diff --git a/.github/workflows/lint-helm.yaml b/.github/workflows/lint-helm.yaml index 7fd84a7a581..14c6931511a 100644 --- a/.github/workflows/lint-helm.yaml +++ b/.github/workflows/lint-helm.yaml @@ -13,7 +13,6 @@ on: - 'install/kubernetes/**' - 'pkg/k8s/apis/cilium.io/client/crds/v1alpha1/*.yaml' - '.github/workflows/lint-helm.yaml' - workflow_call: permissions: pull-requests: write @@ -27,47 +26,33 @@ jobs: generated-files: runs-on: ubuntu-latest steps: - # Get source - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - name: Checkout source code + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - # Check / install dependencies - - name: Check if vendored openapi2jsonschema.py script is up to date + # Build Tetragon Helm chart + - name: Check if Tetragon Helm chart is up to date run: | - make -C install/kubernetes openapi2jsonschema.py - test -z "$(git status --porcelain)" - if [ $? != 0 ]; then - git status --porcelain - echo "Vendored openapi2jsonschema.py script is out of date." - echo "Please run 'make -C install/kubernetes openapi2jsonschema.py' and submit your changes."; exit 1 - fi - - name: Check if vendored CRD JSON schemas are up to date - run: | - make -C install/kubernetes generate-jsonschemas + make -C install/kubernetes test -z "$(git status --porcelain)" if [ $? != 0 ]; then git status --porcelain - echo "Vendored CRD JSON schemas are out of date." - echo "Please run 'make -C install/kubernetes generate-jsonschemas' and submit your changes."; exit 1 + echo "The Tetragon Helm chart is outdated." + echo "Please run 'make -C install/kubernetes' and submit your changes."; exit 1 fi - - name: Install Helm CLI # Required for the Helm chart templating - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - # Validate Helm chart - - name: Generate Helm chart - id: generate_helm_chart - run: | - make -C install/kubernetes - - name: Validate generated files + # Validate Tetragon Helm chart + - name: Check if openapi2jsonschema.py is up-to-date + id: validate_openapi2jsonschema_script run: | + make -C install/kubernetes openapi2jsonschema.py test -z "$(git status --porcelain)" if [ $? != 0 ]; then git status --porcelain - echo "Please run 'make -C install/kubernetes' and submit your changes."; exit 1 + echo "openapi2jsonschema.py seems to be outdated." + echo "Please run 'make -C install/kubernetes openapi2jsonschema.py' and submit your changes."; exit 1 fi - - # (Re-)run Kubeconform checks explicitly once again to catch specific errors in that regard (to get the STDOUT/STDERR) - name: Run Kubeconform with minimum supported K8s version - if: success() || steps.generate_helm_chart.outcome == 'failure' + if: success() || steps.validate_openapi2jsonschema_script.outcome == 'failure' id: kubeconform_min_k8s_version uses: mathiasvr/command-output@34408ea3d0528273faff3d9e201761ae96106cd0 # v2.0.0 with: @@ -75,7 +60,7 @@ jobs: run: | make -C install/kubernetes kubeconform K8S_VERSION=${{ env.MIN_K8S_VERSION }} - name: Run Kubeconform with latest K8s version - if: success() || steps.generate_helm_chart.outcome == 'failure' + if: success() || steps.validate_openapi2jsonschema_script.outcome == 'failure' id: kubeconform_latest_k8s_version uses: mathiasvr/command-output@34408ea3d0528273faff3d9e201761ae96106cd0 # v2.0.0 with: diff --git a/install/kubernetes/Makefile b/install/kubernetes/Makefile index efd6a679cf9..67300846525 100644 --- a/install/kubernetes/Makefile +++ b/install/kubernetes/Makefile @@ -1,39 +1,63 @@ # SPDX-License-Identifier: Apache-2.0 # Copyright Authors of Tetragon +include ../../Makefile.defs + +# +# -- Images +# # renovate: datasource=docker -HELM_IMAGE=docker.io/alpine/helm:3.16.1@sha256:e057182827e6273fc7e64b8b2b8809cbb71d84e0dd0f88310712f45879854062 +HELM_IMAGE = docker.io/alpine/helm:3.16.1@sha256:e057182827e6273fc7e64b8b2b8809cbb71d84e0dd0f88310712f45879854062 # renovate: datasource=docker -KUBECONFORM_IMAGE=ghcr.io/yannh/kubeconform:v0.6.7-alpine@sha256:824e0c248809e4b2da2a768b16b107cf17ada88a89ec6aa6050e566ba93ebbc6 +KUBECONFORM_IMAGE = ghcr.io/yannh/kubeconform:v0.6.7-alpine@sha256:824e0c248809e4b2da2a768b16b107cf17ada88a89ec6aa6050e566ba93ebbc6 # renovate: datasource=docker -HELMDOCS_IMAGE=docker.io/jnorwood/helm-docs:v1.14.2@sha256:7e562b49ab6b1dbc50c3da8f2dd6ffa8a5c6bba327b1c6335cc15ce29267979c -# renovate: datasource=github-releases depName=yannh/kubeconform -KUBECONFORM_VERSION := v0.6.7 +HELMDOCS_IMAGE = docker.io/jnorwood/helm-docs:v1.14.2@sha256:7e562b49ab6b1dbc50c3da8f2dd6ffa8a5c6bba327b1c6335cc15ce29267979c # renovate: datasource=docker -PYTHON_IMAGE := docker.io/python:3.12-slim-bookworm -K8S_VERSION := master -HELM_VALUES_OVERRIDE := "helm_lint_values_override.yaml" +PYTHON_IMAGE = docker.io/python:3.12-slim-bookworm -REPO_ROOT := $(shell git rev-parse --show-toplevel) -TETRAGON_CHART := tetragon -CRDS_RELATIVE_DIR := pkg/k8s/apis/cilium.io/client/crds/v1alpha1 -CRDS := $(REPO_ROOT)/$(CRDS_RELATIVE_DIR) -JSON_SCHEMAS := $(REPO_ROOT)/install/kubernetes/schemas +# +# -- Versions +# +# renovate: datasource=github-releases depName=yannh/kubeconform +KUBECONFORM_VERSION = v0.6.7 +K8S_VERSION = master -HELM ?= docker run --rm -v $(CURDIR)/$(TETRAGON_CHART):/apps -v $(CURDIR)/$(HELM_VALUES_OVERRIDE):/$(HELM_VALUES_OVERRIDE) $(HELM_IMAGE) -PYTHON ?= docker run --rm -v $(REPO_ROOT):/code --workdir=/code/install/kubernetes -e FILENAME_FORMAT='{kind}-{fullgroup}' $(PYTHON_IMAGE) +# +# -- Variables +# +HELM_VALUES_OVERRIDE = helm_lint_values_override.yaml +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +TETRAGON_CHART = tetragon +CRDS_RELATIVE_DIR = pkg/k8s/apis/cilium.io/client/crds/v1alpha1 +CRDS := $(ROOT_DIR)/$(CRDS_RELATIVE_DIR) +JSON_SCHEMAS := $(ROOT_DIR)/install/kubernetes/schemas -.PHONY: all -all: $(TETRAGON_CHART)/crds-yaml lint docs generate-jsonschemas kubeconform +# +# -- Commands +# +PYTHON := docker run --rm \ + -v $(ROOT_DIR):/code \ + --workdir=/code/install/kubernetes \ + -e FILENAME_FORMAT='{kind}-{fullgroup}' \ + $(PYTHON_IMAGE) +HELM := docker run --rm -u $(shell id -u):$(shell id -g) \ + -v $(CURDIR)/$(TETRAGON_CHART):/apps \ + -v $(CURDIR)/$(HELM_VALUES_OVERRIDE):/$(HELM_VALUES_OVERRIDE) \ + $(HELM_IMAGE) -.PHONY: lint -lint: - $(HELM) lint . --with-subcharts +# +# -- Make targets +# + +##@ Build + +.PHONY: all +all: docs $(TETRAGON_CHART)/crds-yaml .PHONY: docs -docs: +docs: ## Generate Helm docs for the README.md docker run --rm -v $(CURDIR)/$(TETRAGON_CHART):/helm-docs -u $$(id -u) $(HELMDOCS_IMAGE) - ./export-doc.sh $(REPO_ROOT)/docs/content/en/docs/reference/helm-chart.md + ./export-doc.sh $(ROOT_DIR)/docs/content/en/docs/reference/helm-chart.md # NB: Helm has an "official" way to install CRDs which requires simply putting # them in the crds directory. This method doesn't prevents accidental deletion @@ -45,21 +69,32 @@ docs: $(TETRAGON_CHART)/crds-yaml: $(CRDS) cp -rf $(CRDS)/. $(TETRAGON_CHART)/crds-yaml -# openapi2jsonschema.py script generating JSON schema from the CRD YAML spec. +##@ Validation + +.PHONY: validation +validation: ## Validate/lint the Helm chart and all its resources + $(MAKE) lint + $(MAKE) kubeconform + .PHONY: openapi2jsonschema.py -openapi2jsonschema.py: +openapi2jsonschema.py: ## openapi2jsonschema.py script generating JSON schema from the CRD YAML spec. curl -sSfLO https://raw.githubusercontent.com/yannh/kubeconform/$(KUBECONFORM_VERSION)/scripts/$@ -# To validate (using openapi2jsonschema.py) default Ruleset policies included in the Helm chart, we need to pass the -# JSON schema of the TracingPolicy