Commits on Jun 8, 2021

1. cgroupv2: ebpf: check for BPF_F_REPLACE support and degrade gracefully …

   It turns out that the cilium eBPF library doesn't degrade gracefully if
   BPF_F_REPLACE is not supported, so we need to work around it by treating
   that case as we treat the more-than-one program case.
   
   It also turns out that we weren't passing BPF_F_REPLACE explicitly, but
   this is required by the cilium library (causing EINVALs).
   
   Fixes: d0f2c25 ("cgroup2: devices: replace all existing filters when attaching")
   Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

   

   cyphar committed Jun 8, 2021
   Configuration menu

   • View commit details
   • Copy full SHA for a3ca7b4
   • Browse repository at this point

   Copy the full SHA

   a3ca7b4 View commit details

   Browse the repository at this point in the history

2. cgroupv2: ebpf: debug info when detaching programs in fallback mode …

   It seems that we are triggering the mutli-attach fallback in the fedora
   CI, but we don't have enough debugging information to really know what's
   going on, so add some. Unfortunately the amount of information we have
   available with eBPF programs in general is fairly limited (we can't get
   their bytecode for instance).
   
   We also demote the "more than one filter" warning to an info message
   because it happens very often under the systemd cgroup driver (likely
   when systemd configures the cgroup it isn't deleting our old program, so
   when our apply code runs after the systemd one there are two running
   programs).
   
   Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

   

   cyphar committed Jun 8, 2021
   Configuration menu

   • View commit details
   • Copy full SHA for 9ebc573
   • Browse repository at this point

   Copy the full SHA

   9ebc573 View commit details

   Browse the repository at this point in the history