+22 -13

nixos/tests/tracee.nix

··· 20 # Test_EventFilters/trace_only_events_from_"dockerd"_binary_and_contain_it's_pid 21 # require docker/dockerd 22 virtualisation.docker.enable = true; 23 - 24 - environment.systemPackages = with pkgs; [ 25 - # required by Test_EventFilters/trace_events_from_ls_and_which_binary_in_separate_scopes 26 - which 27 - # the go integration tests as a binary 28 - tracee.passthru.tests.integration-test-cli 29 - ]; 0 0 30 }; 31 }; 32 ··· 38 # the policies and run tracee myself but doesn't work in the integration 39 # test either with the automatic run or running the commands by hand 40 # while it's searching. 41 - "Test_EventFilters/comm:_event:_args:_trace_event_set_in_a_specific_policy_with_args_from_ls_command" 0 0 0 0 0 42 "Test_EventFilters/comm:_event:_trace_events_set_in_two_specific_policies_from_ls_and_uname_commands" 43 - 44 - # worked at some point, seems to be flakey 45 - "Test_EventFilters/pid:_event:_args:_trace_event_sched_switch_with_args_from_pid_0" 0 0 46 ]; 47 in 48 '' ··· 61 ) 62 63 with subtest("run integration tests"): 64 - # Test_EventFilters/trace_event_set_in_a_specific_scope expects to be in a dir that includes "integration" 65 # tests must be ran with 1 process 66 print(machine.succeed( 67 'mkdir /tmp/integration', 68 - 'cd /tmp/integration && export PATH="/tmp/testdir:$PATH" && integration.test -test.v -test.parallel 1 -test.skip="^${builtins.concatStringsSep "$|^" skippedTests}$"' 69 )) 70 ''; 71 }

··· 20 # Test_EventFilters/trace_only_events_from_"dockerd"_binary_and_contain_it's_pid 21 # require docker/dockerd 22 virtualisation.docker.enable = true; 23 + environment = { 24 + variables.PATH = "/tmp/testdir"; 25 + systemPackages = with pkgs; [ 26 + # 'ls', 'uname' and 'who' are required by many tests in event_filters_test.go 27 + coreutils 28 + # the go integration tests as a binary 29 + tracee.passthru.tests.integration-test-cli 30 + ]; 31 + }; 32 }; 33 }; 34 ··· 40 # the policies and run tracee myself but doesn't work in the integration 41 # test either with the automatic run or running the commands by hand 42 # while it's searching. 43 + "Test_EventFilters/comm:_event:_data:_trace_event_magic_write_set_in_multiple_policies_using_multiple_filter_types" 44 + "Test_EventFilters/comm:_event:_data:_trace_event_security_file_open_and_magic_write_using_multiple_filter_types" 45 + "Test_EventFilters/comm:_event:_data:_trace_event_security_file_open_and_magic_write_using_multiple_filter_types_combined" 46 + "Test_EventFilters/comm:_event:_data:_trace_event_security_file_open_set_in_multiple_policies_\\(with_and_without_in-kernel_filter\\)" 47 + "Test_EventFilters/comm:_event:_data:_trace_event_security_file_open_set_in_multiple_policies_using_multiple_filter_types" 48 + "Test_EventFilters/comm:_event:_data:_trace_event_set_in_a_specific_policy_with_data_from_ls_command" 49 "Test_EventFilters/comm:_event:_trace_events_set_in_two_specific_policies_from_ls_and_uname_commands" 50 + "Test_EventFilters/pid:_event:_data:_trace_event_sched_switch_with_data_from_pid_0" 51 + "Test_EventsDependencies/non_existing_ksymbol_dependency_with_sanity" 52 + "Test_EventsDependencies/non_existing_probe_function_with_sanity" 53 + "Test_EventsDependencies/sanity_of_exec_test_event" 54 + "Test_TraceeCapture/capture_packet_context" 55 ]; 56 in 57 '' ··· 70 ) 71 72 with subtest("run integration tests"): 73 + # Test_EventFilters/comm:_event:_data:_trace_event_set_in_a_specific_policy_with_data_from_ls_command expects to be in a dir that includes "integration" 74 # tests must be ran with 1 process 75 print(machine.succeed( 76 'mkdir /tmp/integration', 77 + 'cd /tmp/integration && integration.test -test.v -test.parallel 1 -test.skip="^${builtins.concatStringsSep "$|^" skippedTests}$"' 78 )) 79 ''; 80 }

