;
342	342		socket_connect.program_link = Some(program_link);
		skipped 1 lines
344	344		Ok(socket_connect)
345	345		}
346	346
347		-	pub fn manage_socket_connect(&mut self) -> Result<SocketConnect, GuardityError> {
	347	+	pub fn manage_socket_connect(&mut self) -> Result<SocketConnect, EbpfguardError> {
348	348		let allowed_map_v4 = self
349	349		.bpf
350	350		.take_map("ALLOWED_SOCKET_CONNECT_V4")
		skipped 30 lines
381	381		})
382	382		}
383	383
384		-	fn attach_program(&mut self, name: &str) -> Result<LsmLink, GuardityError> {
	384	+	fn attach_program(&mut self, name: &str) -> Result<LsmLink, EbpfguardError> {
385	385		let btf = Btf::from_sys_fs()?;
386	386		let program: &mut Lsm = self.bpf.program_mut(name).unwrap().try_into()?;
387	387		program.load(name, &btf)?;
		skipped 7 lines

■ ■ ■ ■ ■ ■

guardity/src/policy/inode.rs ebpfguard/src/policy/inode.rs

1	1		use std::{collections::HashMap, path::PathBuf};
2	2
3		-	use crate::{error::GuardityError, fs};
	3	+	use crate::{error::EbpfguardError, fs};
4	4
5	5		use super::PolicySubject;
6	6
		skipped 3 lines
10	10		}
11	11
12	12		impl InodeSubjectMap {
13		-	pub fn resolve_path(&mut self, subject: PolicySubject) -> Result<u64, GuardityError> {
	13	+	pub fn resolve_path(&mut self, subject: PolicySubject) -> Result<u64, EbpfguardError> {
14	14		match subject {
15	15		PolicySubject::Binary(path) => {
16	16		let inode = fs::inode(&path)?;
		skipped 19 lines

■ ■ ■ ■ ■ ■

guardity/src/policy/mod.rs ebpfguard/src/policy/mod.rs

		skipped 3 lines
4	4		path::PathBuf,
5	5		};
6	6
7		-	use guardity_common::policy as ebpf_policy;
	7	+	use ebpfguard_common::policy as ebpf_policy;
8	8		use serde::{Deserialize, Serialize};
9	9
10	10		use crate::fs;
		skipped 26 lines
37	37		Paths(Vec<PathBuf>),
38	38		}
39	39
40		-	// NOTE(vadorovsky): Converting from `guardity_common::Paths` to `Paths`
	40	+	// NOTE(vadorovsky): Converting from `ebpfguard_common::Paths` to `Paths`
41	41		// requires resolving inodes to paths. Inode/path resolution is not a
42	42		// symmetrical operation (path -> inode resolution is a simple file metadata
43	43		// lookup, while inode -> path resolution requires more complex per-filesystem
		skipped 309 lines

■ ■ ■ ■ ■ ■

guardity/src/policy/reader.rs ebpfguard/src/policy/reader.rs

1	1		use std::{fs, path::Path};
2	2
3		-	use crate::error::GuardityError;
	3	+	use crate::error::EbpfguardError;
4	4
5	5		use super::Policy;
6	6
7		-	pub fn read_policies<P: AsRef<Path>>(path: P) -> Result<Vec<Policy>, GuardityError> {
	7	+	pub fn read_policies<P: AsRef<Path>>(path: P) -> Result<Vec<Policy>, EbpfguardError> {
8	8		let path = path.as_ref();
9	9		let yaml = fs::read_to_string(path)?;
10	10		let policies = serde_yaml::from_str::<Vec<Policy>>(&yaml)?;
		skipped 3 lines

