pub struct Lsm { /* private fields */ }
Expand description
A program that attaches to Linux LSM hooks. Used to implement security policy and audit logging.
LSM probes can be attached to the kernel’s security hooks to implement mandatory access control policy and security auditing.
LSM probes require a kernel compiled with CONFIG_BPF_LSM=y
and CONFIG_DEBUG_INFO_BTF=y
.
In order for the probes to fire, you also need the BPF LSM to be enabled through your
kernel’s boot paramters (like lsm=lockdown,yama,bpf
).
Minimum kernel version
The minimum kernel version required to use this feature is 5.7.
Examples
use aya::{Bpf, programs::Lsm, BtfError, Btf};
use std::convert::TryInto;
let btf = Btf::from_sys_fs()?;
let program: &mut Lsm = bpf.program_mut("lsm_prog").unwrap().try_into()?;
program.load("security_bprm_exec", &btf)?;
program.attach()?;
Implementations
sourceimpl Lsm
impl Lsm
sourcepub fn load(
&mut self,
lsm_hook_name: &str,
btf: &Btf
) -> Result<(), ProgramError>
pub fn load(
&mut self,
lsm_hook_name: &str,
btf: &Btf
) -> Result<(), ProgramError>
Loads the program inside the kernel.
See also Program::load
.
Arguments
lsm_hook_name
- full name of the LSM hook that the program should be attached to
sourcepub fn attach(&mut self) -> Result<LinkRef, ProgramError>
pub fn attach(&mut self) -> Result<LinkRef, ProgramError>
Attaches the program.
Trait Implementations
Auto Trait Implementations
impl !RefUnwindSafe for Lsm
impl !Send for Lsm
impl !Sync for Lsm
impl Unpin for Lsm
impl !UnwindSafe for Lsm
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more