{"id":20658092,"url":"https://github.com/deepfence/ebpfguard","last_synced_at":"2025-04-06T00:10:09.127Z","repository":{"id":156832876,"uuid":"617486220","full_name":"deepfence/ebpfguard","owner":"deepfence","description":"Rust library for writing Linux security policies using eBPF","archived":false,"fork":false,"pushed_at":"2024-01-22T04:50:36.000Z","size":4622,"stargazers_count":298,"open_issues_count":12,"forks_count":91,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-03-29T23:08:47.782Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/deepfence.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-22T13:49:40.000Z","updated_at":"2025-03-21T14:51:59.000Z","dependencies_parsed_at":null,"dependency_job_id":"ee980344-0776-4794-9054-ea006da6c827","html_url":"https://github.com/deepfence/ebpfguard","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2Febpfguard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2Febpfguard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2Febpfguard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/deepfence%2Febpfguard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/deepfence","download_url":"https://codeload.github.com/deepfence/ebpfguard/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247415972,"owners_count":20935387,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-16T18:24:44.845Z","updated_at":"2025-04-06T00:10:09.090Z","avatar_url":"https://github.com/deepfence.png","language":"Rust","funding_links":[],"categories":["eBPF Workflow: Tools and Utilities","Rust"],"sub_categories":["Aya"],"readme":"![Deepfence Logo](images/readme/deepfence-logo.png)\n\n[![GitHub license](https://img.shields.io/github/license/deepfence/ebpfguard)](https://github.com/deepfence/ebpfguard/blob/master/LICENSE)\n[![GitHub stars](https://img.shields.io/github/stars/deepfence/ebpfguard)](https://github.com/deepfence/ebpfguard/stargazers)\n[![Workflow Status](https://github.com/deepfence/ebpfguard/workflows/build-test/badge.svg)](https://github.com/deepfence/ebpfguard/actions?query=workflow)\n[![GitHub issues](https://img.shields.io/github/issues/deepfence/ebpfguard)](https://github.com/deepfence/ebpfguard/issues)\n[![Slack](https://img.shields.io/badge/slack-@deepfence-blue.svg?logo=slack)](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ)\n\u003ch3 align=\"center\"\u003e\n\u003ca\n    href=\"https://runacap.com/ross-index/annual-2022/\"\n    target=\"_blank\"\n    rel=\"noopener\"\n\u003e\n    \u003cimg\n        style=\"width: 260px; height: 56px\"\n        src=\"https://runacap.com/wp-content/uploads/2023/02/Annual_ROSS_badge_black_2022.svg\"\n        alt=\"ROSS Index - Fastest Growing Open-Source Startups | Runa Capital\"\n        width=\"260\"\n        height=\"56\"\n    /\u003e\n\u003c/a\u003e\n\u003c/h3\u003e\n\n# Ebpfguard\n\n**Ebpfguard** is a library for managing Linux security policies. It is based on\n[LSM hooks](https://www.kernel.org/doc/html/latest/admin-guide/LSM/index.html),\nbut without necessity to write any kernel modules or eBPF programs directly.\nIt allows to write policies in Rust (or YAML) in user space.\n\nIt's based on eBPF and [Aya](https://aya-rs.dev) library, but takes away\nthe need to use them directly.\n\n## Usage example\n\nDeny mount operation for all users.\n\n```rust\n    const BPF_MAPS_PATH: \u0026str = \"/sys/fs/bpf/example_sb_mount\";\n\n    // Create a directory where ebpfguard policy manager can store its BPF\n    // objects (maps).\n    std::fs::create_dir_all(BPF_MAPS_PATH)?;\n\n    // Create a policy manager.