CRD. This target generates such schema. -.PHONY: generate-jsonschemas -generate-jsonschemas: $(CRDS) - mkdir -p $(JSON_SCHEMAS)/ - $(PYTHON) /bin/bash -c "pip install pyyaml && python /code/install/kubernetes/openapi2jsonschema.py /code/$(CRDS_RELATIVE_DIR)/*" - mv $(REPO_ROOT)/install/kubernetes/*-cilium.io.json $(JSON_SCHEMAS)/ +.PHONY: lint +lint: ## Lint the Helm chart + $(HELM) lint . --with-subcharts .PHONY: kubeconform +# Run kubeconform Helm chart validation checks to validate the templated +# Kubernetes (custom) resources against their spec. +# To validate potentially included Tetragon CRs in the Helm chart (using +# openapi2jsonschema.py), we need to have the JSON schema of the TracingPolicy +# CRD. Skip validating the Tetragon CRDs themselves (circular dependency). +kubeconform: ## Validate Helm chart using kubeconform kubeconform: + mkdir -p $(JSON_SCHEMAS)/ + $(PYTHON) /bin/bash -c "pip install pyyaml && python /code/install/kubernetes/openapi2jsonschema.py /code/$(CRDS_RELATIVE_DIR)/*" + mv $(ROOT_DIR)/install/kubernetes/*-cilium.io.json $(JSON_SCHEMAS)/ @echo "## Testing Helm chart: \"$(TETRAGON_CHART)\"" $(HELM) template $(TETRAGON_CHART) . \ -f values.yaml \ @@ -72,4 +107,10 @@ kubeconform: -skip CustomResourceDefinition \ -strict \ -kubernetes-version $(K8S_VERSION) - @echo "" + rm -rf $(JSON_SCHEMAS)/ + +##@ Documentation + +.PHONY: help +help: ## Display this help, based on https://www.thapaliya.com/en/writings/well-documented-makefiles/ + $(call print_help_from_comments) \ No newline at end of file diff --git a/install/kubernetes/schemas/podinfo-cilium.io.json b/install/kubernetes/schemas/podinfo-cilium.io.json deleted file mode 100644 index 23d480d6a34..00000000000 --- a/install/kubernetes/schemas/podinfo-cilium.io.json +++ /dev/null @@ -1,81 +0,0 @@ -{ - "description": "PodInfo is the Scheme for the Podinfo API", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "type": "object" - }, - "spec": { - "properties": { - "hostNetwork": { - "description": "Host networking requested for this pod. Use the host's network namespace.\nIf this option is set, the ports that will be used must be specified.", - "type": "boolean" - } - }, - "type": "object", - "additionalProperties": false - }, - "status": { - "properties": { - "podIP": { - "description": "IP address allocated to the pod. Routable at least within the cluster.\nEmpty if not yet allocated.", - "type": "string" - }, - "podIPs": { - "description": "List of Ip addresses allocated to the pod. 0th entry must be same as PodIP.", - "items": { - "properties": { - "IP": { - "description": "IP is an IP address (IPv4 or IPv6) assigned to the pod", - "type": "string" - } - }, - "type": "object", - "additionalProperties": false - }, - "type": "array" - } - }, - "type": "object", - "additionalProperties": false - }, - "workloadObject": { - "description": "Workload that created this pod.", - "properties": { - "name": { - "description": "Name of the object.", - "type": "string" - }, - "namespace": { - "description": "Namespace of this object.", - "type": "string" - } - }, - "type": "object", - "additionalProperties": false - }, - "workloadType": { - "description": "Workload type (e.g. \"Deployment\", \"Daemonset\") that created this pod.", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - } - }, - "type": "object", - "additionalProperties": false - } - }, - "type": "object" -} diff --git a/install/kubernetes/schemas/tracingpolicy-cilium.io.json b/install/kubernetes/schemas/tracingpolicy-cilium.io.json deleted file mode 100644 index 5476d879048..00000000000 --- a/install/kubernetes/schemas/tracingpolicy-cilium.io.json +++ /dev/null @@ -1,2944 +0,0 @@ -{ - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "type": "object" - }, - "spec": { - "description": "Tracing policy specification.", - "properties": { - "containerSelector": { - "description": "ContainerSelector selects containers that this policy applies to.\nA map of container fields will be constructed in the same way as a map of labels.\nThe name of the field represents the label \"key\", and the value of the field - label \"value\".\nCurrently, only the \"name\" field is supported.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "enum": [ - "In", - "NotIn", - "Exists", - "DoesNotExist" - ], - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", - "maxLength": 63, - "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic", - "additionalProperties": false - }, - "enforcers": { - "description": "A enforcer spec.", - "items": { - "properties": { - "calls": { - "description": "Calls where enforcer is executed in", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "calls" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "kprobes": { - "description": "A list of kprobe specs.", - "items": { - "properties": { - "args": { - "description": "A list of function arguments to include in the trace output.", - "items": { - "properties": { - "index": { - "description": "Position of the argument.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "label": { - "description": "Label to output in the JSON", - "type": "string" - }, - "maxData": { - "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", - "type": "boolean" - }, - "returnCopy": { - "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", - "type": "boolean" - }, - "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "type": { - "default": "auto", - "description": "Argument type.", - "enum": [ - "auto", - "int", - "int8", - "uint8", - "int16", - "uint16", - "uint32", - "int32", - "uint64", - "int64", - "char_buf", - "char_iovec", - "size_t", - "skb", - "sock", - "string", - "fd", - "file", - "filename", - "path", - "nop", - "bpf_attr", - "perf_event", - "bpf_map", - "user_namespace", - "capability", - "kiocb", - "iov_iter", - "cred", - "load_info", - "module", - "syscall64", - "kernel_cap_t", - "cap_inheritable", - "cap_permitted", - "cap_effective", - "linux_binprm", - "data_loc", - "net_device", - "bpf_cmd" - ], - "type": "string" - } - }, - "required": [ - "index", - "type" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "call": { - "description": "Name of the function to apply the kprobe spec to.", - "type": "string" - }, - "message": { - "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", - "type": "string" - }, - "return": { - "default": false, - "description": "Indicates whether to collect return value of the traced function.", - "type": "boolean" - }, - "returnArg": { - "description": "A return argument to include in the trace output.", - "properties": { - "index": { - "description": "Position of the argument.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "label": { - "description": "Label to output in the JSON", - "type": "string" - }, - "maxData": { - "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", - "type": "boolean" - }, - "returnCopy": { - "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", - "type": "boolean" - }, - "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "type": { - "default": "auto", - "description": "Argument type.", - "enum": [ - "auto", - "int", - "int8", - "uint8", - "int16", - "uint16", - "uint32", - "int32", - "uint64", - "int64", - "char_buf", - "char_iovec", - "size_t", - "skb", - "sock", - "string", - "fd", - "file", - "filename", - "path", - "nop", - "bpf_attr", - "perf_event", - "bpf_map", - "user_namespace", - "capability", - "kiocb", - "iov_iter", - "cred", - "load_info", - "module", - "syscall64", - "kernel_cap_t", - "cap_inheritable", - "cap_permitted", - "cap_effective", - "linux_binprm", - "data_loc", - "net_device", - "bpf_cmd" - ], - "type": "string" - } - }, - "required": [ - "index", - "type" - ], - "type": "object", - "additionalProperties": false - }, - "returnArgAction": { - "description": "An action to perform on the return argument.