build(minimal-build): allow using eBPF driver with minimal builds #1325
Conversation
poiana
added
release-note-none
kind/feature
|
I know we are in the middle of cutting a release, just wanted to open the PR so I don't forget, we can look into this at a later time. |
|
Thank you @Molter73 this is really valuable! we will take a look ASAP, probably after the release :/ |
CMakeLists.txt
Outdated
| option(MUSL_OPTIMIZED_BUILD "Enable if you want a musl optimized build" OFF) | ||
| option(USE_BUNDLED_DRIVER "Use the driver/ subdirectory in the build process (only available in Linux)" ON) | ||
| option(ENABLE_DRIVERS_TESTS "Enable driver tests (bpf, kernel module, modern bpf)" OFF) | ||
| option(ENABLE_LIBSCAP_TESTS "Enable libscap unit tests" OFF) | ||
| option(BUILD_SHARED_LIBS "Build libscap and libsinsp as shared libraries" OFF) | ||
| option(ENABLE_VM_TESTS "Enable driver sanity tests" OFF) | ||
|
|
||
| option(MINIMAL_BUILD "Produce a minimal build with only the essential features (no eBPF probe driver, no kubernetes, no mesos, no marathon and no container metadata)" OFF) |
There was a problem hiding this comment.
just a minor note on the fly on which maybe we want to start discussing:
- What about having a unique
MINIMAL_BUILD? Is not clear to me why bpf was excluded in principle 🤔 - What about enabling also the modern probe in
MINIMAL_BUILD? In the end is just another ebpf driver and could be really useful for example in Falco with minimal build because we can test it even if we have no prebuilt drivers
WDYT? @falcosecurity/libs-maintainers
There was a problem hiding this comment.
- What about enabling also the modern probe in
MINIMAL_BUILD?
👍
We can also think of including zlib in the minimal build. I don't see it as a huge issue. wdyt?
cc @gnosek
There was a problem hiding this comment.
- What about having a unique
MINIMAL_BUILD? Is not clear to me why bpf was excluded in principle 🤔
AFAICT, ebpf was excluded to allow for building without linking to zlib, doesn't seem to be any other reason for this. If we can directly add eBPF into the minimal build, this PR will become a lot smaller.
- What about enabling also the modern probe in
MINIMAL_BUILD?
Because of how everything is setup, it's already possible to set MINIMAL_BUILD and BUILD_LIBSCAP_MODERN_BPF to ON and everything will be setup and work correctly, so no change is needed for this to work (at least when I tried it, it worked this way).
There was a problem hiding this comment.
Because of how everything is setup, it's already possible to set MINIMAL_BUILD and BUILD_LIBSCAP_MODERN_BPF to ON and everything will be setup and work correctly, so no change is needed for this to work (at least when I tried it, it worked this way).
oh, great news! never tried! thanks
AFAICT, ebpf was excluded to allow for building without linking to zlib, doesn't seem to be any other reason for this. If we can directly add eBPF into the minimal build, this PR will become a lot smaller.
To be honest i would go for it, so including also zlib, in this way we could avoid yet another cmake option :)
There was a problem hiding this comment.
Just to say this out loud, my initial intention was to split the MINIMAL_BUILD into multiple options that could be toggled individually or set them all with MINIMAL_BUILD, but desisted because it would've been a lot of work and I only needed the minimal build to run with eBPF. We can discuss this alternative approach if it's something that would be interesting for the community.
There was a problem hiding this comment.
yeah until we don't have a clear use case I would avoid putting this burden on your shoulders :) If we find alternative use cases i would be happy to consider this splitting you proposed!
|
TBH I'm not sure why we even have a dedicated minimal build mode in the first place. Ideally, we'd have feature flags for all the major features that MINIMAL_BUILD disables and then you'd either disable e.g. zlib (which would take eBPF away AIUI) or not, independent from other features. Until that day comes, 👍 from me, although the checks like https://github.com/falcosecurity/libs/pull/1325/files#diff-3ef409c4a80658bffe80055929e4bfd351c6dc05877b1eb1162b19b76a3c9842R24 start to become ugly |
Yeah, it's ugly as hell, I apologize for it. |
|
Hello! We definitely need something like this, as we're using the modern eBPF probe in our closed source application - meaning that we have to use Currently, we're patching |
|
If we all agree here, I think we can go with only one
|
|
Fully agree with Andrea! 👍 from me |
|
If the general consensus is that we should just allow all drivers to be used with the |
Molter73
force-pushed
the
minimal-build-with-ebpf
branch
from
3bd8be7 to
f972b8a
Compare
|
I've changed the PR to always link scap against zlib and libelf, as well as always adding the bpf engine. IMO, it's a lot more streamlined, but let me know if you see any downsides to this approach and would like it implemented in some other way. |
|
I love this, much simplier cmake files too. Also, we are currently frozen for the 0.13 tag, but are nearing the code thaw; if we all agree, we could merge this one right after the thaw! |
😆 |
I really should've seen this coming, shouldn't I? 🤣 |
|
Hi @Molter73 can you rebase this one? |
| @@ -20,8 +20,6 @@ limitations under the License. | |||
| // | |||
| #define INCLUDE_UNKNOWN_SOCKET_FDS | |||
|
|
|||
| #ifndef MINIMAL_BUILD | |||
| #define USE_ZLIB | |||
There was a problem hiding this comment.
Can't we drop USE_ZLIB altogether since it is always true now?
There was a problem hiding this comment.
At least on linux ;) i see it being used in scap_zlib.h as follows:
#if defined(USE_ZLIB) && !defined(UDIG) && !defined(_WIN32)
This can become
#if !defined(UDIG) && !defined(_WIN32)
(also, note that since we might drop udig support per #1368, the check would become even simpler!)
It seems there is no need :) About my other comment, we can fix that while removing |
| list(APPEND libscap_link_libraries ${install_lib_link_library}) | ||
| if(${install_lib_link_library} MATCHES "/") | ||
| # We have a path. Convert it to -L<dir> + -l<lib>. | ||
| get_filename_component(scap_lib_dir ${install_lib_link_library} DIRECTORY) |
|
LGTM label has been added. Git tree hash: 53b3a41d41f70213360d93f21c1dc2d691515589
|
Historically, the minimal build was only able to run using the kernel module driver, but since the addition of the modern probe this has also become an option for running with minimal builds. I believe there's value in allowing adopters of the libs to use the minimal build with the eBPF probe. This change means that scap will always be linked against zlib and libelf, but I believe this is a worthwhile trade off. Signed-off-by: Mauro Ezequiel Moltrasio <[email protected]>
Signed-off-by: Mauro Ezequiel Moltrasio <[email protected]>
Molter73
force-pushed
the
minimal-build-with-ebpf
branch
from
cc1bc28 to
083c886
Compare
|
Just finished rebasing, sorry for the delay, I've had a busy couple of days. |
|
LGTM label has been added. Git tree hash: abf233cbf6dbef80e89782719ea91f84ea899eee
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Andreagit97, FedeDP, Molter73 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area build
Does this PR require a change in the driver versions?
What this PR does / why we need it:
Historically, the minimal build was only able to run using the kernel module driver, but since the addition of the modern probe this has also become an option for running with minimal builds. I believe there's value in allowing adopters of the libs to use the minimal build with the eBPF probe.
This change means that scap will always be linked against zlib and libelf, but I believe this is a worthwhile trade off.
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: