From 8ef1c793c47c4ab980fd6cc5f1e86d5c6eb3cb12 Mon Sep 17 00:00:00 2001 From: Aryan-sharma11 Date: Thu, 4 Apr 2024 17:42:53 +0530 Subject: [PATCH] add object file for sys_monitor to archive Signed-off-by: Aryan-sharma11 --- .github/workflows/ci-systemd-release.yml | 8 ++++++-- .github/workflows/ci-test-systemd.yml | 2 +- KubeArmor/.goreleaser.yaml | 24 ++++++++++++------------ KubeArmor/Makefile | 3 ++- KubeArmor/packaging/post-install.sh | 23 +++++++++++++++-------- getting-started/kubearmor_vm.md | 7 +++---- 6 files changed, 39 insertions(+), 28 deletions(-) mode change 100644 => 100755 KubeArmor/packaging/post-install.sh diff --git a/.github/workflows/ci-systemd-release.yml b/.github/workflows/ci-systemd-release.yml index c54165b777..1f102cb58a 100644 --- a/.github/workflows/ci-systemd-release.yml +++ b/.github/workflows/ci-systemd-release.yml @@ -32,12 +32,16 @@ jobs: - name: Install karmor run: curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b . working-directory: KubeArmor - + + - name: Build KubeArmor object files + run: make + working-directory: KubeArmor/BPF + - name: Run GoReleaser uses: goreleaser/goreleaser-action@v2 with: distribution: goreleaser - version: v1.12.2 + version: v1.25.0 args: release --rm-dist workdir: KubeArmor env: diff --git a/.github/workflows/ci-test-systemd.yml b/.github/workflows/ci-test-systemd.yml index ebde18c77f..f9a9595b3b 100644 --- a/.github/workflows/ci-test-systemd.yml +++ b/.github/workflows/ci-test-systemd.yml @@ -42,7 +42,7 @@ jobs: uses: goreleaser/goreleaser-action@v2 with: install-only: true - version: v1.12.2 + version: v1.25.0 - name: Build Systemd Release run: make local-release diff --git a/KubeArmor/.goreleaser.yaml b/KubeArmor/.goreleaser.yaml index 37705796c4..59096664dd 100644 --- a/KubeArmor/.goreleaser.yaml +++ b/KubeArmor/.goreleaser.yaml @@ -8,25 +8,25 @@ builds: goarch: - amd64 - arm64 - + archives: - id: "kubearmor" builds: - "kubearmor" name_template: "{{.ProjectName}}_{{.Version}}_{{.Os}}-{{.Arch}}" files: + - src: ./BPF/* + dst: /opt/kubearmor/BPF/ + - src: ./templates/* + dst: /opt/kubearmor/templates/ - src: ./packaging/kubearmor.yaml - dst: /opt/kubearmor + dst: /opt/kubearmor/ strip_parent: true - src: ./packaging/kubearmor.service - dst: /usr/lib/systemd/system + dst: /usr/lib/systemd/system/ strip_parent: true - src: ./karmor - dst: /usr/local/bin - - src: ./BPF/* - dst: /opt/kubearmor/ - - src: ./templates/* - dst: /opt/kubearmor/ + dst: /usr/local/bin/karmor nfpms: - id: "kubearmor" @@ -49,7 +49,7 @@ nfpms: - dst: /opt/kubearmor type: dir - src: ./BPF/* - dst: /opt/kubearmor/BPF/ + dst: /opt/kubearmor/BPF - src: ./templates/* dst: /opt/kubearmor/templates/ - src: ./packaging/kubearmor.yaml @@ -67,18 +67,18 @@ nfpms: postinstall: packaging/post-install.sh overrides: deb: - dependencies: + recommends: - make - libelf-dev - clang - llvm - linux-headers-generic rpm: - dependencies: + recommends: - make - elfutils-libelf-devel - clang - llvm - kernel-devel - policycoreutils-devel - - setools-console + - setools-console \ No newline at end of file diff --git a/KubeArmor/Makefile b/KubeArmor/Makefile index c379cd88fd..6f46bc960a 100644 --- a/KubeArmor/Makefile +++ b/KubeArmor/Makefile @@ -123,8 +123,9 @@ ifeq (, $(shell which goreleaser)) } endif cd $(CURDIR)/BPF; make clean + cd $(CURDIR)/BPF; make cd $(CURDIR); curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sh -s -- -b . - cd $(CURDIR); VERSION=$(shell git describe --tags --always --dirty) goreleaser release --rm-dist --skip-publish --skip-sign --skip-validate --snapshot + cd $(CURDIR); VERSION=$(shell git describe --tags --always --dirty) goreleaser release --clean --skip=publish,sign,validate --snapshot .PHONY: scan scan: diff --git a/KubeArmor/packaging/post-install.sh b/KubeArmor/packaging/post-install.sh old mode 100644 new mode 100755 index 037e173fab..052ff6031c --- a/KubeArmor/packaging/post-install.sh +++ b/KubeArmor/packaging/post-install.sh @@ -4,16 +4,23 @@ set -e -# compile BPF programs -make -C /opt/kubearmor/BPF/ +if [ ! -e "/sys/kernel/btf/vmlinux" ]; then + # compile BPF programs + make -C /opt/kubearmor/BPF/ +fi + +# update karmor SELinux module if BPFLSM is not present +lsm_file="/sys/kernel/security/lsm" +bpf="bpf" +if ! grep -q "$bpf" "$lsm_file"; then + if [ -x "$(command -v semanage)" ]; then + # old karmor SELinux module + /opt/kubearmor/templates/uninstall.sh -# update karmor SELinux module -if [ -x "$(command -v semanage)" ]; then - # old karmor SELinux module - /opt/kubearmor/templates/uninstall.sh + # new karmor SELinux module + /opt/kubearmor/templates/install.sh - # new karmor SELinux module - /opt/kubearmor/templates/install.sh + fi fi # start kubearmor.service diff --git a/getting-started/kubearmor_vm.md b/getting-started/kubearmor_vm.md index 924eb7e013..0bf88fe6d1 100644 --- a/getting-started/kubearmor_vm.md +++ b/getting-started/kubearmor_vm.md @@ -9,11 +9,10 @@ The recipe installs `kubearmor` as systemd process and `karmor` cli tool to mana 1. Download the [latest release](https://github.com/kubearmor/KubeArmor/releases) or KubeArmor. 2. Install KubeArmor (VER is the kubearmor release version) ``` - sudo apt install ./kubearmor_${VER}_linux-amd64.deb + sudo apt --no-install-recommends install ./kubearmor_${VER}_linux-amd64.deb ``` - - > Note that the above automatically installs `bpfcc-tools` with our package, but your distribution might have an older version of BCC. In case of errors, consider installing `bcc` from [source](https://github.com/iovisor/bcc/blob/master/INSTALL.md#source). - + > Note that the above command doesn't installs the recommended packages, as we ship object files along with the package file. In case you don't have BTF, consider removing `--no-install-recommends` flag. +
For distributions other than Ubuntu/Debian