■ ■ ■ ■ ■ ■

guardity-common/Cargo.toml ebpfguard-common/Cargo.toml

1	1		[package]
2		-	name = "guardity-common"
	2	+	name = "ebpfguard-common"
3	3		version = "0.1.0"
4	4		edition = "2021"
5	5
		skipped 10 lines

guardity-common/src/alerts.rs ebpfguard-common/src/alerts.rs

Content is identical

guardity-common/src/consts.rs ebpfguard-common/src/consts.rs

Content is identical

guardity-common/src/lib.rs ebpfguard-common/src/lib.rs

Content is identical

guardity-common/src/policy.rs ebpfguard-common/src/policy.rs

Content is identical

guardity-ebpf/.cargo/config.toml ebpfguard-ebpf/.cargo/config.toml

Content is identical

guardity-ebpf/.vim/coc-settings.json ebpfguard-ebpf/.vim/coc-settings.json

Content is identical

guardity-ebpf/.vscode/settings.json ebpfguard-ebpf/.vscode/settings.json

Content is identical

■ ■ ■ ■ ■ ■

guardity-ebpf/Cargo.toml ebpfguard-ebpf/Cargo.toml

1	1		[package]
2		-	name = "guardity-ebpf"
	2	+	name = "ebpfguard-ebpf"
3	3		version = "0.1.0"
4	4		edition = "2021"
5	5
6	6		[dependencies]
7	7		aya-bpf = { git = "https://github.com/aya-rs/aya", branch = "main" }
8		-	guardity-common = { path = "../guardity-common" }
	8	+	ebpfguard-common = { path = "../ebpfguard-common" }
9	9
10	10		[build-dependencies]
11	11		aya-tool = { git = "https://github.com/aya-rs/aya", branch = "main" }
12	12
13	13		[lib]
14		-	name = "guardity_ebpf"
	14	+	name = "ebpfguard_ebpf"
15	15		path = "src/lib.rs"
16	16
17	17		[[bin]]
18		-	name = "guardity"
	18	+	name = "ebpfguard"
19	19		path = "src/main.rs"
20	20
21	21		[profile.dev]
		skipped 17 lines

guardity-ebpf/LICENSE ebpfguard-ebpf/LICENSE

Content is identical

guardity-ebpf/build.rs ebpfguard-ebpf/build.rs

Content is identical

guardity-ebpf/rust-toolchain.toml ebpfguard-ebpf/rust-toolchain.toml

Content is identical

■ ■ ■ ■ ■ ■

guardity-ebpf/src/binprm.rs ebpfguard-ebpf/src/binprm.rs

		skipped 6 lines
7	7		/// # Examples
8	8		///
9	9		/// ```rust
10		-	/// use guardity_ebpf::binprm::current_binprm_inode;
	10	+	/// use ebpfguard_ebpf::binprm::current_binprm_inode;
11	11		///
12	12		/// let inode = current_binprm_inode();
13	13		/// ```
		skipped 6 lines

■ ■ ■ ■ ■ ■

guardity-ebpf/src/bprm_check_security.rs ebpfguard-ebpf/src/bprm_check_security.rs

1	1		use aya_bpf::{cty::c_long, programs::LsmContext, BpfContext};
2		-	use guardity_common::alerts;
	2	+	use ebpfguard_common::alerts;
3	3
4	4		use crate::{binprm::current_binprm_inode, maps::ALERT_BPRM_CHECK_SECURITY, vmlinux::linux_binprm};
5	5
		skipped 18 lines

guardity-ebpf/src/consts.rs ebpfguard-ebpf/src/consts.rs

Content is identical

■ ■ ■ ■ ■ ■

guardity-ebpf/src/file_open.rs ebpfguard-ebpf/src/file_open.rs

1	1		use aya_bpf::{maps::HashMap, programs::LsmContext, BpfContext};
2		-	use guardity_common::{
	2	+	use ebpfguard_common::{
3	3		alerts,
4	4		consts::INODE_WILDCARD,
5	5		policy::{Paths, MAX_PATHS},
		skipped 18 lines
24	24		///
25	25		/// ```rust
26	26		/// use aya_bpf::{macros::lsm, programs::LsmContext};
27		-	/// use guardity_ebpf::file_open;
	27	+	/// use ebpfguard_ebpf::file_open;
28	28		///
29	29		/// #[lsm(name = "my_program")]
30	30		/// pub fn my_program(ctx: LsmContext) -> i32 {
		skipped 139 lines

guardity-ebpf/src/lib.rs ebpfguard-ebpf/src/lib.rs

Content is identical

■ ■ ■ ■ ■ ■

guardity-ebpf/src/main.rs ebpfguard-ebpf/src/main.rs

		skipped 2 lines
3	3
4	4		use aya_bpf::{macros::lsm, programs::LsmContext};
5	5
6		-	use guardity_ebpf::{
	6	+	use ebpfguard_ebpf::{
7	7		bprm_check_security::bprm_check_security, file_open::file_open, socket_bind::socket_bind,
8	8		socket_connect::socket_connect, task_fix_setuid::task_fix_setuid,
9	9		};
		skipped 40 lines

