Merge pull request #1711 from Aryan-sharma11/bpf_co-re

Add objectfile for system_monitor in release packages
kubearmor · Apr 9, 2024 · 0132b17 · 0132b17
2 parents a958a85 + 8ef1c79
commit 0132b17
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 28 deletions.
diff --git a/.github/workflows/ci-systemd-release.yml b/.github/workflows/ci-systemd-release.yml
@@ -32,12 +32,16 @@ jobs:
       - name: Install karmor
         run: curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b .
         working-directory: KubeArmor
-
+
+      - name: Build KubeArmor object files
+        run: make 
+        working-directory: KubeArmor/BPF
+
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:
           distribution: goreleaser
-          version: v1.12.2
+          version: v1.25.0
           args: release --rm-dist
           workdir: KubeArmor
         env:

diff --git a/.github/workflows/ci-test-systemd.yml b/.github/workflows/ci-test-systemd.yml
@@ -42,7 +42,7 @@ jobs:
         uses: goreleaser/goreleaser-action@v2
         with:
           install-only: true
-          version: v1.12.2
+          version: v1.25.0
 
       - name: Build Systemd Release
         run: make local-release

diff --git a/KubeArmor/.goreleaser.yaml b/KubeArmor/.goreleaser.yaml
@@ -8,25 +8,25 @@ builds:
     goarch:
       - amd64
       - arm64
-      
+
 archives:
   - id: "kubearmor"
     builds:
       - "kubearmor"
     name_template: "{{.ProjectName}}_{{.Version}}_{{.Os}}-{{.Arch}}"
     files:
+      - src: ./BPF/*
+        dst: /opt/kubearmor/BPF/
+      - src: ./templates/*
+        dst: /opt/kubearmor/templates/
       - src: ./packaging/kubearmor.yaml
-        dst: /opt/kubearmor
+        dst: /opt/kubearmor/
         strip_parent: true
       - src: ./packaging/kubearmor.service
-        dst: /usr/lib/systemd/system
+        dst: /usr/lib/systemd/system/
         strip_parent: true
       - src: ./karmor
-        dst: /usr/local/bin
-      - src: ./BPF/*
-        dst: /opt/kubearmor/
-      - src: ./templates/*
-        dst: /opt/kubearmor/
+        dst: /usr/local/bin/karmor
 
 nfpms:
   - id: "kubearmor"
@@ -49,7 +49,7 @@ nfpms:
       - dst: /opt/kubearmor
         type: dir
       - src: ./BPF/*
-        dst: /opt/kubearmor/BPF/
+        dst: /opt/kubearmor/BPF
       - src: ./templates/*
         dst: /opt/kubearmor/templates/
       - src: ./packaging/kubearmor.yaml
@@ -67,18 +67,18 @@ nfpms:
       postinstall: packaging/post-install.sh
     overrides:
       deb:
-        dependencies:
+        recommends:
           - make
           - libelf-dev
           - clang
           - llvm
           - linux-headers-generic
       rpm:
-        dependencies:
+        recommends:
           - make
           - elfutils-libelf-devel
           - clang
           - llvm
           - kernel-devel
           - policycoreutils-devel
-          - setools-console
+          - setools-console
diff --git a/KubeArmor/Makefile b/KubeArmor/Makefile
@@ -123,8 +123,9 @@ ifeq (, $(shell which goreleaser))
 	}
 endif
 	cd $(CURDIR)/BPF; make clean
+	cd $(CURDIR)/BPF; make
 	cd $(CURDIR); curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sh -s -- -b .
-	cd $(CURDIR); VERSION=$(shell git describe --tags --always --dirty) goreleaser release --rm-dist --skip-publish --skip-sign --skip-validate --snapshot
+	cd $(CURDIR); VERSION=$(shell git describe --tags --always --dirty) goreleaser release --clean --skip=publish,sign,validate --snapshot
 
 .PHONY: scan
 scan: 

diff --git a/KubeArmor/packaging/post-install.sh b/KubeArmor/packaging/post-install.sh
@@ -4,16 +4,23 @@
 
 set -e
 
-# compile BPF programs
-make -C /opt/kubearmor/BPF/
+if [ ! -e "/sys/kernel/btf/vmlinux" ]; then
+    # compile BPF programs
+    make -C /opt/kubearmor/BPF/
+fi
+
+# update karmor SELinux module if BPFLSM is not present 
+lsm_file="/sys/kernel/security/lsm"
+bpf="bpf"
+if ! grep -q "$bpf" "$lsm_file"; then
+    if [ -x "$(command -v semanage)" ]; then
+        # old karmor SELinux module
+        /opt/kubearmor/templates/uninstall.sh
 
-# update karmor SELinux module
-if [ -x "$(command -v semanage)" ]; then
-    # old karmor SELinux module
-    /opt/kubearmor/templates/uninstall.sh
+        # new karmor SELinux module
+        /opt/kubearmor/templates/install.sh
 
-    # new karmor SELinux module
-    /opt/kubearmor/templates/install.sh
+    fi
 fi
 
 # start kubearmor.service

diff --git a/getting-started/kubearmor_vm.md b/getting-started/kubearmor_vm.md
@@ -9,11 +9,10 @@ The recipe installs `kubearmor` as systemd process and `karmor` cli tool to mana
 1. Download the [latest release](https://github.com/kubearmor/KubeArmor/releases) or KubeArmor.
 2. Install KubeArmor (VER is the kubearmor release version)
   ```
-  sudo apt install ./kubearmor_${VER}_linux-amd64.deb
+  sudo apt --no-install-recommends install ./kubearmor_${VER}_linux-amd64.deb
   ```
-
-  > Note that the above automatically installs `bpfcc-tools` with our package, but your distribution might have an older version of BCC. In case of errors, consider installing `bcc` from [source](https://github.com/iovisor/bcc/blob/master/INSTALL.md#source).
-
+  > Note that the above command doesn't installs the recommended packages, as we ship object files along with the package file. In case you don't have BTF, consider removing `--no-install-recommends` flag.
+  
 <details><summary>For distributions other than Ubuntu/Debian</summary>
 <p>