Skip to content

[SMAGENT-981] calculate HASH of fedora atomic kernel config#1172

Merged
h-w-chen merged 3 commits intodevfrom
smagent-981
Jul 18, 2018
Merged

[SMAGENT-981] calculate HASH of fedora atomic kernel config#1172
h-w-chen merged 3 commits intodevfrom
smagent-981

Conversation

@h-w-chen
Copy link
Contributor

@h-w-chen h-w-chen commented Jul 10, 2018
edited
Loading

feature

added HASH calculation for fedora atomic linux

how to verify

in AWS start an atomic instance, and start sysdig/agent container in interactive bash session, run /opt/draios/bin/sysdigcloud-probe-loader (or sysdigcloud-probe-loader which contains the added code piece), verified the hash was calculated by having similar output:

* Trying to download precompiled module from https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/sysdigcloud-probe--x86_64-4.17.2-200.fc28.x86_64-991367a4c601fb9c7cc8e75487e2b5e6.ko

@h-w-chen h-w-chen requested review from anoop-sysd and bertocci July 10, 2018 21:20
bertocci
bertocci reviewed Jul 16, 2018
View reviewed changes
scripts/sysdig-probe-loader Outdated
elif [ ! -z "${SYSDIG_HOST_ROOT}" ] && [ -f "${SYSDIG_HOST_ROOT}/usr/lib/ostree-boot/config-${KERNEL_RELEASE}" ]; then
echo "Found kernel config at ${SYSDIG_HOST_ROOT}/usr/lib/ostree-boot/config-${KERNEL_RELEASE}"
HASH=$(md5sum "${SYSDIG_HOST_ROOT}/usr/lib/ostree-boot/config-${KERNEL_RELEASE}" | cut -d' ' -f1)
elif [ -f /usr/lib/modules/${KERNEL_RELEASE}/config ]; then
Copy link

@bertocci bertocci Jul 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In order for this to work in a container, we should need another elif that checks for "${SYSDIG_HOST_ROOT}/usr/lib/modules/${KERNEL_RELEASE}/config" like we do for /boot/config and /usr/lib/ostree-boot/config. How is this working without that?

Copy link
Contributor Author

@h-w-chen h-w-chen Jul 16, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

inside the container, /lib/modules is symlink of $SYSDIG_HOST_ROOT/lib/modules. w/ such symlink in place, the code applies to both native host and container.
see sysdig/docker/local/Dockerfile line 46
RUN ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules

this was run inside the container as confirmation of such symlink:
root@ip-172-31-9-169:/# ls -l /lib/modules
lrwxrwxrwx. 1 root root 17 Jun 26 23:50 /lib/modules -> /host/lib/modules

Copy link

@bertocci bertocci Jul 17, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From slack, we found that this works because /lib is symlinked to /usr/lib in that base image and we set up symlinks in /lib/modules to /$SYSDIG_HOST_ROOT/lib/modules in the docker entrypoint.

To make this robust, let's check /lib/modules/${KERNEL_RELEASE}/config and the same path prefixed with /$SYSDIG_HOST_ROOT. That will still work for the atomic container and will be more flexible in other cases.

@h-w-chen h-w-chen merged commit e8fefb2 into dev Jul 18, 2018
@h-w-chen h-w-chen deleted the smagent-981 branch July 18, 2018 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@bertocci bertocci bertocci approved these changes

@anoop-sysd anoop-sysd anoop-sysd approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@h-w-chen @bertocci @anoop-sysd