■ ■ ■ ■ ■ ■

guardity-ebpf/src/maps.rs ebpfguard-ebpf/src/maps.rs

		skipped 1 lines
2	2		macros::map,
3	3		maps::{HashMap, PerfEventArray},
4	4		};
5		-	use guardity_common::{alerts, policy};
	5	+	use ebpfguard_common::{alerts, policy};
6	6
7	7		#[map]
8	8		pub static ALERT_BPRM_CHECK_SECURITY: PerfEventArray<alerts::BprmCheckSecurity> =
		skipped 60 lines

■ ■ ■ ■ ■ ■

guardity-ebpf/src/socket_bind.rs ebpfguard-ebpf/src/socket_bind.rs

1	1		use aya_bpf::{programs::LsmContext, BpfContext};
2		-	use guardity_common::{alerts, consts::INODE_WILDCARD, policy::MAX_PORTS};
	2	+	use ebpfguard_common::{alerts, consts::INODE_WILDCARD, policy::MAX_PORTS};
3	3
4	4		use crate::{
5	5		binprm::current_binprm_inode,
		skipped 13 lines
19	19		///
20	20		/// ```rust
21	21		/// use aya_bpf::{macros::lsm, programs::LsmContext};
22		-	/// use guardity_ebpf::socket_bind;
	22	+	/// use ebpfguard_ebpf::socket_bind;
23	23		///
24	24		/// #[lsm(name = "my_program")]
25	25		/// pub fn my_program(ctx: LsmContext) -> i32 {
		skipped 110 lines

■ ■ ■ ■ ■ ■

guardity-ebpf/src/socket_connect.rs ebpfguard-ebpf/src/socket_connect.rs

1	1		use aya_bpf::{
2	2		cty::c_long, helpers::bpf_probe_read_kernel, maps::HashMap, programs::LsmContext, BpfContext,
3	3		};
4		-	use guardity_common::{
	4	+	use ebpfguard_common::{
5	5		alerts,
6	6		consts::INODE_WILDCARD,
7	7		policy::{IpAddrs, Ipv4Addrs, Ipv6Addrs},
		skipped 19 lines
27	27		///
28	28		/// ```rust
29	29		/// use aya_bpf::{macros::lsm, programs::LsmContext};
30		-	/// use guardity_ebpf::socket_connect;
	30	+	/// use ebpfguard_ebpf::socket_connect;
31	31		///
32	32		/// #[lsm(name = "my_program")]
33	33		/// pub fn my_program(ctx: LsmContext) -> i32 {
		skipped 181 lines

■ ■ ■ ■ ■ ■

guardity-ebpf/src/task_fix_setuid.rs ebpfguard-ebpf/src/task_fix_setuid.rs

1	1		use aya_bpf::{cty::c_long, programs::LsmContext, BpfContext};
2		-	use guardity_common::{alerts, consts::INODE_WILDCARD};
	2	+	use ebpfguard_common::{alerts, consts::INODE_WILDCARD};
3	3
4	4		use crate::{
5	5		binprm::current_binprm_inode,
		skipped 11 lines
17	17		///
18	18		/// ```rust
19	19		/// use aya_bpf::{macros::lsm, programs::LsmContext};
20		-	/// use guardity_ebpf::setuid;
	20	+	/// use ebpfguard_ebpf::setuid;
21	21		///
22	22		/// #[lsm(name = "my_program")]
23	23		/// pub fn my_program(ctx: LsmContext) -> i32 {
		skipped 57 lines

guardity-ebpf/src/vmlinux.rs ebpfguard-ebpf/src/vmlinux.rs

Content is identical

■ ■ ■ ■ ■ ■

examples/cli/Cargo.toml

		skipped 6 lines
7	7		anyhow = { version = "1", features = ["backtrace"] }
8	8		clap = { version = "4.2", features = ["derive"] }
9	9		cli-table = "0.4.7"
10		-	guardity = { path = "../../guardity" }
	10	+	ebpfguard = { path = "../../ebpfguard" }
11	11		tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "signal", "sync"] }
12	12

