colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #197880 from 06kellyjac/tracee-update

Browse Source 
tracee: 0.8.3 -> 0.9.2
This commit is contained in:
Thiago Kenji Okada 2022-10-26 15:38:59 +01:00 committed by GitHub
commit 4a98070507
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 146 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
nixos/tests/tracee.nix
View File

@ -14,15 +14,18 @@ import ./make-test-python.nix ({ pkgs, ... }: {
patches = oa.patches or [] ++ [
# change the prefix from /usr/bin to /run to find nix processes
../../pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch
# skip magic_write test that currently fails
../../pkgs/tools/security/tracee/test-EventFilters-magic_write-skip.patch
];
buildPhase = ''
runHook preBuild
# just build the static lib we need for the go test binary
make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES} bpf-core ./dist/btfhub ./dist/libbpf/libbpf.a
make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES} bpf-core ./dist/btfhub
# remove the /usr/bin prefix to work with the patch above
substituteInPlace tests/integration/integration_test.go \
--replace "/usr/bin/ls" "ls"
# then compile the tests to be ran later
CGO_CFLAGS="-I$PWD/dist/libbpf" CGO_LDFLAGS="-lelf -lz $PWD/dist/libbpf/libbpf.a" go test -tags core,ebpf,integration -p 1 -c -o $GOPATH/tracee-integration ./tests/integration/...
CGO_LDFLAGS="$(pkg-config --libs libbpf)" go test -tags core,ebpf,integration -p 1 -c -o $GOPATH/tracee-integration ./tests/integration/...
runHook postBuild
'';
doCheck = false;

22
pkgs/tools/security/tracee/default.nix
View File

@ -19,23 +19,26 @@ let
in
buildGoModule rec {
pname = "tracee";
version = "0.8.3";
version = "0.9.2";
src = fetchFromGitHub {
owner = "aquasecurity";
repo = pname;
rev = "v${version}";
sha256 = "sha256-VxTJcl7gHRZEXpFbxU4iMwqxuR1r0BNSseWQ5ijWHU4=";
sha256 = "sha256-w/x7KhopkADKvpDc5TE5Kf34pRY6HP3kX1Lqujnl0b8=";
};
vendorSha256 = "sha256-szPoJUtzya3+8dOnkDxHEs3+a1LTVoMMLjUSrUlfiGg=";
vendorSha256 = "sha256-5RXNRNoMydFcemNGgyfqcUPtfMVgMYdiyWo/sZi8GQw=";
patches = [
./use-our-libbpf.patch
];
enableParallelBuilding = true;
# needed to build bpf libs
hardeningDisable = [ "stackprotector" ];
nativeBuildInputs = [ pkg-config clang ];
# ensure libbpf version exactly matches the version added as a submodule
buildInputs = [ libbpf zlib elfutils ];
buildInputs = [ elfutils libbpf zlib ];
makeFlags = [
"VERSION=v${version}"
@ -44,16 +47,9 @@ buildGoModule rec {
"CMD_GIT=echo"
];
# TODO: patch tracee to take libbpf.a and headers via include path
preBuild = ''
mkdir -p 3rdparty/libbpf/src
mkdir -p ./dist
cp -r ${libbpf}/lib ./dist/libbpf
chmod +w ./dist/libbpf
cp -r ${libbpf}/include/bpf ./dist/libbpf/
'';
buildPhase = ''
runHook preBuild
mkdir -p ./dist
make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES} bpf-core all
runHook postBuild
'';

16
pkgs/tools/security/tracee/test-EventFilters-magic_write-skip.patch
View File

@ -1,16 +0,0 @@
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index afbc5330..3b38a1b8 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -205,11 +205,6 @@ func Test_EventFilters(t *testing.T) {
filterArgs []string
eventFunc func(*testing.T, *[]trace.Event)
}{
- {
- name: "do a file write",
- filterArgs: []string{"event=magic_write"},
- eventFunc: checkMagicwrite,
- },
{
name: "execute a command",
filterArgs: []string{"comm=ls"},

