Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Cilium's eBPF library version to 0.16 #4436

Closed
wants to merge 3 commits into from
Closed

Upgrade Cilium's eBPF library version to 0.16 #4436

wants to merge 3 commits into from

Conversation

dims
Copy link
Contributor

@dims dims commented Oct 10, 2024

Cherrypick of #4397 to 1.1 release branch.

NOTE: the vendor/ did not apply cleanly, so i had to fix it by running go mod tidy/vendor with an older go1.18.10 version.

rafaelroquetto and others added 3 commits October 10, 2024 13:34
@rafaelroquetto @dims
Upgrade Cilium's eBPF library version to 0.16
10b8ff9 
Signed-off-by: Rafael Roquetto <rafael.roquetto@grafana.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
@kolyshkin @dims
Remove tun/tap from the default device rules
dd47908 
Looking through git blame, this was added by commit 9fac183
aka "Initial commit of runc binary", most probably by mistake.

Obviously, a container should not have access to tun/tap device, unless
it is explicitly specified in configuration.

Now, removing this might create a compatibility issue, but I see no
other choice.

Aside from the obvious misconfiguration, this should also fix the
annoying

> Apr 26 03:46:56 foo.bar systemd[1]: Couldn't stat device /dev/char/10:200: No such file or directory

messages from systemd on every container start, when runc uses systemd
cgroup driver, and the system runs an old (< v240) version of systemd
(the message was presumably eliminated by [1]).

[1] systemd/systemd@d5aecba

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@lifubang @dims
fix some unit test error after bump ebpf to 0.12.3
353cf30 
Signed-off-by: lfbzhm <lifubang@acmcoder.com>
kolyshkin
kolyshkin reviewed Oct 10, 2024
View reviewed changes
Copy link
Contributor

@kolyshkin kolyshkin left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. In general, we only backport fixes. What issue does this backport fix?
  2. tun/tap removal looks risky for a backport to a stable 1.1.x series.
  3. This also requires bump to go 1.21 in go.mod, which we tried hard to avoid in the past in a stable series.

@dims
Copy link
Contributor Author

dims commented Oct 10, 2024
edited
Loading

@kolyshkin just realized the last point (needs 1.21 from the CI logs) and Looks like it's not feasible in the near future :(

So the context is that i wanted to check if there is a way to pick up new cilium/ebpf in kubernetes to address cilium/ebpf#1095 which got fixed in cilium/ebpf#1557

I do agree that avoiding the bump is important and this scenario we are facing in kubernetes is not important enough to push for this cherry pick.

go build -trimpath "-buildmode=pie"  -tags "seccomp" -ldflags "-X main.gitCommit=4bca174 -X main.version=1.1.15+dev " -o runc .
Error: vendor/github.com/cilium/ebpf/btf/marshal.go:8:2: cannot find package "." in:
	/home/runner/work/runc/runc/vendor/maps
Error: vendor/github.com/cilium/ebpf/btf/core.go:[9](https://github.com/opencontainers/runc/actions/runs/11279865095/job/31371545929?pr=4436#step:6:10):2: cannot find package "." in:
	/home/runner/work/runc/runc/vendor/slices
make: *** [Makefile:62: runc] Error 1
Error: Process completed with exit code 2.

@dims dims closed this Oct 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kolyshkin kolyshkin kolyshkin left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dims @kolyshkin @rafaelroquetto @lifubang