+60

pkgs/by-name/tr/tracee/0001-fix-do-not-build-libbpf.patch

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

··· 1 + From 9a900efb997dee158ce25114633cd07f44ef617a Mon Sep 17 00:00:00 2001 2 + From: =?UTF-8?q?Tim=20H=C3=A4ring?= <tim.haering@gmail.com> 3 + Date: Sat, 17 May 2025 18:19:45 +0200 4 + Subject: [PATCH] fix: do not build libbpf 5 + 6 + --- 7 + Makefile | 9 ++++----- 8 + 1 file changed, 4 insertions(+), 5 deletions(-) 9 + 10 + diff --git a/Makefile b/Makefile 11 + index 0fce8de12..bb9937ed5 100644 12 + --- a/Makefile 13 + +++ b/Makefile 14 + @@ -77,7 +77,7 @@ get_priv_reqs_recursive() { \ 15 + fi; \ 16 + processed_libs="$$processed_libs $$lib"; \ 17 + if [ "$$lib" = "libbpf" ]; then \ 18 + - priv_reqs=$$(PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) $(CMD_PKGCONFIG) --print-requires-private $$lib); \ 19 + + priv_reqs=$$($(CMD_PKGCONFIG) --print-requires-private $$lib); \ 20 + else \ 21 + echo $$lib; \ 22 + priv_reqs=$$($(CMD_PKGCONFIG) --print-requires-private $$lib); \ 23 + @@ -374,7 +374,7 @@ LIBBPF_DESTDIR = $(OUTPUT_DIR)/libbpf 24 + LIBBPF_OBJDIR = $(LIBBPF_DESTDIR)/obj 25 + LIBBPF_OBJ = $(LIBBPF_OBJDIR)/libbpf.a 26 + 27 + -$(LIBBPF_OBJ): .build_libbpf .build_libbpf_fix 28 + +$(LIBBPF_OBJ): 29 + 30 + .build_libbpf: \ 31 + $(LIBBPF_SRC) \ 32 + @@ -413,7 +413,7 @@ LIBBPF_INCLUDE_UAPI = ./3rdparty/libbpf/include/uapi/linux 33 + @$(CMD_TOUCH) $@ 34 + 35 + 36 + -TRACEE_EBPF_CFLAGS = $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) $(CMD_PKGCONFIG) $(PKG_CONFIG_FLAG) --cflags $(LIB_BPF)) 37 + +TRACEE_EBPF_CFLAGS = $(shell $(CMD_PKGCONFIG) $(PKG_CONFIG_FLAG) --cflags $(LIB_BPF)) 38 + 39 + .ONESHELL: 40 + .eval_goenv: $(LIBBPF_OBJ) 41 + @@ -430,7 +430,7 @@ endif 42 + $(eval GO_ENV_EBPF += GOARCH=$(GO_ARCH)) 43 + $(eval CUSTOM_CGO_CFLAGS := "$(TRACEE_EBPF_CFLAGS)") 44 + $(eval GO_ENV_EBPF += CGO_CFLAGS=$(CUSTOM_CGO_CFLAGS)) 45 + - $(eval CUSTOM_CGO_LDFLAGS := "$(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) $(CMD_PKGCONFIG) $(PKG_CONFIG_FLAG) --libs $(LIB_BPF))") 46 + + $(eval CUSTOM_CGO_LDFLAGS := "$(shell $(CMD_PKGCONFIG) $(PKG_CONFIG_FLAG) --libs $(LIB_BPF))") 47 + $(eval GO_ENV_EBPF := $(GO_ENV_EBPF) CGO_LDFLAGS=$(CUSTOM_CGO_LDFLAGS)) 48 + export GO_ENV_EBPF=$(GO_ENV_EBPF) 49 + echo 'GO_ENV_EBPF := $(GO_ENV_EBPF)' > $(GOENV_MK) 50 + @@ -486,7 +486,6 @@ TRACEE_SRC_DIRS = ./cmd/ ./pkg/ ./signatures/ 51 + TRACEE_SRC = $(shell find $(TRACEE_SRC_DIRS) -type f -name '*.go' ! -name '*_test.go') 52 + GO_TAGS_EBPF = core,ebpf 53 + CGO_EXT_LDFLAGS_EBPF = 54 + -PKG_CONFIG_PATH = $(LIBBPF_OBJDIR) 55 + PKG_CONFIG_FLAG = 56 + 57 + TRACEE_PROTOS = ./api/v1beta1/*.proto 58 + -- 59 + 2.49.0 60 +

