Google Git
Sign in
cos / third_party / kernel / 7c1b7ce8c3f501fcf4a5f019bc03534e1081bdc7
commit7c1b7ce8c3f501fcf4a5f019bc03534e1081bdc7[log] [tgz]
authorThomas Garnier <thgarnie@google.com>Tue Oct 09 13:46:51 2018 -0700
committerVaibhav Rustagi <vaibhavrustagi@google.com>Mon Feb 24 17:04:55 2020 +0000
treed7f009a771567bcb3f3fbb06e88937e70403e8e2
parentba9376cb98ee509233e4f51a0fcd120fce53e698 [diff]
security: Container Monitoring LSM

The container monitoring LSM collects information about containerized
processes and relay it to a VMM backend through vsock or user-mode
through a shared pipe. It can be enabled and configured directly from
the VMM backend or from user-mode.

Information captured:
 - Process arguments.
 - Environment variables.
 - File layer for overlayfs.
 - stdin, stdout and stderr modes.
 - Unique identifier for processes.
 - Relay container information and link it to existing instances.
 - Process exit.

Enhancement included from original implementation:
 - Use workqueue to dispatch events to pipe or vsock.
 - Optimize memory usage to match target events in 99% cases.
 - Identify kubectl/docker exec session by using new pid_namespace field.
 - Fix process unique identifier to use the task group leader start time.
 - Fetch more information files. For example, on socket files fetch the
   family and full ip.
 - Track the first process writing a file on the upper overlayfs layer
   (ephemeral), using security extended attribtues (security.csm).
 - Track clone events.
 - Track mapping of files as executable (libraries).
 - When enabled, enumerate all existing processes.
 - Clean the pipe and all data when the LSM is disabled.
 - Add option to fully enabled the LSM at boot (used for testing only).
 - Disable vsock by default.
 - Expose stats through sysfs to identify dropped events or issues.
 - Add dependencies to MMU and x86_64.
 - Optimizations to nanopb build.

Include contributions from:
 - John Davis <kyuzo@google.com>
 - Peter Martincic <martincic@chromium.org>
 - Leo Linsky
 - Chi-fan Chu
 - Ming Zou

Messages are encoded using protobuf and nanopb. Github depot for
nanopb: https://github.com/nanopb/nanopb

BUG=b:148390640
TEST=Build, boot and GCP internal testing.
SOURCE=KTD

Signed-off-by: Thomas Garnier <thgarnie@chromium.org>
Tested-by: Thomas Garnier <thgarnie@chromium.org>
Change-Id: I15b97b6ad45edc2b5cec5b50a52a60cd4880024e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/lakitu-kernel/+/2062511
Commit-Queue: Vaibhav Rustagi <vaibhavrustagi@google.com>
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Tested-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
29 files changed
tree: d7f009a771567bcb3f3fbb06e88937e70403e8e2
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. PRESUBMIT.cfg
  37. README