update systemd packaging

- setup CI to test systemd - add llvm toolchain dep instead of bcc - eliminate stdarg dep from clang/gcc std include Signed-off-by: daemon1024 <[email protected]>
daemon1024 · May 5, 2022 · cd6f0e3 · cd6f0e3
1 parent c788e77
commit cd6f0e3
Show file tree

Hide file tree

Showing 9 changed files with 137 additions and 11 deletions.
diff --git a/.github/workflows/ci-test-systemd.yml b/.github/workflows/ci-test-systemd.yml
@@ -0,0 +1,63 @@
+name: ci-test-systemd
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "KubeArmor/**"
+      - "tests/**"
+      - "protobuf/**"
+      - ".github/workflows/ci-test.yml"
+  pull_request:
+    branches: [main]
+    paths:
+      - "KubeArmor/**"
+      - "tests/**"
+      - "protobuf/**"
+      - ".github/workflows/ci-test.yml"
+
+jobs:
+  build:
+    name: Systemd Test
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, ubuntu-18.04]
+    steps:
+      - name: Kernel version
+        run: uname -r
+
+      - uses: actions/checkout@v2
+        with:
+          submodules: true
+
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.17
+
+      - name: Install GoReleaser
+        uses: goreleaser/goreleaser-action@v2
+        with:
+          install-only: true
+
+      - name: Install Latest Stable LLVM toolchain
+        run: |
+          sudo bash -c "$(wget -O - https://apt.llvm.org/llvm.sh)"
+          for tool in "clang" "llc" "llvm-strip"
+          do
+            sudo rm -f /usr/bin/$tool
+            sudo ln -s /usr/bin/$tool-14 /usr/bin/$tool
+          done
+
+      - name: Build Release
+        run:  make local-release
+        working-directory: KubeArmor
+
+      - name: Install KubeArmor Systemd
+        run:  sudo apt install --yes ./dist/kubearmor*.deb
+        working-directory: KubeArmor
+
+      - name: Check journalctl
+        run: sudo journalctl -u kubearmor --no-pager
diff --git a/.gitignore b/.gitignore
@@ -17,5 +17,8 @@ contribution/vagrant/*.log
 *.rpm
 .coverprofile
 
+#Object files
+*.o
+
 # protobuf
 protobuf/go.sum
diff --git a/KubeArmor/.goreleaser.yaml b/KubeArmor/.goreleaser.yaml
@@ -67,7 +67,8 @@ nfpms:
     overrides:
       deb:
         dependencies:
-          - bpfcc-tools
+          - make
+          - libelf-dev
           - linux-headers-generic | linux-headers-generic-pae | linux-headers-lowlatency | linux-headers-lowlatency-pae
       rpm:
         dependencies:

diff --git a/KubeArmor/BPF/Makefile b/KubeArmor/BPF/Makefile
@@ -13,14 +13,13 @@ ifeq ($(V),1)
 endif
 
 # shamelessly copied from kernel's samples/bpf/Makefile
-KF = -nostdinc -isystem /usr/lib/gcc/x86_64-linux-gnu/9/include \
+KF = -nostdinc \
 	 -I$(KRNDIR)/arch/x86/include -I$(KRNDIR)/arch/x86/include/generated  \
 	 -I$(KRNDIR)/include -I$(KRNDIR)/arch/x86/include/uapi \
 	 -I$(KRNDIR)/arch/x86/include/generated/uapi -I$(KRNDIR)/include/uapi \
 	 -I$(KRNDIR)/include/generated/uapi \
 	 -I$(LIBBPF)/src \
-	 -I/usr/lib/gcc/x86_64-alpine-linux-musl/10.3.1/include \
-	 -I/usr/lib/gcc/x86_64-linux-gnu/7/include \
+	 -I$(CURDIR)/include \
 	 -include $(KRNDIR)/include/linux/kconfig.h \
 	 -D__KERNEL__ -D__BPF_TRACING__ -Wno-unused-value -Wno-pointer-sign \
 	 -D__TARGET_ARCH_x86 -Wno-compare-distinct-pointer-types \