+12 -13

pkgs/tools/security/tracee/default.nix pkgs/by-name/tr/tracee/package.nix

··· 3 buildGoModule, 4 fetchFromGitHub, 5 6 - clang, 7 pkg-config, 8 9 - zlib, 10 elfutils, 11 libbpf, 0 0 12 13 nixosTests, 14 testers, ··· 18 19 buildGoModule rec { 20 pname = "tracee"; 21 - version = "0.20.0"; 22 0 23 src = fetchFromGitHub { 24 owner = "aquasecurity"; 25 repo = pname; 26 # project has branches and tags of the same name 27 tag = "v${version}"; 28 - hash = "sha256-OnOayDxisvDd802kDKGctaQc5LyoyFfdfvC+2JpRjHY="; 29 }; 30 - vendorHash = "sha256-26sAKTJQ7Rf5KRlu7j5XiZVr6CkAC6fm60Pam7KH0uA="; 31 32 patches = [ 33 - ./use-our-libbpf.patch 34 - # can not vendor dependencies with old pyroscope 35 - # remove once https://github.com/aquasecurity/tracee/pull/3927 36 - # makes it to a release 37 - ./update-pyroscope.patch 38 ]; 39 40 enableParallelBuilding = true; ··· 42 hardeningDisable = [ "stackprotector" ]; 43 44 nativeBuildInputs = [ 0 45 pkg-config 46 - clang 47 ]; 48 buildInputs = [ 49 elfutils 50 libbpf 51 - zlib 0 52 ]; 53 54 makeFlags = [ 55 - "VERSION=v${version}" 56 "GO_DEBUG_FLAG=-s -w" 57 # don't actually need git but the Makefile checks for it 58 "CMD_GIT=echo"

··· 3 buildGoModule, 4 fetchFromGitHub, 5 6 + clang_14, 7 pkg-config, 8 0 9 elfutils, 10 libbpf, 11 + zlib, 12 + zstd, 13 14 nixosTests, 15 testers, ··· 19 20 buildGoModule rec { 21 pname = "tracee"; 22 + version = "0.23.1"; 23 24 + # src = /home/tim/repos/tracee; 25 src = fetchFromGitHub { 26 owner = "aquasecurity"; 27 repo = pname; 28 # project has branches and tags of the same name 29 tag = "v${version}"; 30 + hash = "sha256-9uP0yoW+xRYv7wHuCfUMU8B2oTQjiSW5p/Ty76ni2wo="; 31 }; 32 + vendorHash = "sha256-2+4UN9WB6eGzedogy5dMvhHj1x5VeUUkDM0Z28wKQgM="; 33 34 patches = [ 35 + ./0001-fix-do-not-build-libbpf.patch 0 0 0 0 36 ]; 37 38 enableParallelBuilding = true; ··· 40 hardeningDisable = [ "stackprotector" ]; 41 42 nativeBuildInputs = [ 43 + clang_14 44 pkg-config 0 45 ]; 46 buildInputs = [ 47 elfutils 48 libbpf 49 + zlib.dev 50 + zstd.dev 51 ]; 52 53 makeFlags = [ 54 + "RELEASE_VERSION=v${version}" 55 "GO_DEBUG_FLAG=-s -w" 56 # don't actually need git but the Makefile checks for it 57 "CMD_GIT=echo"

+5

pkgs/tools/security/tracee/integration-tests.nix pkgs/by-name/tr/tracee/integration-tests.nix

··· 18 --replace-fail 'syscallerAbsPath := filepath.Join("..", "..", "dist", "syscaller")' "syscallerAbsPath := filepath.Join(\"$out/bin/syscaller\")" 19 substituteInPlace tests/integration/exec_test.go \ 20 --replace-fail "/usr/bin" "/run/current-system/sw/bin" 0 0 0 0 0 21 ''; 22 nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ makeWrapper ]; 23 buildPhase = ''

