Explore Google's approach to BPF security auditing in this 38-minute conference talk from the Linux Plumbers Conference. Delve into key topics such as ring buffer chunking, audit API, performance enhancements, and extending Perf. Gain insights on function boundary association, performance map events, task VM iterator, K Probes, and AuditLSM hooks. Discover the current state of BPF security auditing at Google, understand its use cases, and learn about future developments in this field.
Overview
Syllabus
Intro
Use case
Ring Buffer chunking
What is next
Audit API
Perf
Extending Perf
What is missing
Function boundary association
Performance map events
Task VM iterator
K Probes
Audit
LSM hooks
Taught by
Linux Plumbers Conference