New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd, packaging: import BPF headers from kernel, detect whether host headers are usable #10640
cmd, packaging: import BPF headers from kernel, detect whether host headers are usable #10640
Conversation
…m the Linux kernel Imported from the Linux kernel, commit 77d34a4683b053108ecd466cc7c4193b45805528 (v5.13-11855-g77d34a4683b0). Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
…83b0 Import BPF headers such that we can build snap-confine with the whole feature set even on hosts that have outdated headers (eg. Ubuntu 16.04 and 18.04). Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Try to detect whether the linux/bpf.h header provided by the host is usable by checking for BPF attach type features that were added with device cgroup support in 2019. If the headers are outdated, use the vendored ones. Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! I like this and looks fine. I also like the idea of ./cmd/vendor, I am contemplating to use it for squashfuse in #10639 too
/* SPDX-License-Identifier: GPL-2.0 */ | ||
|
||
/* imported from the Linux kernel, commit | ||
* 77d34a4683b053108ecd466cc7c4193b45805528 (v5.13-11855-g77d34a4683b0) */ | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe import it under a subdirectory, e.g. libsnap-confine-private/linux/bpf-insn.h
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or libsnap-confine-private/bpf/
? Also I could probably move the vendored headers to libsnap-confine-private/bpf/vendor
, @mvo5 wdyt?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, sounds good. This location means that I will have to find my own place to vendor "squashfuse" but that is ok, I think the dir layout suggested here makes sense :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or
libsnap-confine-private/bpf/
? Also I could probably move the vendored headers tolibsnap-confine-private/bpf/vendor
, @mvo5 wdyt?
Yes, either works, my main point was to have it separated from our headers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with one suggestion
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
…tion Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@mvo5 the failures are unrelated, please merge |
Extracted from #10575. The branch imports BPF headers (linux/bpf.h, linux/bpf_common.h) from the Linux kernel v5.13-11855-g77d34a4683b0 in an unchanged form. The bpf_insn.h is an import of samples/bpf/bpf_insn.h from the kernel source trree, further redacted to remove bits that are not strictly necessary for our use of BPF in device cgroup.