From 895175cd0be9a5f93e2b1275476f3536b7b8ad71 Mon Sep 17 00:00:00 2001
From: yuelg <yuelg@chinaunicom.cn>
Date: Tue, 18 Feb 2025 10:49:34 +0800
Subject: [PATCH] pin fileopen map to bpf fs

Signed-off-by: yuelg <yuelg@chinaunicom.cn>
---
 README.md                       | 5 +++++
 pkg/audit/fileaccess/manager.go | 8 ++++++++
 2 files changed, 13 insertions(+)

diff --git a/README.md b/README.md
index 7edb87a..556daf8 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,11 @@ $ yum install safeguard-2.0.1-2.ule3.x86_64.rpm
 $ sudo safeguard --config /etc/safeguard/safeguard.yml
 ```
 
+# configurate map
+```shell
+$ bpftool map update pinned /sys/fs/bpf/file_config key 00 00 00 00 value 01 00 00 00 00 00 00 00
+```
+
 # 项目功能(部分位于开发阶段)
 
 ### 审计控制
diff --git a/pkg/audit/fileaccess/manager.go b/pkg/audit/fileaccess/manager.go
index 72d9375..cab7827 100644
--- a/pkg/audit/fileaccess/manager.go
+++ b/pkg/audit/fileaccess/manager.go
@@ -43,6 +43,10 @@ func (m *Manager) Stop() {
 }
 
 func (m *Manager) Close() {
+	configMap, err := m.mod.GetMap(FILEACCESS_CONFIG)
+	if err == nil {
+		configMap.Unpin("/sys/fs/bpf/file_config")
+	}
 	m.pb.Close()
 }
 
@@ -167,6 +171,10 @@ func (m *Manager) setModeAndTarget() error {
 	if err != nil {
 		return err
 	}
+	err = configMap.Pin("/sys/fs/bpf/file_config")
+	if err != nil {
+		return err
+	}
 
 	return nil
 }
-- 
Gitee