Skip to content

Commit

Permalink
tetragon: log current lockdown security context
Browse files Browse the repository at this point in the history 
level=info msg="Tetragon current security context" AppArmor=unconfined Lockdown=none SELinux=unconfined Smack=

Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
  • Loading branch information
@tixxdz
tixxdz committed Mar 28, 2024
1 parent 89d1a84 commit 5576702
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions pkg/reader/proc/proc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,11 +277,24 @@ func LogCurrentSecurityContext() {
}
}

lockdown := ""
data, err := os.ReadFile("/sys/kernel/security/lockdown")
if err == nil && len(data) > 0 {
values := strings.TrimSpace(string(data))
i := strings.Index(values, "[")
j := strings.Index(values, "]")
if i >= 0 && j > i {
lockdown = values[i+1 : j]
logLSM = true
}
}

if logLSM {
logger.GetLogger().WithFields(logrus.Fields{
"SELinux": lsms["selinux"],
"AppArmor": lsms["apparmor"],
"Smack": lsms["smack"],
"Lockdown": lockdown,
}).Info("Tetragon current security context")
}
}

0 comments on commit 5576702

Please sign in to comment.