\nAvailable actions are: Post;TrackSock;UntrackSock", - "type": "string" - }, - "selectors": { - "description": "Selectors to apply before producing trace output. Selectors are ORed.", - "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", - "properties": { - "matchActions": { - "description": "A list of actions to execute when this selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchBinaries": { - "description": "A list of binary exec name filters.", - "items": { - "properties": { - "followChildren": { - "default": false, - "description": "In addition to binaries, match children processes of specified binaries.", - "type": "boolean" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "In", - "NotIn", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilities": { - "description": "A list of capabilities and IDs", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilityChanges": { - "description": "IDs for capabilities changes", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaceChanges": { - "description": "IDs for namespace changes", - "items": { - "properties": { - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace types (e.g., Mnt, Pid) to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaces": { - "description": "A list of namespaces and IDs", - "items": { - "properties": { - "namespace": { - "description": "Namespace selector name.", - "enum": [ - "Uts", - "Ipc", - "Mnt", - "Pid", - "PidForChildren", - "Net", - "Time", - "TimeForChildren", - "Cgroup", - "User" - ], - "type": "string" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace IDs (or host_ns for host namespace) of namespaces to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "namespace", - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchPIDs": { - "description": "A list of process ID filters. MatchPIDs are ANDed.", - "items": { - "properties": { - "followForks": { - "default": false, - "description": "Matches any descendant processes of the matching PIDs.", - "type": "boolean" - }, - "isNamespacePID": { - "default": false, - "description": "Indicates whether PIDs are namespace PIDs.", - "type": "boolean" - }, - "operator": { - "description": "PID selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Process IDs to match.", - "items": { - "format": "int32", - "type": "integer" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnActions": { - "description": "A list of actions to execute when MatchReturnArgs selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - } - }, - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "syscall": { - "default": true, - "description": "Indicates whether the traced function is a syscall.", - "type": "boolean" - }, - "tags": { - "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", - "items": { - "type": "string" - }, - "maxItems": 16, - "type": "array" - } - }, - "required": [ - "call" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "lists": { - "description": "A list of list specs.", - "items": { - "properties": { - "name": { - "description": "Name of the list", - "type": "string" - }, - "pattern": { - "description": "Pattern for 'generated' lists.", - "type": "string" - }, - "type": { - "description": "Indicates the type of the list values.", - "enum": [ - "syscalls", - "generated_syscalls", - "generated_ftrace" - ], - "type": "string" - }, - "validated": { - "description": "List was validated", - "type": "boolean" - }, - "values": { - "description": "Values of the list", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "name" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "loader": { - "description": "Enable loader events", - "type": "boolean" - }, - "lsmhooks": { - "description": "A list of uprobe specs.", - "items": { - "properties": { - "args": { - "description": "A list of function arguments to include in the trace output.", - "items": { - "properties": { - "index": { - "description": "Position of the argument.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "label": { - "description": "Label to output in the JSON", - "type": "string" - }, - "maxData": { - "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", - "type": "boolean" - }, - "returnCopy": { - "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", - "type": "boolean" - }, - "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "type": { - "default": "auto", - "description": "Argument type.", - "enum": [ - "auto", - "int", - "int8", - "uint8", - "int16", - "uint16", - "uint32", - "int32", - "uint64", - "int64", - "char_buf", - "char_iovec", - "size_t", - "skb", - "sock", - "string", - "fd", - "file", - "filename", - "path", - "nop", - "bpf_attr", - "perf_event", - "bpf_map", - "user_namespace", - "capability", - "kiocb", - "iov_iter", - "cred", - "load_info", - "module", - "syscall64", - "kernel_cap_t", - "cap_inheritable", - "cap_permitted", - "cap_effective", - "linux_binprm", - "data_loc", - "net_device", - "bpf_cmd" - ], - "type": "string" - } - }, - "required": [ - "index", - "type" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "hook": { - "description": "Name of the function to apply the kprobe spec to.", - "type": "string" - }, - "message": { - "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", - "type": "string" - }, - "selectors": { - "description": "Selectors to apply before producing trace output. Selectors are ORed.", - "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", - "properties": { - "matchActions": { - "description": "A list of actions to execute when this selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchBinaries": { - "description": "A list of binary exec name filters.", - "items": { - "properties": { - "followChildren": { - "default": false, - "description": "In addition to binaries, match children processes of specified binaries.", - "type": "boolean" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "In", - "NotIn", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilities": { - "description": "A list of capabilities and IDs", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilityChanges": { - "description": "IDs for capabilities changes", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaceChanges": { - "description": "IDs for namespace changes", - "items": { - "properties": { - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace types (e.g., Mnt, Pid) to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaces": { - "description": "A list of namespaces and IDs", - "items": { - "properties": { - "namespace": { - "description": "Namespace selector name.", - "enum": [ - "Uts", - "Ipc", - "Mnt", - "Pid", - "PidForChildren", - "Net", - "Time", - "TimeForChildren", - "Cgroup", - "User" - ], - "type": "string" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace IDs (or host_ns for host namespace) of namespaces to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "namespace", - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchPIDs": { - "description": "A list of process ID filters. MatchPIDs are ANDed.", - "items": { - "properties": { - "followForks": { - "default": false, - "description": "Matches any descendant processes of the matching PIDs.", - "type": "boolean" - }, - "isNamespacePID": { - "default": false, - "description": "Indicates