You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is warning/disabling restricted to the system calls involved in the KubeArmor/KubeArmor/BPF/system_monitor.c file?
If so, is it possible to hook into raw_tracepoint/sys_enter, disable the system calls of the current process based on the system call number and the binary executable file path information of the task_struct, and then pass some key information to user space for further processing?"
The text was updated successfully, but these errors were encountered:
@dejavudwh KubeArmor does not allow custom syscalls. We have predefines set of hooks which are safe to work with to do enforcement. We specifically use BPF LSM for that.
I believe if you create a Block Policy for the process you want to Block. KubeArmor should already be blocking it without needing to hook into sys_enter.
Is warning/disabling restricted to the system calls involved in the
KubeArmor/KubeArmor/BPF/system_monitor.c
file?If so, is it possible to hook into
raw_tracepoint/sys_enter
, disable the system calls of the current process based on the system call number and the binary executable file path information of thetask_struct
, and then pass some key information to user space for further processing?"The text was updated successfully, but these errors were encountered: