KubeArmor: [VM] Could not compile kubearmor deb pacakge in Ubuntu 18.04
Bug Report
General Information
- Environment description - VM (Ubuntu 18.04)
- Kernel version -
Linux ubuntu-18-04 5.4.0-1087-gcp #95~18.04.1-Ubuntu SMP Mon Aug 22 03:26:39 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux - Target containers/pods - Ubuntu 18.04 OS
To Reproduce
- Instruction
sudo apt update && sudo apt upgrade
sudo apt install make clang llvm libelf-dev linux-headers-generic
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4052245BD4284CDD
echo "deb https://repo.iovisor.org/apt/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/iovisor.list
sudo apt-get update
sudo apt-get install bcc-tools libbcc-examples linux-headers-$(uname -r)
sudo apt install linux-tools-gcp
sudo apt install dwarves
After doing this I get an error like shown below
sudo dpkg -i kubearmor_*_linux-amd64.deb
(Reading database ... 107531 files and directories currently installed.)
Preparing to unpack kubearmor_0.6.0_linux-amd64.deb ...
Unpacking kubearmor (0.6.0) over (0.6.0) ...
Setting up kubearmor (0.6.0) ...
make: Entering directory '/opt/kubearmor/BPF'
Kernel BTF information found
Generating vmlinux.h for kernel 5.4.0
libbpf: failed to get EHDR from /sys/kernel/btf/vmlinux
Error: failed to load BTF from /sys/kernel/btf/vmlinux: Unknown error -4001
Makefile:9: recipe for target 'kernel_headers' failed
make: *** [kernel_headers] Error 95
make: Leaving directory '/opt/kubearmor/BPF'
dpkg: error processing package kubearmor (--install):
installed kubearmor package post-installation script subprocess returned error exit status 2
Errors were encountered while processing:
kubearmor
After that I recompiled bpftool from https://github.com/libbpf/bpftool here.
git clone --recurse-submodules https://github.com/libbpf/bpftool.git
git submodule update --init
cd src
sudo make install
Output:
sudo make install
... libbfd: [ OFF ]
... libcap: [ OFF ]
... clang-bpf-co-re: [ OFF ]
INSTALL bpftool
So libbfd and libcap were OFF for that I have installed
sudo apt install libbfd-dev libcap-dev
Then I reinstalled bpftool
sudo make install
... libbfd: [ on ]
... libcap: [ on ]
... clang-bpf-co-re: [ OFF ]
INSTALL bpftool
(Note I couldn’t find any package for clang-bpf-co-re)
After Installing that bpftool I again tried to install kubearmor
sudo dpkg -i kubearmor_*_linux-amd64.deb
(Reading database ... 107531 files and directories currently installed.)
Preparing to unpack kubearmor_0.6.0_linux-amd64.deb ...
Unpacking kubearmor (0.6.0) over (0.6.0) ...
Setting up kubearmor (0.6.0) ...
make: Entering directory '/opt/kubearmor/BPF'
Kernel BTF information found
Generating vmlinux.h for kernel 5.4.0
make[1]: Entering directory '/opt/kubearmor/BPF/tests'
Compiling eBPF bytecode: checks/security_path_unlink.c ...
Compiling syscheck ...
Golang was not found in your system please install it to proceed
Checking syscall checks/security_path_unlink
sudo: ./syscheck: command not found
Disabling security_path_unlink ...
make[1]: Leaving directory '/opt/kubearmor/BPF/tests'
Compiling eBPF bytecode: system_monitor.bpf.o ...
Using Compiler flags:
/opt/kubearmor/BPF/system_monitor.c:243:35: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
struct pid_namespace* pidns = READ_KERN(ns->pid_ns_for_children);
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:302:12: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:806:16: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
p.dentry = READ_KERN(dentry);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:806:16: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:807:13: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
p.mnt = READ_KERN(dir->mnt);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:807:13: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:840:22: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
struct file *f = READ_KERN(bprm->file);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:840:22: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:845:45: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
bpf_probe_read(&p, sizeof(struct path), GET_FIELD_ADDR(f->f_path));
^
/opt/kubearmor/BPF/system_monitor.c:202:31: note: expanded from macro 'GET_FIELD_ADDR'
#define GET_FIELD_ADDR(field) __builtin_preserve_access_index(&field)
^
/opt/kubearmor/BPF/system_monitor.c:845:45: warning: incompatible integer to pointer conversion passing 'int'
to parameter of type 'const void *' [-Wint-conversion]
bpf_probe_read(&p, sizeof(struct path), GET_FIELD_ADDR(f->f_path));
^~~~~~~~~~~~~~~~~~~~~~~~~
/opt/kubearmor/BPF/system_monitor.c:202:31: note: expanded from macro 'GET_FIELD_ADDR'
#define GET_FIELD_ADDR(field) __builtin_preserve_access_index(&field)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/opt/kubearmor/BPF/system_monitor.c:889:18: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
struct path p = READ_KERN(f->f_path);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:889:18: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:909:30: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
char *filename = (char *)READ_KERN(PT_REGS_PARM1(ctx2));
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:909:30: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
19 warnings and 20 errors generated.
Compiling eBPF bytecode: system_monitor.container.bpf.o ...
