Struct aya::programs::Lsm

source · [−]

pub struct Lsm { /* private fields */ }

Expand description

A program that attaches to Linux LSM hooks. Used to implement security policy and audit logging.

LSM probes can be attached to the kernel’s security hooks to implement mandatory access control policy and security auditing.

LSM probes require a kernel compiled with CONFIG_BPF_LSM=y and CONFIG_DEBUG_INFO_BTF=y. In order for the probes to fire, you also need the BPF LSM to be enabled through your kernel’s boot paramters (like lsm=lockdown,yama,bpf).

Minimum kernel version

The minimum kernel version required to use this feature is 5.7.

Examples

use aya::{Bpf, programs::Lsm, BtfError, Btf};
use std::convert::TryInto;

let btf = Btf::from_sys_fs()?;
let program: &mut Lsm = bpf.program_mut("lsm_prog").unwrap().try_into()?;
program.load("security_bprm_exec", &btf)?;
program.attach()?;

Implementations

impl Lsm

pub fn load(
    &mut self,
    lsm_hook_name: &str,
    btf: &Btf
) -> Result<(), ProgramError>

Loads the program inside the kernel.

See also Program::load.

Arguments

lsm_hook_name - full name of the LSM hook that the program should be attached to

pub fn attach(&mut self) -> Result<LinkRef, ProgramError>

Attaches the program.

Trait Implementations

impl Debug for Lsm

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl ProgramFd for Lsm

fn fd(&self) -> Option<RawFd>

Returns the RawFd of the program if it has been loaded, or None

impl ProgramFd for &mut Lsm

fn fd(&self) -> Option<RawFd>

Returns the RawFd of the program if it has been loaded, or None

impl<'a> TryFrom<&'a Program> for &'a Lsm

type Error = ProgramError

The type returned in the event of a conversion error.

fn try_from(program: &'a Program) -> Result<&'a Lsm, ProgramError>

Performs the conversion.

impl<'a> TryFrom<&'a mut Program> for &'a mut Lsm

type Error = ProgramError

The type returned in the event of a conversion error.

fn try_from(program: &'a mut Program) -> Result<&'a mut Lsm, ProgramError>

Performs the conversion.

Auto Trait Implementations

impl !RefUnwindSafe for Lsm

impl !Send for Lsm

impl !Sync for Lsm

impl Unpin for Lsm

impl !UnwindSafe for Lsm

Blanket Implementations

impl<T> Any for T where
T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T where
T: ?Sized,

const: unstable · source

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T where
T: ?Sized,

const: unstable · source

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

const: unstable · source

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T where
U: From<T>,

const: unstable · source

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T, U> TryFrom<U> for T where
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

const: unstable · source

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T where
U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

const: unstable · source

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.