\n    let mut policy_manager = PolicyManager::new(BPF_MAPS_PATH)?;\n\n    // Attach the policy manager to the mount LSM hook.\n    let mut sb_mount = policy_manager.attach_sb_mount()?;\n\n    // Get the receiver end of the alerts channel (for the `file_open` LSM\n    // hook).\n    let mut sb_mount_rx = sb_mount.alerts().await?;\n\n    // Define policies which deny mount operations for all processes (except\n    // for the specified subject, if defined).\n    sb_mount\n        .add_policy(SbMount {\n            subject: PolicySubject::All,\n            allow: false,\n        })\n        .await?;\n\n    if let Some(alert) = sb_mount_rx.recv().await {\n        info!(\n            \"sb_mount alert: pid={} subject={}\",\n            alert.pid, alert.subject\n        );\n    }\n```\n\nImports and cargo file are available in [example source code](examples/readme_mount).\nFor more check out [examples doc](docs/gh/examples.md).\n\n## Supported LSM hooks\n\nLSM hooks supported by Ebpfguard are:\n\n* [`bprm_check_security`](https://elixir.bootlin.com/linux/v6.2.12/source/include/linux/lsm_hooks.h#L62)\n* [`file_open`](https://elixir.bootlin.com/linux/v6.2.12/source/include/linux/lsm_hooks.h#L620)\n* [`sb_mount`](https://elixir.bootlin.com/linux/v6.2.12/source/include/linux/lsm_hooks.h#L128)\n* [`sb_remount`](https://elixir.bootlin.com/linux/v6.2.12/source/include/linux/lsm_hooks.h#L147)\n* [`sb_umount`](https://elixir.bootlin.com/linux/v6.2.12/source/include/linux/lsm_hooks.h#L159)\n* [`socket_bind`](https://elixir.bootlin.com/linux/v6.2.12/source/include/linux/lsm_hooks.h#L904)\n* [`socket_connect`](https://elixir.bootlin.com/linux/v6.2.12/source/include/linux/lsm_hooks.h#L912)\n* [`task_fix_setuid`](https://elixir.bootlin.com/linux/v6.2.12/source/include/linux/lsm_hooks.h#L709)\n\n## Prerequisites\n\nCheck [prerequisites doc](docs/gh/prerequisites.md) to set up your environment.\n\n## Development\n\nCheck [development doc](docs/gh/development.md) for compillation and testing commands.\n\n## Get in touch\n\nThank you for using Ebpfguard. Please feel welcome to participate in the [Deepfence community](docs/gh/community.md).\n\n* [Deepfence Community Website](https://community.deepfence.io) \n* [\u003cimg src=\"https://img.shields.io/badge/slack-@deepfence-brightgreen.svg?logo=slack\"\u003e](https://join.slack.com/t/deepfence-community/shared_invite/zt-podmzle9-5X~qYx8wMaLt9bGWwkSdgQ) Got a question, need some help?  Find the Deepfence team on Slack\n* [![GitHub issues](https://img.shields.io/github/issues/deepfence/ebpfguard)](https://github.com/deepfence/ebpfguard/issues) Got a feature request or found a bug?  Raise an issue\n\u003c!-- * [![Documentation](https://img.shields.io/badge/documentation-read-green)](https://community.deepfence.io/docs/gh/ebpfguard/) Read the documentation in the [Deepfence Ebpfguard Documentation](https://community.deepfence.io/docs/gh/ebpfguard/) --\u003e\n\u003c!-- * [productsecurity at deepfence dot io](SECURITY.md): Found a security issue? Share it in confidence --\u003e\n* Find out more at [deepfence.io](https://deepfence.io/)\n\n## License\n\nEbpfguard's userspace part is licensed under\n[Apache License, version 2.0](https://github.com/deepfence/ebpfguard/blob/main/LICENSE).\n\neBPF programs inside ebpfguard-ebpf directory are licensed under\n[GNU General Public License, version 2](https://github.com/deepfence/ebpfguard/blob/main/ebpfguard-ebpf/LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeepfence%2Febpfguard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeepfence%2Febpfguard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeepfence%2Febpfguard/lists"}