whether PIDs are namespace PIDs.", - "type": "boolean" - }, - "operator": { - "description": "PID selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Process IDs to match.", - "items": { - "format": "int32", - "type": "integer" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnActions": { - "description": "A list of actions to execute when MatchReturnArgs selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - } - }, - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "tags": { - "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", - "items": { - "type": "string" - }, - "maxItems": 16, - "type": "array" - } - }, - "required": [ - "hook" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "options": { - "description": "A list of overloaded options", - "items": { - "properties": { - "name": { - "description": "Name of the option", - "type": "string" - }, - "value": { - "description": "Value of the option", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "podSelector": { - "description": "PodSelector selects pods that this policy applies to", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "enum": [ - "In", - "NotIn", - "Exists", - "DoesNotExist" - ], - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", - "maxLength": 63, - "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic", - "additionalProperties": false - }, - "tracepoints": { - "description": "A list of tracepoint specs.", - "items": { - "properties": { - "args": { - "description": "A list of function arguments to include in the trace output.", - "items": { - "properties": { - "index": { - "description": "Position of the argument.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "label": { - "description": "Label to output in the JSON", - "type": "string" - }, - "maxData": { - "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", - "type": "boolean" - }, - "returnCopy": { - "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", - "type": "boolean" - }, - "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "type": { - "default": "auto", - "description": "Argument type.", - "enum": [ - "auto", - "int", - "int8", - "uint8", - "int16", - "uint16", - "uint32", - "int32", - "uint64", - "int64", - "char_buf", - "char_iovec", - "size_t", - "skb", - "sock", - "string", - "fd", - "file", - "filename", - "path", - "nop", - "bpf_attr", - "perf_event", - "bpf_map", - "user_namespace", - "capability", - "kiocb", - "iov_iter", - "cred", - "load_info", - "module", - "syscall64", - "kernel_cap_t", - "cap_inheritable", - "cap_permitted", - "cap_effective", - "linux_binprm", - "data_loc", - "net_device", - "bpf_cmd" - ], - "type": "string" - } - }, - "required": [ - "index", - "type" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "event": { - "description": "Tracepoint event", - "type": "string" - }, - "message": { - "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", - "type": "string" - }, - "selectors": { - "description": "Selectors to apply before producing trace output. Selectors are ORed.", - "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", - "properties": { - "matchActions": { - "description": "A list of actions to execute when this selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchBinaries": { - "description": "A list of binary exec name filters.", - "items": { - "properties": { - "followChildren": { - "default": false, - "description": "In addition to binaries, match children processes of specified binaries.", - "type": "boolean" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "In", - "NotIn", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilities": { - "description": "A list of capabilities and IDs", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilityChanges": { - "description": "IDs for capabilities changes", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaceChanges": { - "description": "IDs for namespace changes", - "items": { - "properties": { - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace types (e.g., Mnt, Pid) to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaces": { - "description": "A list of namespaces and IDs", - "items": { - "properties": { - "namespace": { - "description": "Namespace selector name.", - "enum": [ - "Uts", - "Ipc", - "Mnt", - "Pid", - "PidForChildren", - "Net", - "Time", - "TimeForChildren", - "Cgroup", - "User" - ], - "type": "string" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace IDs (or host_ns for host namespace) of namespaces to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "namespace", - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchPIDs": { - "description": "A list of process ID filters. MatchPIDs are ANDed.", - "items": { - "properties": { - "followForks": { - "default": false, - "description": "Matches any descendant processes of the matching PIDs.", - "type": "boolean" - }, - "isNamespacePID": { - "default": false, - "description": "Indicates whether PIDs are namespace PIDs.", - "type": "boolean" - }, - "operator": { - "description": "PID selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Process IDs to match.", - "items": { - "format": "int32", - "type": "integer" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnActions": { - "description": "A list of actions to execute when MatchReturnArgs selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - } - }, - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "subsystem": { - "description": "Tracepoint subsystem", - "type": "string" - }, - "tags": { - "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", - "items": { - "type": "string" - }, - "maxItems": 16, - "type": "array" - } - }, - "required": [ - "event", - "subsystem" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "uprobes": { - "description": "A list of uprobe specs.", - "items": { - "properties": { - "args": { - "description": "A list of function arguments to include in the trace output.", - "items": { - "properties": { - "index": { - "description": "Position of the argument.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "label": { - "description": "Label to output in the JSON", - "type": "string" - }, - "maxData": { - "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", - "type": "boolean" - }, - "returnCopy": { - "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", - "type": "boolean" - }, - "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "type": { - "default": "auto", - "description": "Argument type.", - "enum": [ - "auto", - "int", - "int8", - "uint8", - "int16", - "uint16", - "uint32", - "int32", - "uint64", - "int64", - "char_buf", - "char_iovec", - "size_t", - "skb", - "sock", - "string", - "fd", - "file", - "filename", - "path", - "nop", - "bpf_attr", - "perf_event", - "bpf_map", - "user_namespace", - "capability", - "kiocb", - "iov_iter", - "cred", - "load_info", - "module", - "syscall64", - "kernel_cap_t", - "cap_inheritable", - "cap_permitted", - "cap_effective", - "linux_binprm", - "data_loc", - "net_device", - "bpf_cmd" - ], - "type": "string" - } - }, - "required": [ - "index", - "type" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "message": { - "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", - "type": "string" - }, - "path": { - "description": "Name of the traced binary", - "type": "string" - }, - "selectors": { - "description": "Selectors to apply before producing trace output. Selectors are ORed.", - "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", - "properties": { - "matchActions": { - "description": "A