Remove runtimes map

lockc/src/bpf/lockc.bpf.c

@@ -44,21 +44,6 @@ static __always_inline int handle_new_process(struct task_struct *parent,
 	/* Check if parent process is containerized. */
 	struct process *parent_lookup = bpf_map_lookup_elem(&processes, &ppid);
 	if (!parent_lookup) {
-		/* If not, check whether it's a container runtime process. */
-		// const char *comm = BPF_CORE_READ(child, comm);
-		// u32 runtime_key = hash(comm, TASK_COMM_LEN);
-		// u32 *runtime_lookup = bpf_map_lookup_elem(&runtimes,
-		// 					  &runtime_key);
-		// if (runtime_lookup) {
-		// 	/*
-		// 	 * If yes, it means that's an unwrapped container
-		// 	 * runtime process. Deny it.
-		// 	 */
-		// 	bpf_printk("deny: unwrapped runtime process %d: %s\n",
-		// 		   pid,
-		// 		   BPF_CORE_READ(child, comm));
-		// 	return -EPERM;
-		// }
 		return 0;
 	}
 

lockc/src/bpf/maps.h

@@ -3,18 +3,6 @@
 
 #include "map_structs.h"
 
-/*
- * runtimes - BPF map containing the process names of container runtime init
- * processes (for example: `runc:[2:INIT]` which is the name of every init
- * process for runc).
- */
-struct {
-	__uint(type, BPF_MAP_TYPE_HASH);
-	__uint(max_entries, 16);
-	__type(key, u32);
-	__type(value, u32);
-} runtimes SEC(".maps");
-
 /*
  * containers - BPF map containing the info about a policy which should be
  * enforced on the given container.

lockc/src/lib.rs

@@ -16,7 +16,6 @@ use std::{
     thread, time,
 };
 
-use byteorder::{NativeEndian, WriteBytesExt};
 use sysctl::Sysctl;
 
 use bpfstructs::BpfStruct;
@@ -83,35 +82,6 @@ pub fn hash(s: &str) -> Result<u32, HashError> {
     Ok(hash)
 }
 
-#[derive(thiserror::Error, Debug)]
-pub enum InitRuntimesError {
-    #[error("hash error")]
-    HashError(#[from] HashError),
-
-    #[error("could not convert the hash to a byte array")]
-    ByteWriteError(#[from] io::Error),
-
-    #[error("libbpf error")]
-    LibbpfError(#[from] libbpf_rs::Error),
-}
-
-/// Registers the names of supported container runtime init processes in a BPF
-/// map. Based on that information, BPF programs will track those processes and
-/// their children.
-pub fn init_runtimes(map: &mut libbpf_rs::Map) -> Result<(), InitRuntimesError> {
-    let runtimes = &SETTINGS.runtimes;
-    let val: [u8; 4] = [0, 0, 0, 0];
-
-    for runtime in runtimes.iter() {
-        let key = hash(runtime)?;
-        let mut key_b = vec![];
-        key_b.write_u32::<NativeEndian>(key)?;
-        map.update(&key_b, &val, libbpf_rs::MapFlags::empty())?;
-    }
-
-    Ok(())
-}
-
 #[derive(thiserror::Error, Debug)]
 pub enum InitAllowedPathsError {
     #[error("could not create a new BPF struct instance")]
@@ -184,9 +154,6 @@ pub enum NewBpfContextError {
 
     #[error(transparent)]
     InitAllowedPaths(#[from] InitAllowedPathsError),
-
-    #[error(transparent)]
-    InitRuntimes(#[from] InitRuntimesError),
 }
 
 impl<'a> BpfContext<'a> {
@@ -210,14 +177,6 @@ impl<'a> BpfContext<'a> {
         let skel_builder = LockcSkelBuilder::default();
         let mut open_skel = skel_builder.open()?;
 
-        let path_map_runtimes = path_base.join("map_runtimes");
-        if path_map_runtimes.exists() {
-            open_skel
-                .maps_mut()
-                .runtimes()
-                .reuse_pinned_map(path_map_runtimes.clone())?;
-        }
-
         let pid_max = get_pid_max()?;
 
         let path_map_containers = path_base.join("map_containers");
@@ -290,10 +249,6 @@ impl<'a> BpfContext<'a> {
 
         let mut skel = open_skel.load()?;
 
-        if !path_map_runtimes.exists() {
-            skel.maps_mut().runtimes().pin(path_map_runtimes)?;
-        }
-        init_runtimes(skel.maps_mut().runtimes())?;
         if !path_map_containers.exists() {
             skel.maps_mut().containers().pin(path_map_containers)?;
         }