From 6650d60f939fbd296e37e9c3d7819c0a43b6ed93 Mon Sep 17 00:00:00 2001
From: Andrei Fedotov <anfedotoff@yandex-team.ru>
Date: Tue, 9 Jul 2024 20:22:44 +0300
Subject: [PATCH] Add LSM TracingPolicy examples

Signed-off-by: Andrei Fedotov <anfedotoff@yandex-team.ru>
---
 examples/tracingpolicy/lsm_brm_check.yaml | 25 +++++++++++++++++++++++
 examples/tracingpolicy/lsm_file_open.yaml | 21 +++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 examples/tracingpolicy/lsm_brm_check.yaml
 create mode 100644 examples/tracingpolicy/lsm_file_open.yaml

diff --git a/examples/tracingpolicy/lsm_brm_check.yaml b/examples/tracingpolicy/lsm_brm_check.yaml
new file mode 100644
index 00000000000..3ba2d2f75de
--- /dev/null
+++ b/examples/tracingpolicy/lsm_brm_check.yaml
@@ -0,0 +1,25 @@
+
+apiVersion: cilium.io/v1alpha1
+kind: TracingPolicy
+metadata:
+  name: "lsm"
+spec:
+  lsmhooks:
+  - hook: "bprm_check_security"
+    args:
+      - index: 0
+        type: "linux_binprm"
+    selectors:
+    - matchBinaries:
+      - operator: "In"
+        values:
+        - "/usr/bin/zsh"
+        - "/usr/bin/bash"
+      matchArgs:
+        - index: 0
+          operator: "Postfix"
+          values:
+            - "contrib/tester-progs/nop"
+      matchActions:
+      - action: Override
+        argError: -1
diff --git a/examples/tracingpolicy/lsm_file_open.yaml b/examples/tracingpolicy/lsm_file_open.yaml
new file mode 100644
index 00000000000..74f896e6210
--- /dev/null
+++ b/examples/tracingpolicy/lsm_file_open.yaml
@@ -0,0 +1,21 @@
+apiVersion: cilium.io/v1alpha1
+kind: TracingPolicy
+metadata:
+  name: "lsm-file-open"
+spec:
+  lsmhooks:
+  - hook: "file_open"
+    args:
+      - index: 0
+        type: "file"
+    selectors:
+    - matchBinaries:
+      - operator: "In"
+        values:
+        - "/usr/bin/cat"
+      matchArgs:
+      - index: 0
+        operator: "Equal"
+        values:
+        - "/etc/passwd"
+        - "/etc/shadow"