Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WSL kernel should enable CONFIG_BPF_LSM=y for latest eBPF applications #9819

Closed
1 of 2 tasks
rafaeldtinoco opened this issue Mar 21, 2023 · 1 comment
Closed
1 of 2 tasks

WSL kernel should enable CONFIG_BPF_LSM=y for latest eBPF applications #9819

rafaeldtinoco opened this issue Mar 21, 2023 · 1 comment
Labels
kconfig linux kernel configuration kernel WSL kernel

Comments

@rafaeldtinoco
Copy link

Windows Version

Microsoft Windows [Version 10.0.22621.1413]

WSL Version

WSL version: 1.1.3.0

Are you using WSL 1 or WSL 2?

  • WSL 2
  • WSL 1

Kernel Version

5,15,90

Distro Version

Ubuntu 22.04

Other Software

https://github.com/aquasecurity/tracee/

Repro Steps

  1. Clone https://github.com/aquasecurity/tracee/
  2. make -f builder/Makefile.tracee-make ubuntu-prepare
  3. make -f builder/Makefile.tracee-make ubuntu-make ARG="all"
  4. sudo ./dist/tracee and watch loading error due to LSM eBPF kprobes.

Watch an eBPF object loading error.

Expected Behavior

After cloning https://github.com/microsoft/WSL2-Linux-Kernel and adding the following kconfig option:

CONFIG_BPF_LSM=y

We're able to have kprobes in LSM hooks. Note that this is needed to avoid TOCTOU kprobes under regular kernel entries (so the hooks using LSM functions are safer and should be enabled).

Thank you!

Actual Behavior

The LSM hooks don't exist and the eBPF loading (through libbpf) fails.

Diagnostic Logs

No response
@OneBlue OneBlue added kernel WSL kernel kconfig linux kernel configuration labels Mar 21, 2023
@rafaeldtinoco rafaeldtinoco mentioned this issue Apr 26, 2023
Merged
@github-actions github-actions bot mentioned this issue Mar 2, 2024
Open
@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

This issue has been automatically closed since it has not had any activity for the past year. If you're still experiencing this issue please re-file this as a new issue or feature request.

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kconfig linux kernel configuration kernel WSL kernel
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rafaeldtinoco @OneBlue