Installation
Requirements
- Linux kernel 5.13.0
- BTF (
CONFIG_DEBUG_INFO_BTF) must be enabled. - BPF LSM (
CONFIG_LSMwithbpf) must be enabled. This parameter can also be changed in the boot parameter.
- BTF (
Kernel Configuration
The kernel must have been compiled with the following flags set:
shell
CONFIG_BPF=y
CONFIG_BPF_SYSCALL=y
CONFIG_BPF_LSM=y
CONFIF_BPF_JIT=y
CONFIG_HAVE_EBPF_JIT=y
CONFIG_BPF_EVENTS=y
CONFIG_DEBUG_INTO_BTF=yKernel compile flags can usually be checked in /proc/config.gz or /boot/config-<kernel-version>.
Also, the CONFIG_LSM flag must contain bpf. This can also be controlled by the following boot parameter:
shell
$ cat /etc/default/grub
...
GRUB_CMDLINE_LINUX="... lsm=lockdown,yama,apparmor,bpf"
...Finally, run update-grub2.
shell
sudo update-grub2Installation
Download the latest binary.
shell
make libbpf-static
make build
sudo ./build/safeguard --config config/safeguard.yml #|grep BLOCKLicensed under the MulanPSL2
Copyright © 2026 openEuler. All rights reserved.J. ICP B. No. 2020036654-1
J.G.W.A.B. No. 11030102011597
J.G.W.A.B. No. 11030102011597Licensed underthe MulanPSL2
Copyright © 2026 openEuler. All rights reserved.
Bug