■ ■ ■ ■ ■ ■

examples/cli/examples/cli/file_open.rs

1	1		use cli_table::{Cell, Style, Table, TableStruct};
2		-	use guardity::{policy::Paths, PolicyManager};
	2	+	use ebpfguard::{policy::Paths, PolicyManager};
3	3
4	4		pub(crate) async fn list_file_open(
5	5		policy_manager: &mut PolicyManager,
		skipped 34 lines

■ ■ ■ ■ ■ ■

examples/cli/examples/cli/main.rs

		skipped 7 lines
8	8		mod socket_connect;
9	9		mod task_fix_setuid;
10	10
	11	+	use ebpfguard::{policy::reader, PolicyManager};
11	12		use file_open::list_file_open;
12		-	use guardity::{policy::reader, PolicyManager};
13	13		use socket_bind::list_socket_bind;
14	14		use socket_connect::list_socket_connect;
15	15		use task_fix_setuid::list_task_fix_setuid;
		skipped 2 lines
18	18		struct Args {
19	19		#[clap(long, default_value = "/sys/fs/bpf")]
20	20		bpffs_path: PathBuf,
21		-	#[clap(long, default_value = "guardity")]
	21	+	#[clap(long, default_value = "ebpfguard")]
22	22		bpffs_dir: PathBuf,
23	23		#[command(subcommand)]
24	24		subcommand: Sub,
		skipped 79 lines

■ ■ ■ ■ ■ ■

examples/cli/examples/cli/socket_bind.rs

1	1		use cli_table::{Cell, Style, Table, TableStruct};
2		-	use guardity::{policy::Ports, PolicyManager};
	2	+	use ebpfguard::{policy::Ports, PolicyManager};
3	3
4	4		pub(crate) async fn list_socket_bind(
5	5		policy_manager: &mut PolicyManager,
		skipped 34 lines

■ ■ ■ ■ ■ ■

examples/cli/examples/cli/socket_connect.rs

1	1		use cli_table::{Cell, Style, Table, TableStruct};
2		-	use guardity::{policy::Addresses, PolicyManager};
	2	+	use ebpfguard::{policy::Addresses, PolicyManager};
3	3
4	4		pub(crate) async fn list_socket_connect(
5	5		policy_manager: &mut PolicyManager,
		skipped 33 lines

■ ■ ■ ■ ■ ■

examples/cli/examples/cli/task_fix_setuid.rs

1	1		use cli_table::{Cell, Style, Table, TableStruct};
2		-	use guardity::PolicyManager;
	2	+	use ebpfguard::PolicyManager;
3	3
4	4		pub(crate) async fn list_task_fix_setuid(
5	5		policy_manager: &mut PolicyManager,
		skipped 17 lines

■ ■ ■ ■ ■ ■

examples/daemon/Cargo.toml

		skipped 6 lines
7	7		anyhow = { version = "1", features = ["backtrace"] }
8	8		clap = { version = "4.2", features = ["derive"] }
9	9		env_logger = "0.10"
10		-	guardity = { path = "../../guardity" }
	10	+	ebpfguard = { path = "../../ebpfguard" }
11	11		log = "0.4"
12	12		tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "signal", "sync"] }
13	13

■ ■ ■ ■ ■ ■

examples/daemon/examples/daemon.rs

		skipped 1 lines
2	2		use std::path::PathBuf;
3	3
4	4		use clap::Parser;
5		-	use guardity::PolicyManager;
	5	+	use ebpfguard::PolicyManager;
6	6		use log::info;
7	7		use tokio::signal;
8	8
		skipped 1 lines
10	10		struct Opt {
11	11		#[clap(long, default_value = "/sys/fs/bpf")]
12	12		bpffs_path: PathBuf,
13		-	#[clap(long, default_value = "guardity")]
	13	+	#[clap(long, default_value = "ebpfguard")]
14	14		bpffs_dir: PathBuf,
15	15		#[clap(long)]
16	16		policy: Vec<PathBuf>,
		skipped 60 lines

■ ■ ■ ■ ■ ■

examples/file_open/Cargo.toml

		skipped 6 lines
7	7		anyhow = { version = "1", features = ["backtrace"] }
8	8		clap = { version = "4.2", features = ["derive"] }
9	9		env_logger = "0.10"
10		-	guardity = { path = "../../guardity" }
	10	+	ebpfguard = { path = "../../ebpfguard" }
11	11		log = "0.4"
12	12		tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "signal", "sync"] }
13	13

■ ■ ■ ■ ■ ■

examples/file_open/examples/file_open.rs

		skipped 3 lines
4	4		};
5	5
6	6		use clap::Parser;
7		-	use guardity::{
	7	+	use ebpfguard::{
8	8		policy::{FileOpen, Paths, PolicySubject},
9	9		PolicyManager,
10	10		};
		skipped 20 lines
31	31
32	32		env_logger::init();
33	33
34		-	// Create a directory where guardity policy manager can store its BPF
	34	+	// Create a directory where ebpfguard policy manager can store its BPF
35	35		// objects (maps).
36	36		let bpf_path = opt.bpffs_path.join(opt.bpffs_dir);
37	37		create_dir_all(&bpf_path)?;
		skipped 48 lines

■ ■ ■ ■ ■ ■

examples/task_fix_setuid/Cargo.toml

		skipped 6 lines
7	7		anyhow = { version = "1", features = ["backtrace"] }
8	8		clap = { version = "4.2", features = ["derive"] }
9	9		env_logger = "0.10"
10		-	guardity = { path = "../../guardity" }
	10	+	ebpfguard = { path = "../../ebpfguard" }
11	11		log = "0.4"
12	12		tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "signal", "sync"] }
13	13

■ ■ ■ ■ ■ ■

examples/task_fix_setuid/examples/task_fix_setuid.rs

		skipped 3 lines
4	4		};
5	5
6	6		use clap::Parser;
7		-	use guardity::{
	7	+	use ebpfguard::{
8	8		policy::{PolicySubject, TaskFixSetuid},
9	9		PolicyManager,
10	10		};
		skipped 16 lines
27	27
28	28		env_logger::init();
29	29
30		-	// Create a directory where guardity policy manager can store its BPF
	30	+	// Create a directory where ebpfguard policy manager can store its BPF
31	31		// objects (maps).
32	32		let bpf_path = opt.bpffs_path.join(opt.bpffs_dir);
33	33		create_dir_all(&bpf_path)?;
		skipped 54 lines

■ ■ ■ ■ ■ ■

xtask/src/build_ebpf.rs

		skipped 39 lines
40	40		}
41	41
42	42		pub fn build_ebpf(opts: Options) -> Result<(), anyhow::Error> {
43		-	let dir = PathBuf::from("guardity-ebpf");
	43	+	let dir = PathBuf::from("ebpfguard-ebpf");
44	44		let target = format!("--target={}", opts.target);
45	45		let mut args = vec![
46	46		"build",
		skipped 23 lines

■ ■ ■ ■ ■ ■

xtask/src/generate_readme.rs

		skipped 9 lines
10	10		}
11	11
12	12		pub fn generate_readme(opts: Options) -> anyhow::Result<()> {
13		-	let project_root = current_dir()?.join("guardity");
14		-	let mut source = File::open("guardity/src/lib.rs")?;
	13	+	let project_root = current_dir()?.join("ebpfguard");
	14	+	let mut source = File::open("ebpfguard/src/lib.rs")?;
15	15		let mut template = File::open("README.tpl")?;
16	16
17	17		let content = cargo_readme::generate_readme(
		skipped 22 lines

sed s/guardity/ebpfguard/g