list of actions to execute when this selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchBinaries": { - "description": "A list of binary exec name filters.", - "items": { - "properties": { - "followChildren": { - "default": false, - "description": "In addition to binaries, match children processes of specified binaries.", - "type": "boolean" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "In", - "NotIn", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilities": { - "description": "A list of capabilities and IDs", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilityChanges": { - "description": "IDs for capabilities changes", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaceChanges": { - "description": "IDs for namespace changes", - "items": { - "properties": { - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace types (e.g., Mnt, Pid) to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaces": { - "description": "A list of namespaces and IDs", - "items": { - "properties": { - "namespace": { - "description": "Namespace selector name.", - "enum": [ - "Uts", - "Ipc", - "Mnt", - "Pid", - "PidForChildren", - "Net", - "Time", - "TimeForChildren", - "Cgroup", - "User" - ], - "type": "string" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace IDs (or host_ns for host namespace) of namespaces to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "namespace", - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchPIDs": { - "description": "A list of process ID filters. MatchPIDs are ANDed.", - "items": { - "properties": { - "followForks": { - "default": false, - "description": "Matches any descendant processes of the matching PIDs.", - "type": "boolean" - }, - "isNamespacePID": { - "default": false, - "description": "Indicates whether PIDs are namespace PIDs.", - "type": "boolean" - }, - "operator": { - "description": "PID selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Process IDs to match.", - "items": { - "format": "int32", - "type": "integer" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnActions": { - "description": "A list of actions to execute when MatchReturnArgs selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - } - }, - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "symbols": { - "description": "List of the traced symbols", - "items": { - "type": "string" - }, - "type": "array" - }, - "tags": { - "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", - "items": { - "type": "string" - }, - "maxItems": 16, - "type": "array" - } - }, - "required": [ - "path", - "symbols" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - } - }, - "type": "object", - "additionalProperties": false - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" -} diff --git a/install/kubernetes/schemas/tracingpolicynamespaced-cilium.io.json b/install/kubernetes/schemas/tracingpolicynamespaced-cilium.io.json deleted file mode 100644 index 5476d879048..00000000000 --- a/install/kubernetes/schemas/tracingpolicynamespaced-cilium.io.json +++ /dev/null @@ -1,2944 +0,0 @@ -{ - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "type": "object" - }, - "spec": { - "description": "Tracing policy specification.", - "properties": { - "containerSelector": { - "description": "ContainerSelector selects containers that this policy applies to.\nA map of container fields will be constructed in the same way as a map of labels.\nThe name of the field represents the label \"key\", and the value of the field - label \"value\".\nCurrently, only the \"name\" field is supported.", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "enum": [ - "In", - "NotIn", - "Exists", - "DoesNotExist" - ], - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", - "maxLength": 63, - "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic", - "additionalProperties": false - }, - "enforcers": { - "description": "A enforcer spec.", - "items": { - "properties": { - "calls": { - "description": "Calls where enforcer is executed in", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "calls" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "kprobes": { - "description": "A list of kprobe specs.", - "items": { - "properties": { - "args": { - "description": "A list of function arguments to include in the trace output.", - "items": { - "properties": { - "index": { - "description": "Position of the argument.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "label": { - "description": "Label to output in the JSON", - "type": "string" - }, - "maxData": { - "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", - "type": "boolean" - }, - "returnCopy": { - "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", - "type": "boolean" - }, - "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "type": { - "default": "auto", - "description": "Argument type.", - "enum": [ - "auto", - "int", - "int8", - "uint8", - "int16", - "uint16", - "uint32", - "int32", - "uint64", - "int64", - "char_buf", - "char_iovec", - "size_t", - "skb", - "sock", - "string", - "fd", - "file", - "filename", - "path", - "nop", - "bpf_attr", - "perf_event", - "bpf_map", - "user_namespace", - "capability", - "kiocb", - "iov_iter", - "cred", - "load_info", - "module", - "syscall64", - "kernel_cap_t", - "cap_inheritable", - "cap_permitted", - "cap_effective", - "linux_binprm", - "data_loc", - "net_device", - "bpf_cmd" - ], - "type": "string" - } - }, - "required": [ - "index", - "type" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "call": { - "description": "Name of the function to apply the kprobe spec to.", - "type": "string" - }, - "message": { - "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", - "type": "string" - }, - "return": { - "default": false, - "description": "Indicates whether to collect return value of the traced function.", - "type": "boolean" - }, - "returnArg": { - "description": "A return argument to include in the trace output.", - "properties": { - "index": { - "description": "Position of the argument.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "label": { - "description": "Label to output in the JSON", - "type": "string" - }, - "maxData": { - "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", - "type": "boolean" - }, - "returnCopy": { - "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", - "type": "boolean" - }, - "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "type": { - "default": "auto", - "description": "Argument type.", - "enum": [ - "auto", - "int", - "int8", - "uint8", - "int16", - "uint16", - "uint32", - "int32", - "uint64", - "int64", - "char_buf", - "char_iovec", - "size_t", - "skb", - "sock", - "string", - "fd", - "file", - "filename", - "path", - "nop", - "bpf_attr", - "perf_event", - "bpf_map", - "user_namespace", - "capability", - "kiocb", - "iov_iter", - "cred", - "load_info", - "module", - "syscall64", - "kernel_cap_t", - "cap_inheritable", - "cap_permitted", - "cap_effective", - "linux_binprm", - "data_loc", - "net_device", - "bpf_cmd" - ], - "type": "string" - } - }, - "required": [ - "index", - "type" - ], - "type": "object", - "additionalProperties": false - }, - "returnArgAction": { - "description": "An action to perform on the return argument.