Installation
Requirements
- Linux Kernel >= 5.10.0
- BTF(
CONFIG_DEBUG_INFO_BTF) must be enabled. - BPF LSM(
CONFIG_LSMwithbpf) must be enabled. This parameter can also be changed in the boot parameter.
- BTF(
Kernel Configuration
The kernel must have been compiled with the following flags set:
shell
CONFIG_BPF=y
CONFIG_BPF_SYSCALL=y
CONFIG_BPF_LSM=y
CONFIF_BPF_JIT=y
CONFIG_HAVE_EBPF_JIT=y
CONFIG_BPF_EVENTS=y
CONFIG_DEBUG_INTO_BTF=yKernel compile flags can usually be checked by looking at /proc/config.gz or /boot/config-<kernel-version>.
Also, the CONFIG_LSM flag must contain bpf. This can also be controlled by boot parameters as following:
shell
$ cat /etc/default/grub
...
GRUB_CMDLINE_LINUX="... lsm=lockdown,yama,apparmor,bpf"
...Finary, run update-grub2.
shell
sudo update-grub2Install
Download latest released binary
shell
$ make libbpf-static
$ make build
$ sudo ./build/safeguard --config config/safeguard.yml #|grep BLOCK遵循 木兰宽松许可证第2版(MulanPSL2)
遵循木兰宽松许可证第2版(MulanPSL2)
版权所有 © 2025 openEuler 保留一切权利
文档捉虫