linprov 0.2.5

eBPF mark-of-the-web for Linux: tag network-touched files and enforce who can exec them.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

//! The operating mode enum, shared between CLI parsing, the TOML config
//! file, and the daemon entry. Lives in its own module so both clap's
//! `ValueEnum` and serde's `Deserialize` can derive on it without
//! pulling in the rest of `main.rs`.

use clap::ValueEnum;
use linprov_common::{MODE_ENFORCE, MODE_OBSERVE, MODE_SOAK};
use serde::Deserialize;

#[derive(Clone, Copy, Debug, Deserialize, ValueEnum, PartialEq, Eq)]
#[serde(rename_all = "lowercase")]
pub enum Mode {
    /// Log only; nothing enforced or recorded persistently.
    Observe,
    /// Log and append one rule per PROVENANCE-EXEC, joining all
    /// `--soak` dims into a single conjunction.
    Soak,
    /// Block execve of marked files whose origin doesn't match any
    /// allowlist rule. `-EPERM` from `security_bprm_check`.
    Enforce,
}

impl Mode {
    pub fn as_u32(self) -> u32 {
        match self {
            Mode::Observe => MODE_OBSERVE,
            Mode::Soak => MODE_SOAK,
            Mode::Enforce => MODE_ENFORCE,
        }
    }
}