\nAvailable actions are: Post;TrackSock;UntrackSock", - "type": "string" - }, - "selectors": { - "description": "Selectors to apply before producing trace output. Selectors are ORed.", - "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", - "properties": { - "matchActions": { - "description": "A list of actions to execute when this selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchBinaries": { - "description": "A list of binary exec name filters.", - "items": { - "properties": { - "followChildren": { - "default": false, - "description": "In addition to binaries, match children processes of specified binaries.", - "type": "boolean" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "In", - "NotIn", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilities": { - "description": "A list of capabilities and IDs", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilityChanges": { - "description": "IDs for capabilities changes", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaceChanges": { - "description": "IDs for namespace changes", - "items": { - "properties": { - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace types (e.g., Mnt, Pid) to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaces": { - "description": "A list of namespaces and IDs", - "items": { - "properties": { - "namespace": { - "description": "Namespace selector name.", - "enum": [ - "Uts", - "Ipc", - "Mnt", - "Pid", - "PidForChildren", - "Net", - "Time", - "TimeForChildren", - "Cgroup", - "User" - ], - "type": "string" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace IDs (or host_ns for host namespace) of namespaces to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "namespace", - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchPIDs": { - "description": "A list of process ID filters. MatchPIDs are ANDed.", - "items": { - "properties": { - "followForks": { - "default": false, - "description": "Matches any descendant processes of the matching PIDs.", - "type": "boolean" - }, - "isNamespacePID": { - "default": false, - "description": "Indicates whether PIDs are namespace PIDs.", - "type": "boolean" - }, - "operator": { - "description": "PID selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Process IDs to match.", - "items": { - "format": "int32", - "type": "integer" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnActions": { - "description": "A list of actions to execute when MatchReturnArgs selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - } - }, - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "syscall": { - "default": true, - "description": "Indicates whether the traced function is a syscall.", - "type": "boolean" - }, - "tags": { - "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", - "items": { - "type": "string" - }, - "maxItems": 16, - "type": "array" - } - }, - "required": [ - "call" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "lists": { - "description": "A list of list specs.", - "items": { - "properties": { - "name": { - "description": "Name of the list", - "type": "string" - }, - "pattern": { - "description": "Pattern for 'generated' lists.", - "type": "string" - }, - "type": { - "description": "Indicates the type of the list values.", - "enum": [ - "syscalls", - "generated_syscalls", - "generated_ftrace" - ], - "type": "string" - }, - "validated": { - "description": "List was validated", - "type": "boolean" - }, - "values": { - "description": "Values of the list", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "name" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "loader": { - "description": "Enable loader events", - "type": "boolean" - }, - "lsmhooks": { - "description": "A list of uprobe specs.", - "items": { - "properties": { - "args": { - "description": "A list of function arguments to include in the trace output.", - "items": { - "properties": { - "index": { - "description": "Position of the argument.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "label": { - "description": "Label to output in the JSON", - "type": "string" - }, - "maxData": { - "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", - "type": "boolean" - }, - "returnCopy": { - "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", - "type": "boolean" - }, - "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "type": { - "default": "auto", - "description": "Argument type.", - "enum": [ - "auto", - "int", - "int8", - "uint8", - "int16", - "uint16", - "uint32", - "int32", - "uint64", - "int64", - "char_buf", - "char_iovec", - "size_t", - "skb", - "sock", - "string", - "fd", - "file", - "filename", - "path", - "nop", - "bpf_attr", - "perf_event", - "bpf_map", - "user_namespace", - "capability", - "kiocb", - "iov_iter", - "cred", - "load_info", - "module", - "syscall64", - "kernel_cap_t", - "cap_inheritable", - "cap_permitted", - "cap_effective", - "linux_binprm", - "data_loc", - "net_device", - "bpf_cmd" - ], - "type": "string" - } - }, - "required": [ - "index", - "type" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "hook": { - "description": "Name of the function to apply the kprobe spec to.", - "type": "string" - }, - "message": { - "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", - "type": "string" - }, - "selectors": { - "description": "Selectors to apply before producing trace output. Selectors are ORed.", - "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", - "properties": { - "matchActions": { - "description": "A list of actions to execute when this selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchBinaries": { - "description": "A list of binary exec name filters.", - "items": { - "properties": { - "followChildren": { - "default": false, - "description": "In addition to binaries, match children processes of specified binaries.", - "type": "boolean" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "In", - "NotIn", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilities": { - "description": "A list of capabilities and IDs", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilityChanges": { - "description": "IDs for capabilities changes", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaceChanges": { - "description": "IDs for namespace changes", - "items": { - "properties": { - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace types (e.g., Mnt, Pid) to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaces": { - "description": "A list of namespaces and IDs", - "items": { - "properties": { - "namespace": { - "description": "Namespace selector name.", - "enum": [ - "Uts", - "Ipc", - "Mnt", - "Pid", - "PidForChildren", - "Net", - "Time", - "TimeForChildren", - "Cgroup", - "User" - ], - "type": "string" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace IDs (or host_ns for host namespace) of namespaces to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "namespace", - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchPIDs": { - "description": "A list of process ID filters. MatchPIDs are ANDed.", - "items": { - "properties": { - "followForks": { - "default": false, - "description": "Matches any descendant processes of the matching PIDs.", - "type": "boolean" - }, - "isNamespacePID": { - "default": false, - "description": "Indicates whether PIDs are namespace PIDs.", - "type": "boolean" - }, - "operator": { - "description": "PID selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Process IDs to match.", - "items": { - "format": "int32", - "type": "integer" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnActions": { - "description": "A list of actions to execute when MatchReturnArgs selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - } - }, - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "tags": { - "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", - "items": { - "type": "string" - }, - "maxItems": 