diff --git a/KubeArmor/BPF/include/stdarg.h b/KubeArmor/BPF/include/stdarg.h
@@ -0,0 +1,52 @@
+/*===---- stdarg.h - Variable argument handling ----------------------------===
+ *
+ * Copyright (c) 2008 Eli Friedman
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ *===-----------------------------------------------------------------------===
+ */
+
+#ifndef __STDARG_H
+#define __STDARG_H
+
+#ifndef _VA_LIST
+typedef __builtin_va_list va_list;
+#define _VA_LIST
+#endif
+#define va_start(ap, param) __builtin_va_start(ap, param)
+#define va_end(ap)          __builtin_va_end(ap)
+#define va_arg(ap, type)    __builtin_va_arg(ap, type)
+
+/* GCC always defines __va_copy, but does not define va_copy unless in c99 mode
+ * or -ansi is not specified, since it was not part of C90.
+ */
+#define __va_copy(d,s) __builtin_va_copy(d,s)
+
+#if __STDC_VERSION__ >= 199901L || __cplusplus >= 201103L || !defined(__STRICT_ANSI__)
+#define va_copy(dest, src)  __builtin_va_copy(dest, src)
+#endif
+
+/* Hack required to make standard headers work, at least on Ubuntu */
+#ifndef __GNUC_VA_LIST
+#define __GNUC_VA_LIST 1
+#endif
+typedef __builtin_va_list __gnuc_va_list;
+
+#endif /* __STDARG_H */
diff --git a/KubeArmor/BPF/system_monitor.c b/KubeArmor/BPF/system_monitor.c
@@ -12,9 +12,15 @@
 
 #ifdef asm_inline
 #undef asm_inline
-#define asm_inline asm
+#define __inline asm
 #endif
 
+#ifdef asm_volatile_goto
+#undef asm_volatile_goto
+#endif
+#define asm_volatile_goto(x...) asm volatile("invalid use of asm_volatile_goto")
+#pragma clang diagnostic ignored "-Wunused-label"
+
 #ifdef RHEL_RELEASE_CODE
 #if (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(8, 0))
 #define RHEL_RELEASE_GT_8_0

diff --git a/KubeArmor/Makefile b/KubeArmor/Makefile
@@ -98,8 +98,9 @@ ifeq (, $(shell which goreleaser))
 	go install github.com/goreleaser/goreleaser@latest
 	}
 endif
+	cd $(CURDIR)/BPF; make clean
 	cd $(CURDIR); curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sh -s -- -b .
-	cd $(CURDIR); VERSION=$(shell git describe --tags --always --dirty) goreleaser release --rm-dist --skip-publish --skip-sign --skip-validate
+	cd $(CURDIR); VERSION=$(shell git describe --tags --always --dirty) goreleaser release --rm-dist --skip-publish --skip-sign --skip-validate --snapshot
 
 .PHONY: clean
 clean:

diff --git a/KubeArmor/nfpm.yaml b/KubeArmor/nfpm.yaml
@@ -28,17 +28,16 @@ contents:
   - src: ./packaging/kubearmor.service
     dst: /usr/lib/systemd/system/kubearmor.service
     type: config
-  - src: ./BPF/*
+  - src: ./BPF/
     dst: /opt/kubearmor/BPF/
+    type: dir
   - src: ./templates/*
     dst: /opt/kubearmor/templates/
 scripts:
   postinstall: packaging/post-install.sh
 overrides:
   deb:
     depends:
-      - bpfcc-tools
+      - clang
+      - llvm
       - linux-headers-generic | linux-headers-generic-pae | linux-headers-lowlatency | linux-headers-lowlatency-pae
-  rpm:
-    depends:
-      - bcc-tools
diff --git a/KubeArmor/packaging/post-install.sh b/KubeArmor/packaging/post-install.sh
@@ -4,5 +4,7 @@
 
 set -e
 
+make -C /opt/kubearmor/BPF/
+
 /bin/systemctl daemon-reload
 /bin/systemctl start kubearmor.service