··· 18 --replace-fail 'syscallerAbsPath := filepath.Join("..", "..", "dist", "syscaller")' "syscallerAbsPath := filepath.Join(\"$out/bin/syscaller\")" 19 substituteInPlace tests/integration/exec_test.go \ 20 --replace-fail "/usr/bin" "/run/current-system/sw/bin" 21 + substituteInPlace tests/integration/dependencies_test.go \ 22 + --replace-fail "/bin" "/run/current-system/sw/bin" \ 23 + --replace-fail "/tmp/test" "/tmp/ls" 24 + substituteInPlace tests/testutils/tracee.go \ 25 + --replace-fail "../../dist/tracee" "${lib.getExe tracee}" 26 ''; 27 nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ makeWrapper ]; 28 buildPhase = ''

-229

pkgs/tools/security/tracee/update-pyroscope.patch

··· 1 - diff --git a/go.mod b/go.mod 2 - index 8288d7d0a..0ac753fa1 100644 3 - --- a/go.mod 4 - +++ b/go.mod 5 - @@ -16,6 +16,7 @@ require ( 6 - github.com/docker/docker v24.0.7+incompatible 7 - github.com/golang/protobuf v1.5.3 8 - github.com/google/gopacket v1.1.19 9 - + github.com/grafana/pyroscope-go v1.1.1 10 - github.com/hashicorp/golang-lru v0.5.4 11 - github.com/hashicorp/golang-lru/v2 v2.0.2 12 - github.com/mennanov/fmutils v0.2.0 13 - @@ -23,7 +24,6 @@ require ( 14 - github.com/mitchellh/mapstructure v1.5.0 15 - github.com/open-policy-agent/opa v0.52.0 16 - github.com/prometheus/client_golang v1.16.0 17 - - github.com/pyroscope-io/pyroscope v0.37.2 18 - github.com/sashabaranov/go-gpt3 v1.4.0 19 - github.com/spf13/cobra v1.7.0 20 - github.com/spf13/viper v1.15.0 21 - @@ -57,15 +57,14 @@ require ( 22 - github.com/go-logr/logr v1.2.4 // indirect 23 - github.com/go-logr/stdr v1.2.2 // indirect 24 - github.com/go-logr/zapr v1.2.4 // indirect 25 - - github.com/go-ole/go-ole v1.2.6 // indirect 26 - github.com/go-openapi/jsonpointer v0.19.6 // indirect 27 - github.com/go-openapi/jsonreference v0.20.2 // indirect 28 - github.com/go-openapi/swag v0.22.3 // indirect 29 - github.com/google/gnostic-models v0.6.8 // indirect 30 - github.com/google/gofuzz v1.2.0 // indirect 31 - + github.com/google/pprof v0.0.0-20221118152302-e6195bd50e26 // indirect 32 - github.com/gorilla/websocket v1.5.0 // indirect 33 - - github.com/hashicorp/errwrap v1.1.0 // indirect 34 - - github.com/hashicorp/go-multierror v1.1.1 // indirect 35 - + github.com/grafana/pyroscope-go/godeltaprof v0.1.6 // indirect 36 - github.com/hashicorp/hcl v1.0.0 // indirect 37 - github.com/inconshreveable/mousetrap v1.1.0 // indirect 38 - github.com/josharian/intern v1.0.0 // indirect 39 - @@ -73,24 +72,18 @@ require ( 40 - github.com/magiconair/properties v1.8.7 // indirect 41 - github.com/mailru/easyjson v0.7.7 // indirect 42 - github.com/mattn/go-runewidth v0.0.10 // indirect 43 - - github.com/mitchellh/go-ps v1.0.0 // indirect 44 - github.com/moby/sys/sequential v0.5.0 // indirect 45 - github.com/moby/term v0.5.0 // indirect 46 - + github.com/morikuni/aec v1.0.0 // indirect 47 - github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect 48 - github.com/pelletier/go-toml/v2 v2.0.7 // indirect 49 - github.com/philhofer/fwd v1.1.2 // indirect 50 - - github.com/pyroscope-io/dotnetdiag v1.2.1 // indirect 51 - github.com/rivo/uniseg v0.2.0 // indirect 52 - - github.com/shirou/gopsutil v3.21.11+incompatible // indirect 53 - github.com/spf13/afero v1.9.5 // indirect 54 - github.com/spf13/jwalterweatherman v1.1.0 // indirect 55 - github.com/spf13/pflag v1.0.5 // indirect 56 - github.com/subosito/gotenv v1.4.2 // indirect 57 - github.com/tinylib/msgp v1.1.8 // indirect 58 - - github.com/tklauser/go-sysconf v0.3.11 // indirect 59 - - github.com/tklauser/numcpus v0.6.0 // indirect 60 - - github.com/valyala/bytebufferpool v1.0.0 // indirect 61 - - github.com/yusufpapurcu/wmi v1.2.2 // indirect 62 - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect 63 - go.opentelemetry.io/otel v1.19.0 // indirect 64 - go.opentelemetry.io/otel/metric v1.19.0 // indirect 65 - @@ -145,7 +138,7 @@ require ( 66 - github.com/huandu/xstrings v1.4.0 // indirect 67 - github.com/imdario/mergo v0.3.15 // indirect 68 - github.com/json-iterator/go v1.1.12 // indirect 69 - - github.com/klauspost/compress v1.16.5 // indirect 70 - + github.com/klauspost/compress v1.17.3 // indirect 71 - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect 72 - github.com/mitchellh/copystructure v1.2.0 // indirect 73 - github.com/mitchellh/reflectwalk v1.0.2 // indirect 74 - diff --git a/go.sum b/go.sum 75 - index 2ecdafafc..598416eeb 100644 76 - --- a/go.sum 77 - +++ b/go.sum 78 - @@ -53,7 +53,6 @@ github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0 79 - github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= 80 - github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= 81 - github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= 82 - -github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= 83 - github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= 84 - github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= 85 - github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= 86 - @@ -144,8 +143,6 @@ github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCv 87 - github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= 88 - github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= 89 - github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= 90 - -github.com/felixge/fgprof v0.9.1 h1:E6FUJ2Mlv043ipLOCFqo8+cHo9MhQ203E2cdEK/isEs= 91 - -github.com/felixge/fgprof v0.9.1/go.mod h1:7/HK6JFtFaARhIljgP2IV8rJLIoHDoOYoUphsnGvqxE= 92 - github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= 93 - github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= 94 - github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= 95 - @@ -169,8 +166,6 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= 96 - github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= 97 - github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= 98 - github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= 99 - -github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= 100 - -github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= 101 - github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= 102 - github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= 103 - github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= 104 - @@ -266,11 +261,10 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m 105 - github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= 106 - github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= 107 - github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= 108 - -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= 109 - -github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= 110 - -github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= 111 - -github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= 112 - -github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= 113 - +github.com/grafana/pyroscope-go v1.1.1 h1:PQoUU9oWtO3ve/fgIiklYuGilvsm8qaGhlY4Vw6MAcQ= 114 - +github.com/grafana/pyroscope-go v1.1.1/go.mod h1:Mw26jU7jsL/KStNSGGuuVYdUq7Qghem5P8aXYXSXG88= 115 - +github.com/grafana/pyroscope-go/godeltaprof v0.1.6 h1:nEdZ8louGAplSvIJi1HVp7kWvFvdiiYg3COLlTwJiFo= 116 - +github.com/grafana/pyroscope-go/godeltaprof v0.1.6/go.mod h1:Tk376Nbldo4Cha9RgiU7ik8WKFkNpfds98aUzS8omLE= 117 - github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= 118 - github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= 119 - github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= 120 - @@ -300,8 +294,8 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 121 - github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= 122 - github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= 123 - github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= 124 - -github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/djlyI= 125 - -github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= 126 - +github.com/klauspost/compress v1.17.3 h1:qkRjuerhUU1EmXLYGkSH6EZL+vPSxIrYjLNAK4slzwA= 127 - +github.com/klauspost/compress v1.17.3/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= 128 - github.com/klauspost/cpuid/v2 v2.2.3 h1:sxCkb+qR91z4vsqw4vGGZlDgPz3G7gjaLyK3V8y70BU= 129 - github.com/klauspost/cpuid/v2 v2.2.3/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= 130 - github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= 131 - @@ -331,8 +325,6 @@ github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5 132 - github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= 133 - github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= 134 - github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= 135 - -github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= 136 - -github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= 137 - github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= 138 - github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= 139 - github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= 140 - @@ -397,10 +389,6 @@ github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO 141 - github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= 142 - github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= 143 - github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= 144 - -github.com/pyroscope-io/dotnetdiag v1.2.1 h1:3XEMrfFJnZ87BiEhozyQKmCUAuMd/Spq7KChPuD2Cf0= 145 - -github.com/pyroscope-io/dotnetdiag v1.2.1/go.mod h1:eFUEHCp4eD1TgcXMlJihC+R4MrqGf7nTRdWxNADbDHA= 146 - -github.com/pyroscope-io/pyroscope v0.37.2 h1:MOgLU/oO7VfV6jWqb0xoFH/YPSVbWD5pGsX+tZVGh98= 147 - -github.com/pyroscope-io/pyroscope v0.37.2/go.mod h1:r4wq4ajJvN7g1OeXGyNvmwzBfQ+Tm5alYvmxqEQSTsc= 148 - github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= 149 - github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= 150 - github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= 151 - @@ -414,13 +402,10 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf 152 - github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= 153 - github.com/sashabaranov/go-gpt3 v1.4.0 h1:UqHYdXgJNtNvTtbzDnnQgkQ9TgTnHtCXx966uFTYXvU= 154 - github.com/sashabaranov/go-gpt3 v1.4.0/go.mod h1:BIZdbwdzxZbCrcKGMGH6u2eyGe1xFuX9Anmh3tCP8lQ= 155 - -github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI= 156 - -github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= 157 - github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= 158 - github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= 159 - github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= 160 - github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= 161 - -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= 162 - github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= 163 - github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= 164 - github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= 165 - @@ -456,14 +441,8 @@ github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BG 166 - github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= 167 - github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0= 168 - github.com/tinylib/msgp v1.1.8/go.mod h1:qkpG+2ldGg4xRFmx+jfTvZPxfGFhi64BcnL9vkCm/Tw= 169 - -github.com/tklauser/go-sysconf v0.3.11 h1:89WgdJhk5SNwJfu+GKyYveZ4IaJ7xAkecBo+KdJV0CM= 170 - -github.com/tklauser/go-sysconf v0.3.11/go.mod h1:GqXfhXY3kiPa0nAXPDIQIWzJbMCB7AmcWpGR8lSZfqI= 171 - -github.com/tklauser/numcpus v0.6.0 h1:kebhY2Qt+3U6RNK7UqpYNA+tJ23IBEGKkB7JQBfDYms= 172 - -github.com/tklauser/numcpus v0.6.0/go.mod h1:FEZLMke0lhOUG6w2JadTzp0a+Nl8PF/GFkQ5UVIcaL4= 173 - github.com/urfave/cli/v2 v2.3.0 h1:qph92Y649prgesehzOrQjdWyxFOp/QVM+6imKHad91M= 174 - github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= 175 - -github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 176 - -github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 177 - github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= 178 - github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= 179 - github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= 180 - @@ -476,8 +455,6 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de 181 - github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 182 - github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= 183 - github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= 184 - -github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg= 185 - -github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0= 186 - go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= 187 - go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= 188 - go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= 189 - @@ -629,7 +606,6 @@ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7w 190 - golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 191 - golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 192 - golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 193 - -golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 194 - golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 195 - golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 196 - golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 197 - diff --git a/pkg/server/http/server.go b/pkg/server/http/server.go 198 - index 898344591..85ccc68ed 100644 199 - --- a/pkg/server/http/server.go 200 - +++ b/pkg/server/http/server.go 201 - @@ -7,7 +7,7 @@ import ( 202 - "net/http/pprof" 203 - 204 - "github.com/prometheus/client_golang/prometheus/promhttp" 205 - - "github.com/pyroscope-io/pyroscope/pkg/agent/profiler" 206 - + "github.com/grafana/pyroscope-go" 207 - 208 - "github.com/aquasecurity/tracee/pkg/logger" 209 - ) 210 - @@ -17,7 +17,7 @@ type Server struct { 211 - hs *http.Server 212 - mux *http.ServeMux // just an exposed copy of hs.Handler 213 - metricsEnabled bool 214 - - pyroProfiler *profiler.Profiler 215 - + pyroProfiler *pyroscope.Profiler 216 - } 217 - 218 - // New creates a new server 219 - @@ -90,8 +90,8 @@ func (s *Server) EnablePProfEndpoint() { 220 - // EnablePyroAgent enables pyroscope agent in golang push mode 221 - // TODO: make this configurable 222 - func (s *Server) EnablePyroAgent() error { 223 - - p, err := profiler.Start( 224 - - profiler.Config{ 225 - + p, err := pyroscope.Start( 226 - + pyroscope.Config{ 227 - ApplicationName: "tracee", 228 - ServerAddress: "http://localhost:4040", 229 - },

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

-48

pkgs/tools/security/tracee/use-our-libbpf.patch

··· 1 - diff --git a/Makefile b/Makefile 2 - index 29be1ae71..b88f31cba 100644 3 - --- a/Makefile 4 - +++ b/Makefile 5 - @@ -54,6 +54,7 @@ CMD_CONTROLLER_GEN ?= controller-gen 6 - # libs 7 - # 8 - 9 - +LIB_BPF ?= libbpf 10 - LIB_ELF ?= libelf 11 - LIB_ZLIB ?= zlib 12 - 13 - @@ -299,8 +300,6 @@ OUTPUT_DIR = ./dist 14 - $(OUTPUT_DIR): 15 - # 16 - @$(CMD_MKDIR) -p $@ 17 - - $(CMD_MKDIR) -p $@/libbpf 18 - - $(CMD_MKDIR) -p $@/libbpf/obj 19 - 20 - # 21 - # embedded btfhub 22 - @@ -353,7 +352,6 @@ TRACEE_EBPF_OBJ_HEADERS = $(shell find pkg/ebpf/c -name *.h) 23 - bpf: $(OUTPUT_DIR)/tracee.bpf.o 24 - 25 - $(OUTPUT_DIR)/tracee.bpf.o: \ 26 - - $(OUTPUT_DIR)/libbpf/libbpf.a \ 27 - $(TRACEE_EBPF_OBJ_SRC) \ 28 - $(TRACEE_EBPF_OBJ_HEADERS) 29 - # 30 - @@ -391,8 +389,8 @@ endif 31 - TRACEE_SRC_DIRS = ./cmd/ ./pkg/ ./signatures/ 32 - TRACEE_SRC = $(shell find $(TRACEE_SRC_DIRS) -type f -name '*.go' ! -name '*_test.go') 33 - 34 - -CUSTOM_CGO_CFLAGS = "-I$(abspath $(OUTPUT_DIR)/libbpf)" 35 - -CUSTOM_CGO_LDFLAGS = "$(shell $(call pkg_config, $(LIB_ELF))) $(shell $(call pkg_config, $(LIB_ZLIB))) $(abspath $(OUTPUT_DIR)/libbpf/libbpf.a)" 36 - +CUSTOM_CGO_CFLAGS = "" 37 - +CUSTOM_CGO_LDFLAGS = "$(shell $(call pkg_config, $(LIB_BPF))) $(shell $(call pkg_config, $(LIB_ELF))) $(shell $(call pkg_config, $(LIB_ZLIB)))" 38 - 39 - GO_ENV_EBPF = 40 - GO_ENV_EBPF += GOOS=linux 41 - @@ -437,6 +435,7 @@ $(OUTPUT_DIR)/tracee: \ 42 - $(OUTPUT_DIR)/tracee.bpf.o \ 43 - $(TRACEE_SRC) \ 44 - | .checkver_$(CMD_GO) \ 45 - + .checklib_$(LIB_BPF) \ 46 - .checklib_$(LIB_ELF) \ 47 - .checklib_$(LIB_ZLIB) \ 48 - btfhub \

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

-4

pkgs/top-level/all-packages.nix

··· 4608 4609 kernelshark = qt6Packages.callPackage ../os-specific/linux/trace-cmd/kernelshark.nix { }; 4610 4611 - tracee = callPackage ../tools/security/tracee { 4612 - clang = clang_14; 4613 - }; 4614 - 4615 translatelocally-models = recurseIntoAttrs (callPackages ../misc/translatelocally-models { }); 4616 4617 translatepy = with python3.pkgs; toPythonApplication translatepy;

··· 4608 4609 kernelshark = qt6Packages.callPackage ../os-specific/linux/trace-cmd/kernelshark.nix { }; 4610 0 0 0 0 4611 translatelocally-models = recurseIntoAttrs (callPackages ../misc/translatelocally-models { }); 4612 4613 translatepy = with python3.pkgs; toPythonApplication translatepy;