Using Compiler flags:
/opt/kubearmor/BPF/system_monitor.c:243:35: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
struct pid_namespace* pidns = READ_KERN(ns->pid_ns_for_children);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:243:35: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:244:12: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
return READ_KERN(pidns->ns.inum);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:244:12: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:249:35: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
struct mnt_namespace* mntns = READ_KERN(ns->mnt_ns);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:249:35: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:250:12: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
return READ_KERN(mntns->ns.inum);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:250:12: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:260:26: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
return get_pid_ns_id(READ_KERN(task->nsproxy));
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:260:26: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:265:26: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
return get_mnt_ns_id(READ_KERN(task->nsproxy));
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:265:26: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:275:11: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
pid = READ_KERN(task->thread_pid);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:275:11: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:278:26: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
unsigned int level = READ_KERN(pid->level);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:278:26: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:279:12: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
return READ_KERN(pid->numbers[level].nr);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:279:12: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:284:40: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
struct task_struct *group_leader = READ_KERN(task->group_leader);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:284:40: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:295:39: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
struct task_struct *real_parent = READ_KERN(task->real_parent);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:295:39: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:301:34: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
struct task_struct *parent = READ_KERN(task->parent);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:301:34: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:302:12: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
return READ_KERN(parent->pid);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:302:12: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:806:16: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
p.dentry = READ_KERN(dentry);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:806:16: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:807:13: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
p.mnt = READ_KERN(dir->mnt);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:807:13: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:840:22: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
struct file *f = READ_KERN(bprm->file);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:840:22: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:845:45: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
bpf_probe_read(&p, sizeof(struct path), GET_FIELD_ADDR(f->f_path));
^
/opt/kubearmor/BPF/system_monitor.c:202:31: note: expanded from macro 'GET_FIELD_ADDR'
#define GET_FIELD_ADDR(field) __builtin_preserve_access_index(&field)
^
/opt/kubearmor/BPF/system_monitor.c:845:45: warning: incompatible integer to pointer conversion passing 'int'
to parameter of type 'const void *' [-Wint-conversion]
bpf_probe_read(&p, sizeof(struct path), GET_FIELD_ADDR(f->f_path));
^~~~~~~~~~~~~~~~~~~~~~~~~
/opt/kubearmor/BPF/system_monitor.c:202:31: note: expanded from macro 'GET_FIELD_ADDR'
#define GET_FIELD_ADDR(field) __builtin_preserve_access_index(&field)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/opt/kubearmor/BPF/system_monitor.c:889:18: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
struct path p = READ_KERN(f->f_path);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:889:18: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:909:30: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
char *filename = (char *)READ_KERN(PT_REGS_PARM1(ctx2));
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:909:30: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
19 warnings and 20 errors generated.
Compiling eBPF bytecode: system_monitor.host.bpf.o ...
Using Compiler flags:
/opt/kubearmor/BPF/system_monitor.c:243:35: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
struct pid_namespace* pidns = READ_KERN(ns->pid_ns_for_children);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:243:35: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:244:12: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
return READ_KERN(pidns->ns.inum);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:244:12: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:249:35: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
struct mnt_namespace* mntns = READ_KERN(ns->mnt_ns);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:249:35: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:250:12: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
return READ_KERN(mntns->ns.inum);
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:250:12: warning: cast to 'const void *' from smaller integer type 'int'
[-Wint-to-void-pointer-cast]
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:33: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
^
/opt/kubearmor/BPF/system_monitor.c:260:26: error: use of unknown builtin '__builtin_preserve_access_index'
[-Wimplicit-function-declaration]
return get_pid_ns_id(READ_KERN(task->nsproxy));
^
/opt/kubearmor/BPF/system_monitor.c:208:9: note: expanded from macro 'READ_KERN'
bpf_core_read((void *) &_val, sizeof(_val), &ptr); \
^
/opt/kubearmor/BPF/libbpf/src/bpf_core_read.h:206:47: note: expanded from macro 'bpf_core_read'
bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
fatal error: too many errors emitted, stopping now [-ferror-limit=]
19 warnings and 20 errors generated.
make: Leaving directory '/opt/kubearmor/BPF'
After that I got 19 errors while installing.
Expected behavior
Installed successfully
Screenshots
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 20 (20 by maintainers)
@Ankurk99 @yasin-cs-ko-ak It works well! Great!😃
@yasin-cs-ko-ak Can you also try it on your setup and see if the my above recommendation works? Then we can close this issue.
Thanks for your reply. I’m sorry I didn’t make myself clear, it seems the latest version of bpftool for kernel 5.4 is 5.4, and it can’t work. I’ll try this https://github.com/libbpf/bpftool and see the result.😃
@yasin-cs-ko-ak the issue you mentioned in the issue description is a bit different. I would recommend you to follow this guide and check if that works for you. Please also follow the below point mentioned in the guide:
Note that the above automatically installs bpfcc-tools with our package, but your distribution might have an older version of BCC. In case of errors, consider installing bcc from: https://github.com/iovisor/bcc/blob/master/INSTALL.md#source.@yasin-cs-ko-ak thank you. Please also share the
karmor sysdumpwith kernel configuration (uname -a)