camflow-dev icon indicating copy to clipboard operation
camflow-dev copied to clipboard

Published 20 hours ago verified publisher icon CamFlow

Add default node filter policy

Open tfjmp opened this issue 1 year ago • 0 comments

Adding the following line: prov_policy.prov_node_filter = ENT_INODE_UNKNOWN & ENT_INODE_DIRECTORY & ENT_INODE_DIRECTORY & ENT_ENV; here https://github.com/CamFlow/camflow-dev/blob/0fab1b96c7d7ee0511dbcfef8ae2b9f3b86fe43d/security/provenance/hooks.c#L2905 should work.

It should be added when whole provenance capture is selected in the kernel config option.

Needs to be implemented and tested.

tfjmp avatar May 25 '23 15:05 tfjmp