tetragon: rhel7 changes #3574
Merged
tetragon: rhel7 changes #3574
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
olsajiri
added
the
release-note/minor
olsajiri
force-pushed
the
pr/olsajiri/fixes
branch
from
b1fd3b3 to
2985325
Compare
olsajiri
force-pushed
the
pr/olsajiri/fixes
branch
5 times, most recently
from
882bda0 to
dfaa857
Compare
Currently we won't start tetragon if requested namespace is not supported, like: time="2025-04-01T04:31:23-04:00" level=fatal msg="Failed to initialize host namespaces" error="namespace '/proc/1/ns/pid_for_children' readlink /proc/1/ns/pid_for_childy" procfs=/proc/ Instead let's warn user about missing namespace and let tetragon continue. Signed-off-by: Jiri Olsa <[email protected]>
olsajiri
force-pushed
the
pr/olsajiri/fixes
branch
3 times, most recently
from
5d01bda to
0d3b3f0
Compare
Adding rhel7 base sensor bpf object variants for running tetragon on rhel7. Signed-off-by: Jiri Olsa <[email protected]>
Some of the new namespace errors make the tetragon log too loud on rhel7, because they are display for each process, display them just once. Signed-off-by: Jiri Olsa <[email protected]>
The rhel7 kernel uses different context struct name, change it for rhel7 objects. Signed-off-by: Jiri Olsa <[email protected]>
Display object file name in debug mode, like:
# sudo DEBUG=1 TETRAGONDIR=/home/jolsa/tetragon/bpf/objs go test contrib/verify/verify_test.go -v
=== RUN TestVerifyTetragonPrograms
[bpf_cgroup.o]
tg_cgroup_rmdir:
; struct cgroup *cgrp = (struct cgroup *)ctx->args[0];
0: LdXMemDW dst: r3 src: r1 off: 0 imm: 0
1: MovImm dst: r6 imm: 0
; struct kernfs_node *kn = NULL;
2: StXMemDW dst: rfp src: r6 off: -8 imm: 0
Signed-off-by: Jiri Olsa <[email protected]>
Rhel7 is special, *310.o objects load fail on standard kernel. Signed-off-by: Jiri Olsa <[email protected]>
Adding core field checks and use appropriate reads based on that. Signed-off-by: Jiri Olsa <[email protected]>
The cgroup retrieval is bit different on rhel7, disabling it for now in rhel7 objects. Signed-off-by: Jiri Olsa <[email protected]>
olsajiri
force-pushed
the
pr/olsajiri/fixes
branch
from
0d3b3f0 to
cd88491
Compare
olsajiri
changed the title
kkourt
approved these changes
Apr 7, 2025
tixxdz
approved these changes
Apr 7, 2025
well, we use the __RHEL7_BPF_PROG which seems enough atm.. let's see if there are more changes in future |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
assorted changes to be able to run on rhel7