16, - "type": "array" - } - }, - "required": [ - "hook" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "options": { - "description": "A list of overloaded options", - "items": { - "properties": { - "name": { - "description": "Name of the option", - "type": "string" - }, - "value": { - "description": "Value of the option", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "podSelector": { - "description": "PodSelector selects pods that this policy applies to", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", - "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" - }, - "operator": { - "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", - "enum": [ - "In", - "NotIn", - "Exists", - "DoesNotExist" - ], - "type": "string" - }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", - "items": { - "type": "string" - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array", - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "additionalProperties": { - "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", - "maxLength": 63, - "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", - "type": "string" - }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic", - "additionalProperties": false - }, - "tracepoints": { - "description": "A list of tracepoint specs.", - "items": { - "properties": { - "args": { - "description": "A list of function arguments to include in the trace output.", - "items": { - "properties": { - "index": { - "description": "Position of the argument.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "label": { - "description": "Label to output in the JSON", - "type": "string" - }, - "maxData": { - "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", - "type": "boolean" - }, - "returnCopy": { - "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", - "type": "boolean" - }, - "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "type": { - "default": "auto", - "description": "Argument type.", - "enum": [ - "auto", - "int", - "int8", - "uint8", - "int16", - "uint16", - "uint32", - "int32", - "uint64", - "int64", - "char_buf", - "char_iovec", - "size_t", - "skb", - "sock", - "string", - "fd", - "file", - "filename", - "path", - "nop", - "bpf_attr", - "perf_event", - "bpf_map", - "user_namespace", - "capability", - "kiocb", - "iov_iter", - "cred", - "load_info", - "module", - "syscall64", - "kernel_cap_t", - "cap_inheritable", - "cap_permitted", - "cap_effective", - "linux_binprm", - "data_loc", - "net_device", - "bpf_cmd" - ], - "type": "string" - } - }, - "required": [ - "index", - "type" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "event": { - "description": "Tracepoint event", - "type": "string" - }, - "message": { - "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", - "type": "string" - }, - "selectors": { - "description": "Selectors to apply before producing trace output. Selectors are ORed.", - "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", - "properties": { - "matchActions": { - "description": "A list of actions to execute when this selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchBinaries": { - "description": "A list of binary exec name filters.", - "items": { - "properties": { - "followChildren": { - "default": false, - "description": "In addition to binaries, match children processes of specified binaries.", - "type": "boolean" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "In", - "NotIn", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilities": { - "description": "A list of capabilities and IDs", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilityChanges": { - "description": "IDs for capabilities changes", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaceChanges": { - "description": "IDs for namespace changes", - "items": { - "properties": { - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace types (e.g., Mnt, Pid) to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaces": { - "description": "A list of namespaces and IDs", - "items": { - "properties": { - "namespace": { - "description": "Namespace selector name.", - "enum": [ - "Uts", - "Ipc", - "Mnt", - "Pid", - "PidForChildren", - "Net", - "Time", - "TimeForChildren", - "Cgroup", - "User" - ], - "type": "string" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace IDs (or host_ns for host namespace) of namespaces to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "namespace", - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchPIDs": { - "description": "A list of process ID filters. MatchPIDs are ANDed.", - "items": { - "properties": { - "followForks": { - "default": false, - "description": "Matches any descendant processes of the matching PIDs.", - "type": "boolean" - }, - "isNamespacePID": { - "default": false, - "description": "Indicates whether PIDs are namespace PIDs.", - "type": "boolean" - }, - "operator": { - "description": "PID selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Process IDs to match.", - "items": { - "format": "int32", - "type": "integer" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnActions": { - "description": "A list of actions to execute when MatchReturnArgs selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - } - }, - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "subsystem": { - "description": "Tracepoint subsystem", - "type": "string" - }, - "tags": { - "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", - "items": { - "type": "string" - }, - "maxItems": 16, - "type": "array" - } - }, - "required": [ - "event", - "subsystem" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "uprobes": { - "description": "A list of uprobe specs.", - "items": { - "properties": { - "args": { - "description": "A list of function arguments to include in the trace output.", - "items": { - "properties": { - "index": { - "description": "Position of the argument.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "label": { - "description": "Label to output in the JSON", - "type": "string" - }, - "maxData": { - "default": false, - "description": "Read maximum possible data (currently 327360). This field is only used\nfor char_buff data. When this value is false (default), the bpf program\nwill fetch at most 4096 bytes. In later kernels (>=5.4) tetragon\nsupports fetching up to 327360 bytes if this flag is turned on", - "type": "boolean" - }, - "returnCopy": { - "default": false, - "description": "This field is used only for char_buf and char_iovec types. It indicates\nthat this argument should be read later (when the kretprobe for the\nsymbol is triggered) because it might not be populated when the kprobe\nis triggered at the entrance of the function. For example, a buffer\nsupplied to read(2) won't have content until kretprobe is triggered.", - "type": "boolean" - }, - "sizeArgIndex": { - "description": "Specifies the position of the corresponding size argument for this argument.\nThis field is used only for char_buf and char_iovec types.