-
Notifications
You must be signed in to change notification settings - Fork 301
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an LSM BPF sample program #245
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please write a good commit subject and message. Signed-off-by (and copyright, if you are adding it) should have your full properly spelled name.
Can you also add to README listing LSM example and what it's doing? Thanks!
examples/c/lsm.c
Outdated
/* Copyright (c) 2024 dave | ||
* Based on minimal.c by Facebook */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
*/ should be on separate line
8666951
to
6c92c79
Compare
Thank you for your review, README.md document has been added. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, thanks.
examples/c/lsm.bpf.c
Outdated
#include "vmlinux.h" | ||
#include <bpf/bpf_helpers.h> | ||
#include <bpf/bpf_tracing.h> | ||
#include <errno.h> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Spoke too soon, see https://github.com/libbpf/libbpf-bootstrap/actions/runs/7628266626/job/20828204493?pr=245. I think it's because of errno.h include. I think it's better to just #define -EPERM
explicitly and avoid including user-space headers like errno.h
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@anakryiko Although it's slightly regrettable, I feel success is just around the corner. Adjustments have been made, and we can trigger the check again. Thank you.
@@ -24,7 +24,7 @@ INCLUDES := -I$(OUTPUT) -I../../libbpf/include/uapi -I$(dir $(VMLINUX)) -I$(LIBB | |||
CFLAGS := -g -Wall | |||
ALL_LDFLAGS := $(LDFLAGS) $(EXTRA_LDFLAGS) | |||
|
|||
APPS = minimal minimal_legacy bootstrap uprobe kprobe fentry usdt sockfilter tc ksyscall task_iter | |||
APPS = minimal minimal_legacy bootstrap uprobe kprobe fentry usdt sockfilter tc ksyscall task_iter lsm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please also add an entry to .gitignore
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done @chenhengqi Thanks
Signed-off-by: DavadDi <[email protected]>
Hm... we have some build failures on Android (https://github.com/libbpf/libbpf-bootstrap/actions/runs/7656939296/job/20874595591?pr=245) and with llvm-18, but I don't think they are related to your changes. @waruqi would you be able to check Android issue? thanks! |
The ndk version was upgraded a few days ago. xmake-io/xmake-repo#3159 The latest ndk r26b makes a lot of changes and it breaks a lot of library compilations. We are working on fixing some packages, but it may take some time, but for the time being we can fix the ndk version of the bpf project to r22. |
It requires running on a kernel version >= 5.7 and necessitates the kernel having LSM enabled. For implementation details, please refer to the lsm.c file.