Youmuu's Ghostblade

Welcome to the Youmuu's Ghostblade! This project is an eBPF based container runtime engine.

How to use

Caution

It is highly recommended to run this project on Linux kernel version >= 6.8.0 to ensure compatibility and stability.

1. Clone your new repository

Clone your newly created repository to your local machine:

git clone https://github.com/bob-yamong/youmuu.git --recursive

Or after clone the repo, you can update the git submodule with following commands:

git submodule update --init --recursive

2. Install dependencies

For dependencies, it varies from distribution to distribution. You can refer to shell.nix and dockerfile for installation.

On Ubuntu, you may run make install or

sudo apt-get install -y --no-install-recommends \
        libelf1 libelf-dev zlib1g-dev \
        make clang llvm libyaml-dev libyaml-cpp-dev \
        build-essential libcurl4-openssl-dev libjson-c-dev \
        libpq-dev nlohmann-json3-dev

to install dependencies.

3. Activate BPF LSM Availability

One command

sudo bash lsm_config.bash

Manual

First, please confirm that your kernel version is higher than 5.7. Next, you can use the following command to check if BPF LSM support is enabled:

$ cat /boot/config-$(uname -r) | grep BPF_LSM
CONFIG_BPF_LSM=y

If the output contains CONFIG_BPF_LSM=y, BPF LSM is supported. Provided that the above conditions are met, you can use the following command to check if the output includes the bpf option:

$ cat /sys/kernel/security/lsm
ndlock,lockdown,yama,integrity,AppArmor,bpf

If the output does not include the bpf option (as in the example above), you can modify /etc/default/grub:

GRUB_CMDLINE_LINUX="lsm=ndlock,lockdown,yama,integrity,apparmor,bpf"

Then, update the grub configuration using the update-grub2 command (the corresponding command may vary depending on the system), and restart the system.

4. Build the project

To build the project, run the following command:

make build

5. Run the Project

You can run the binary with:

sudo src/lsm/enforcement
sudo src/tracepoint/tracepoint
sudo src/raw_tracepoint/raw_tracepoint

You should add your policy file into /policy/policy.yaml. You can check the policy file structure in Example policy.

Additional

You can print the kernel space log created by bpf_printk using following command.

sudo cat /sys/kernel/debug/tracing/trace_pipe

License

This project is licensed under the MIT License. See the LICENSE file for more information.

Name		Name	Last commit message	Last commit date
Latest commit History 611 Commits
.github		.github
bpftool @ dfffdea		bpftool @ dfffdea
libbpf @ caa17bd		libbpf @ caa17bd
src		src
vmlinux		vmlinux
.dockerignore		.dockerignore
.gitignore		.gitignore
.gitmodules		.gitmodules
Dockerfile		Dockerfile
Jenkinsfile		Jenkinsfile
LICENSE		LICENSE
Makefile		Makefile
PULL_REQUEST_TEMPLATE.md		PULL_REQUEST_TEMPLATE.md
README.md		README.md
docker-clean.sh		docker-clean.sh
lsm_config.bash		lsm_config.bash
policy.yaml		policy.yaml
supervisord.conf		supervisord.conf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Youmuu's Ghostblade

How to use

1. Clone your new repository

2. Install dependencies

3. Activate BPF LSM Availability

One command

Manual

4. Build the project

5. Run the Project

Additional

License

About

Uh oh!

Releases 2

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Youmuu's Ghostblade

How to use

1. Clone your new repository

2. Install dependencies

3. Activate BPF LSM Availability

One command

Manual

4. Build the project

5. Run the Project

Additional

License

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 2

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages