This article is available at: https://www.ebpf.top/post/lsm_bpf_intro 1. Background on Security 2. General Framework of Kernel Security Policy Module LSM 2.1 Introduction to LSM Framework 2.2 Architecture of LSM 2.3 Hook Functions in LSM 3. LSM BPF 3.1 BCC Practice 3.2 libbpf-bootstrap Framework Practice 4. Summary 5. Appendix: Process of Finding LSM Hot Patch Kernel Vulnerabilities Monitoring Hook Points 1. Background on Security Internationally, computer security is summarized by three main characteristics: Confidentiality, Integrity, and Availability (CIA). Confidentiality means that data is not visible to unauthorized individuals. Integrity refers to information not being altered during storage or transmission. Availability implies that one’s devices can be used when needed. There are roughly four methods that computer systems employ to address security challenges: isolation, control, auditing, and obfuscation. Access control involves controlling access, representing the subject’s actions on objects. Access control primarily involves defining subjects and objects, operations, and setting access policies.……

Continue reading

Site link: https://www.ebpf.top/post/bpf2pbpf_tail_call Author: Richard Li (Original author’s permission obtained) Original article link: https://blog.csdn.net/weixin_43705457/article/details/123474244 1. Introduction 2. Tail Call 3. BPF to BPF Calls 4. CO-RE Sample 5. Tail Call Costs in eBPF 6. Summary 7. References 1. Introduction This article first introduces the general restrictions and usage of tail calls, compares them with BPF to BPF calls, and finally provides a modified version I made of the tail call sample in the kernel source code (using CO-RE). (When learning about tail calls, I struggled with not having a simple and understandable example that could run, so I ended up creating one myself. I believe this version is the most beginner-friendly and logically clear among all examples currently available). 2. Tail Call BPF provides a capability to safely inject code when kernel events and user program events occur, allowing non-kernel developers to control the kernel.……

Continue reading