-
Notifications
You must be signed in to change notification settings - Fork 41
/
utils.go
86 lines (74 loc) · 1.73 KB
/
utils.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
package main
import (
"bufio"
"bytes"
"fmt"
"io"
"os"
"strings"
"syscall"
"errors"
"github.com/sirupsen/logrus"
)
// recoverAssets - Recover ebpf asset
func recoverAssets() io.ReaderAt {
buf, err := Asset("/probe.o")
if err != nil {
logrus.Fatal(errors.New(fmt.Sprintf("error:%v , couldn't find asset", err)))
}
return bytes.NewReader(buf)
}
// trigger - Creates and then removes a tmp folder to trigger the probes
func trigger() error {
logrus.Println("Generating events to trigger the probes ...")
// Creating a tmp directory to trigger the probes
tmpDir := "/tmp/test_folder"
logrus.Printf("creating %v", tmpDir)
err := os.MkdirAll(tmpDir, 0666)
if err != nil {
return err
}
// Removing a tmp directory to trigger the probes
logrus.Printf("removing %v", tmpDir)
return os.RemoveAll(tmpDir)
}
// Convert null-terminated int8 slice to byte slice
func int8SliceToByte(s []int8) []byte {
var b []byte
for _, v := range s {
if v == 0 {
break
}
b = append(b, byte(v))
}
return b
}
// Convert null-terminated byte slice to Go string
func byteToString(b []byte) string {
return string(b)
}
func checkSupportLSM() bool {
var uname syscall.Utsname
if err := syscall.Uname(&uname); err != nil {
return false
}
release := byteToString(int8SliceToByte(uname.Release[:]))
bootConfigPath := fmt.Sprintf("/boot/config-%s", release)
file, err := os.Open(bootConfigPath)
if err != nil {
return false
}
defer file.Close()
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := scanner.Text()
// check CONFIG_BPF_LSM=y
if strings.HasPrefix(line, "CONFIG_BPF_LSM=y") || strings.HasPrefix(line, "CONFIG_BPF_LSM=Y") {
return true
}
}
if err := scanner.Err(); err != nil {
return false
}
return false
}