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "type": { - "default": "auto", - "description": "Argument type.", - "enum": [ - "auto", - "int", - "int8", - "uint8", - "int16", - "uint16", - "uint32", - "int32", - "uint64", - "int64", - "char_buf", - "char_iovec", - "size_t", - "skb", - "sock", - "string", - "fd", - "file", - "filename", - "path", - "nop", - "bpf_attr", - "perf_event", - "bpf_map", - "user_namespace", - "capability", - "kiocb", - "iov_iter", - "cred", - "load_info", - "module", - "syscall64", - "kernel_cap_t", - "cap_inheritable", - "cap_permitted", - "cap_effective", - "linux_binprm", - "data_loc", - "net_device", - "bpf_cmd" - ], - "type": "string" - } - }, - "required": [ - "index", - "type" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "message": { - "description": "A short message of 256 characters max that will be included\nin the event output to inform users what is going on.", - "type": "string" - }, - "path": { - "description": "Name of the traced binary", - "type": "string" - }, - "selectors": { - "description": "Selectors to apply before producing trace output. Selectors are ORed.", - "items": { - "description": "KProbeSelector selects function calls for kprobe based on PIDs and function arguments. The\nresults of MatchPIDs and MatchArgs are ANDed.", - "properties": { - "matchActions": { - "description": "A list of actions to execute when this selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchBinaries": { - "description": "A list of binary exec name filters.", - "items": { - "properties": { - "followChildren": { - "default": false, - "description": "In addition to binaries, match children processes of specified binaries.", - "type": "boolean" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "In", - "NotIn", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilities": { - "description": "A list of capabilities and IDs", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchCapabilityChanges": { - "description": "IDs for capabilities changes", - "items": { - "properties": { - "isNamespaceCapability": { - "default": false, - "description": "Indicates whether these caps are namespace caps.", - "type": "boolean" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "type": { - "default": "Effective", - "description": "Type of capabilities", - "enum": [ - "Effective", - "Inheritable", - "Permitted" - ], - "type": "string" - }, - "values": { - "description": "Capabilities to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaceChanges": { - "description": "IDs for namespace changes", - "items": { - "properties": { - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace types (e.g., Mnt, Pid) to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchNamespaces": { - "description": "A list of namespaces and IDs", - "items": { - "properties": { - "namespace": { - "description": "Namespace selector name.", - "enum": [ - "Uts", - "Ipc", - "Mnt", - "Pid", - "PidForChildren", - "Net", - "Time", - "TimeForChildren", - "Cgroup", - "User" - ], - "type": "string" - }, - "operator": { - "description": "Namespace selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Namespace IDs (or host_ns for host namespace) of namespaces to match.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "namespace", - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchPIDs": { - "description": "A list of process ID filters. MatchPIDs are ANDed.", - "items": { - "properties": { - "followForks": { - "default": false, - "description": "Matches any descendant processes of the matching PIDs.", - "type": "boolean" - }, - "isNamespacePID": { - "default": false, - "description": "Indicates whether PIDs are namespace PIDs.", - "type": "boolean" - }, - "operator": { - "description": "PID selector operator.", - "enum": [ - "In", - "NotIn" - ], - "type": "string" - }, - "values": { - "description": "Process IDs to match.", - "items": { - "format": "int32", - "type": "integer" - }, - "type": "array" - } - }, - "required": [ - "operator", - "values" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnActions": { - "description": "A list of actions to execute when MatchReturnArgs selector matches", - "items": { - "properties": { - "action": { - "description": "Action to execute.", - "enum": [ - "Post", - "FollowFD", - "UnfollowFD", - "Sigkill", - "CopyFD", - "Override", - "GetUrl", - "DnsLookup", - "NoPost", - "Signal", - "TrackSock", - "UntrackSock", - "NotifyEnforcer" - ], - "type": "string" - }, - "argError": { - "description": "error value for override action", - "format": "int32", - "type": "integer" - }, - "argFd": { - "description": "An arg index for the fd for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argFqdn": { - "description": "A FQDN to lookup for the dnsLookup action", - "type": "string" - }, - "argName": { - "description": "An arg index for the filename for fdInstall action", - "format": "int32", - "type": "integer" - }, - "argSig": { - "description": "A signal number for signal action", - "format": "int32", - "type": "integer" - }, - "argSock": { - "description": "An arg index for the sock for trackSock and untrackSock actions", - "format": "int32", - "type": "integer" - }, - "argUrl": { - "description": "A URL for the getUrl action", - "type": "string" - }, - "kernelStackTrace": { - "description": "Enable kernel stack trace export. Only valid with the post action.", - "type": "boolean" - }, - "rateLimit": { - "description": "A time period within which repeated messages will not be posted. Can be\nspecified in seconds (default or with 's' suffix), minutes ('m' suffix)\nor hours ('h' suffix). Only valid with the post action.", - "type": "string" - }, - "rateLimitScope": { - "description": "The scope of the provided rate limit argument. Can be \"thread\" (default),\n\"process\" (all threads for the same process), or \"global\". If \"thread\" is\nselected then rate limiting applies per thread; if \"process\" is selected\nthen rate limiting applies per process; if \"global\" is selected then rate\nlimiting applies regardless of which process or thread caused the action.\nOnly valid with the post action and with a rateLimit specified.", - "type": "string" - }, - "userStackTrace": { - "description": "Enable user stack trace export. Only valid with the post action.", - "type": "boolean" - } - }, - "required": [ - "action" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "matchReturnArgs": { - "description": "A list of argument filters. MatchArgs are ANDed.", - "items": { - "properties": { - "index": { - "description": "Position of the argument to apply fhe filter to.", - "format": "int32", - "minimum": 0, - "type": "integer" - }, - "operator": { - "description": "Filter operation.", - "enum": [ - "Equal", - "NotEqual", - "Prefix", - "NotPrefix", - "Postfix", - "NotPostfix", - "GreaterThan", - "LessThan", - "GT", - "LT", - "Mask", - "SPort", - "NotSPort", - "SPortPriv", - "NotSportPriv", - "DPort", - "NotDPort", - "DPortPriv", - "NotDPortPriv", - "SAddr", - "NotSAddr", - "DAddr", - "NotDAddr", - "Protocol", - "Family", - "State", - "InMap", - "NotInMap" - ], - "type": "string" - }, - "values": { - "description": "Value to compare the argument against.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "index", - "operator" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - } - }, - "type": "object", - "additionalProperties": false - }, - "type": "array" - }, - "symbols": { - "description": "List of the traced symbols", - "items": { - "type": "string" - }, - "type": "array" - }, - "tags": { - "description": "Tags to categorize the event, will be include in the event output.\nMaximum of 16 Tags are supported.", - "items": { - "type": "string" - }, - "maxItems": 16, - "type": "array" - } - }, - "required": [ - "path", - "symbols" - ], - "type": "object", - "additionalProperties": false - }, - "type": "array" - } - }, - "type": "object", - "additionalProperties": false - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" -}