From 5d58a04c007192b18536671af2dc787f59ec8abb Mon Sep 17 00:00:00 2001 From: Jiri Olsa Date: Sun, 25 Feb 2024 09:08:08 +0000 Subject: [PATCH] tetragon: Move enforcer sensor maps under new hierarchy Moving enforcer sensor maps under new hierarchy. per policy maps: enforcer_data Signed-off-by: Jiri Olsa --- pkg/sensors/tracing/enforcer.go | 14 +++++++------- pkg/sensors/tracing/generickprobe.go | 8 ++++---- pkg/sensors/tracing/generictracepoint.go | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/pkg/sensors/tracing/enforcer.go b/pkg/sensors/tracing/enforcer.go index 3abbf132158..15dbc097f7f 100644 --- a/pkg/sensors/tracing/enforcer.go +++ b/pkg/sensors/tracing/enforcer.go @@ -50,9 +50,8 @@ func init() { sensors.RegisterPolicyHandlerAtInit("enforcer", gEnforcerPolicy) } -func enforcerMap(policyName string, load *program.Program) *program.Map { - return program.MapBuilderPin(enforcerDataMapName, - fmt.Sprintf("%s_%s", enforcerDataMapName, policyName), load) +func enforcerMap(load *program.Program) *program.Map { + return program.MapBuilderType(enforcerDataMapName, load, program.MapTypePolicy) } func (kp *enforcerPolicy) enforcerGet(name string) (*enforcerHandler, bool) { @@ -315,7 +314,7 @@ func (kp *enforcerPolicy) createEnforcerSensor( return nil, fmt.Errorf("unexpected override method: %d", overrideMethod) } - enforcerDataMap := enforcerMap(policyName, load) + enforcerDataMap := enforcerMap(load) maps = append(maps, enforcerDataMap) if ok := kp.enforcerAdd(name, kh); !ok { @@ -325,9 +324,10 @@ func (kp *enforcerPolicy) createEnforcerSensor( logger.GetLogger().Infof("Added enforcer sensor '%s'", name) return &sensors.Sensor{ - Name: "__enforcer__", - Progs: progs, - Maps: maps, + Name: "__enforcer__", + Progs: progs, + Maps: maps, + Policy: policyName, PostUnloadHook: func() error { if ok := kp.enforcerDel(name); !ok { logger.GetLogger().Infof("Failed to clean up enforcer sensor '%s'", name) diff --git a/pkg/sensors/tracing/generickprobe.go b/pkg/sensors/tracing/generickprobe.go index 22ddc902792..ab41945331c 100644 --- a/pkg/sensors/tracing/generickprobe.go +++ b/pkg/sensors/tracing/generickprobe.go @@ -250,7 +250,7 @@ func filterMaps(load *program.Program, kprobeEntry *genericKprobe) []*program.Ma return maps } -func createMultiKprobeSensor(policyName string, multiIDs []idtable.EntryID) ([]*program.Program, []*program.Map, error) { +func createMultiKprobeSensor(multiIDs []idtable.EntryID) ([]*program.Program, []*program.Map, error) { var multiRetIDs []idtable.EntryID var progs []*program.Program var maps []*program.Map @@ -321,7 +321,7 @@ func createMultiKprobeSensor(policyName string, multiIDs []idtable.EntryID) ([]* maps = append(maps, socktrack) } - enforcerDataMap := enforcerMap(policyName, load) + enforcerDataMap := enforcerMap(load) maps = append(maps, enforcerDataMap) filterMap.SetMaxEntries(len(multiIDs)) @@ -569,7 +569,7 @@ func createGenericKprobeSensor( } if useMulti { - progs, maps, err = createMultiKprobeSensor(in.policyName, ids) + progs, maps, err = createMultiKprobeSensor(ids) } else { progs, maps, err = createSingleKprobeSensor(ids) } @@ -856,7 +856,7 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, maps = append(maps, socktrack) } - enforcerDataMap := enforcerMap(kprobeEntry.policyName, load) + enforcerDataMap := enforcerMap(load) maps = append(maps, enforcerDataMap) if kprobeEntry.loadArgs.retprobe { diff --git a/pkg/sensors/tracing/generictracepoint.go b/pkg/sensors/tracing/generictracepoint.go index 80d5a102372..511842131aa 100644 --- a/pkg/sensors/tracing/generictracepoint.go +++ b/pkg/sensors/tracing/generictracepoint.go @@ -481,7 +481,7 @@ func createGenericTracepointSensor( } maps = append(maps, matchBinariesPaths) - enforcerDataMap := enforcerMap(policyName, prog0) + enforcerDataMap := enforcerMap(prog0) maps = append(maps, enforcerDataMap) selMatchBinariesMap := program.MapBuilderType("tg_mb_sel_opts", prog0, program.MapTypeProgram)