Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: remove /sys/kernel/debug mount #198

Closed
wants to merge 1 commit into from
Closed

Feat: remove /sys/kernel/debug mount #198

wants to merge 1 commit into from

Conversation

BGrasnick
Copy link
Contributor

@BGrasnick BGrasnick commented Sep 1, 2023
edited
Loading

Feat: remove /sys/kernel/debug mount

fixes #177

Signed-off-by: Bastien Grasnick [email protected]

@BGrasnick BGrasnick mentioned this pull request Sep 1, 2023
Merged
@rootfs rootfs requested a review from sthaha September 1, 2023 14:30
@BGrasnick BGrasnick mentioned this pull request Sep 11, 2023
Merged
@BGrasnick
Copy link
Contributor Author

Any new information on this? @vimalk78 @sthaha? Would be awesome to move this forward to improve security even more :)

@sthaha
Copy link
Collaborator

sthaha commented Sep 12, 2023

@BGrasnick I agree, but the lack of automated validation against OpenShift is hurting us here. I am happy to merge this patch as soon as we make a dev-preview release to community operators.
See: redhat-openshift-ecosystem/community-operators-prod#3239

@BGrasnick
Copy link
Contributor Author

Yes I totally understand that! Unfortunately, my knowledge about the kepler internals regarding eBPF, bcc and libbpf is not that deep (yet) but maybe somebody who knows more about it can enlighten us and tell us if this is still needed :)

When testing by running the operator locally and installing kepler + the Grafana dashboard without the /sys/kernel/debug mount I could still see metrics in Grafana with both latest and latest-libbpf images if I recall correctly so it should work from my understanding.
If you know how we can test this more and better please tell me!

@sthaha
Copy link
Collaborator

sthaha commented Sep 18, 2023

Lets wait for sustainable-computing-io/kepler#926 to be merged before merging this PR. I suspect looking at libbpf that we may need it

@sthaha sthaha added discussion needed Pre enhancement discussion do-not-merge labels Sep 18, 2023
@BGrasnick
Feat: remove /sys/kernel/debug mount
d10befa 
Since /sys is already mounted, we need not mount /sys/kernel/*

Signed-off-by: Bastien Grasnick <[email protected]>
@BGrasnick BGrasnick force-pushed the feat/177-remove-sys-kernel-debug-mount branch from a0aeadb to d10befa Compare October 19, 2023 16:04
@BGrasnick
Copy link
Contributor Author

Since sustainable-computing-io/kepler#926 is merged now, do you think we can move forward with this?

@sthaha
Copy link
Collaborator

sthaha commented Dec 13, 2023

closing this since #322 adds this change.

@sthaha sthaha closed this Dec 13, 2023
@BGrasnick
Copy link
Contributor Author

perfect, thank you @sthaha

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sthaha sthaha sthaha left review comments

Assignees
No one assigned
Labels
discussion needed Pre enhancement discussion do-not-merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove unneeded dependencies which lead to security concerns
2 participants
@BGrasnick @sthaha