129
pkgs/tools/security/tracee/use-our-libbpf.patch Normal file
View File

@ -0,0 +1,129 @@
diff --git a/Makefile b/Makefile
index c72cf63d..e96b7eed 100644
--- a/Makefile
+++ b/Makefile
@@ -50,6 +50,7 @@ CMD_STATICCHECK ?= staticcheck
# libs
#
+LIB_BPF ?= libbpf
LIB_ELF ?= libelf
LIB_ZLIB ?= zlib
@@ -172,10 +173,6 @@ env:
@echo "KERN_BUILD_PATH $(KERN_BUILD_PATH)"
@echo "KERN_SRC_PATH $(KERN_SRC_PATH)"
@echo ---------------------------------------
- @echo "LIBBPF_CFLAGS $(LIBBPF_CFLAGS)"
- @echo "LIBBPF_LDLAGS $(LIBBPF_LDFLAGS)"
- @echo "LIBBPF_SRC $(LIBBPF_SRC)"
- @echo ---------------------------------------
@echo "STATIC $(STATIC)"
@echo ---------------------------------------
@echo "BPF_VCPU $(BPF_VCPU)"
@@ -274,8 +271,6 @@ OUTPUT_DIR = ./dist
$(OUTPUT_DIR):
#
@$(CMD_MKDIR) -p $@
- @$(CMD_MKDIR) -p $@/libbpf
- @$(CMD_MKDIR) -p $@/libbpf/obj
#
# embedded btfhub
@@ -286,37 +281,6 @@ $(OUTPUT_DIR)/btfhub:
@$(CMD_MKDIR) -p $@
@$(CMD_TOUCH) $@/.place-holder # needed for embed.FS
-#
-# libbpf
-#
-
-LIBBPF_CFLAGS = "-fPIC"
-LIBBPF_LDLAGS =
-LIBBPF_SRC = ./3rdparty/libbpf/src
-
-$(OUTPUT_DIR)/libbpf/libbpf.a: \
- $(LIBBPF_SRC) \
- $(wildcard $(LIBBPF_SRC)/*.[ch]) \
- | .checkver_$(CMD_CLANG) $(OUTPUT_DIR)
-#
- CC="$(CMD_CLANG)" \
- CFLAGS="$(LIBBPF_CFLAGS)" \
- LD_FLAGS="$(LIBBPF_LDFLAGS)" \
- $(MAKE) \
- -C $(LIBBPF_SRC) \
- BUILD_STATIC_ONLY=1 \
- DESTDIR=$(abspath ./$(OUTPUT_DIR)/libbpf/) \
- OBJDIR=$(abspath ./$(OUTPUT_DIR)/libbpf/obj) \
- INCLUDEDIR= LIBDIR= UAPIDIR= prefix= libdir= \
- install install_uapi_headers
-
-$(LIBBPF_SRC): \
- | .check_$(CMD_GIT)
-#
-ifeq ($(wildcard $@), )
- @$(CMD_GIT) submodule update --init --recursive
-endif
-
#
# non co-re ebpf
#
@@ -333,7 +297,6 @@ BPF_NOCORE_TAG = $(subst .,_,$(KERN_RELEASE)).$(subst .,_,$(VERSION))
bpf-nocore: $(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o
$(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o: \
- $(OUTPUT_DIR)/libbpf/libbpf.a \
$(TRACEE_EBPF_OBJ_SRC)
#
MAKEFLAGS="--no-print-directory"
@@ -351,7 +314,6 @@ $(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o: \
-I $(KERN_SRC_PATH)/include/uapi \
-I $(KERN_BUILD_PATH)/include/generated \
-I $(KERN_BUILD_PATH)/include/generated/uapi \
- -I $(OUTPUT_DIR)/libbpf \
-I ./3rdparty/include \
-Wunused \
-Wall \
@@ -412,7 +374,6 @@ TRACEE_EBPF_OBJ_CORE_HEADERS = $(shell find pkg/ebpf/c -name *.h)
bpf-core: $(OUTPUT_DIR)/tracee.bpf.core.o
$(OUTPUT_DIR)/tracee.bpf.core.o: \
- $(OUTPUT_DIR)/libbpf/libbpf.a \
$(TRACEE_EBPF_OBJ_SRC) \
$(TRACEE_EBPF_OBJ_CORE_HEADERS)
#
@@ -421,7 +382,6 @@ $(OUTPUT_DIR)/tracee.bpf.core.o: \
-D__BPF_TRACING__ \
-DCORE \
-I./pkg/ebpf/c/ \
- -I$(OUTPUT_DIR)/libbpf/ \
-I ./3rdparty/include \
-target bpf \
-O2 -g \
@@ -447,8 +407,8 @@ ifeq ($(STATIC), 1)
GO_TAGS_EBPF := $(GO_TAGS_EBPF),netgo
endif
-CUSTOM_CGO_CFLAGS = "-I$(abspath $(OUTPUT_DIR)/libbpf)"
-CUSTOM_CGO_LDFLAGS = "$(shell $(call pkg_config, $(LIB_ELF))) $(shell $(call pkg_config, $(LIB_ZLIB))) $(abspath $(OUTPUT_DIR)/libbpf/libbpf.a)"
+CUSTOM_CGO_CFLAGS = ""
+CUSTOM_CGO_LDFLAGS = "$(shell $(call pkg_config, $(LIB_BPF))) $(shell $(call pkg_config, $(LIB_ELF))) $(shell $(call pkg_config, $(LIB_ZLIB)))"
GO_ENV_EBPF =
GO_ENV_EBPF += GOOS=linux
@@ -468,6 +428,7 @@ $(OUTPUT_DIR)/tracee-ebpf: \
$(TRACEE_EBPF_SRC) \
./embedded-ebpf.go \
| .checkver_$(CMD_GO) \
+ .checklib_$(LIB_BPF) \
.checklib_$(LIB_ELF) \
.checklib_$(LIB_ZLIB) \
btfhub
@@ -658,7 +619,6 @@ test-rules: \
.PHONY: test-upstream-libbpfgo
test-upstream-libbpfgo: \
.checkver_$(CMD_GO) \
- $(OUTPUT_DIR)/libbpf/libbpf.a
#
./tests/libbpfgo.sh $(GO_ENV_EBPF)

2
pkgs/top-level/all-packages.nix
View File

@ -12076,7 +12076,7 @@ with pkgs;
tracebox = callPackage ../tools/networking/tracebox { stdenv = gcc10StdenvCompat; };
tracee = callPackage ../tools/security/tracee {
buildGoModule = buildGo118Module; # tests fail with 1.19
libbpf = libbpf_1; # keep inline with their submodule
};
tracefilegen = callPackage ../development/tools/analysis/garcosim/tracefilegen { };