Skip to content

Upgrade Cilium's eBPF library version to 0.16#4436

Closed
dims wants to merge 3 commits intoopencontainers:release-1.1from
dims:update-cilium-ebpf-library-to-v0.16.0
Closed

Upgrade Cilium's eBPF library version to 0.16#4436
dims wants to merge 3 commits intoopencontainers:release-1.1from
dims:update-cilium-ebpf-library-to-v0.16.0

Conversation

@dims
Copy link
Copy Markdown
Contributor

@dims dims commented Oct 10, 2024

Cherrypick of #4397 to 1.1 release branch.

NOTE: the vendor/ did not apply cleanly, so i had to fix it by running go mod tidy/vendor with an older go1.18.10 version.

rafaelroquetto and others added 3 commits October 10, 2024 13:34
@rafaelroquetto @dims
Upgrade Cilium's eBPF library version to 0.16
10b8ff9 
Signed-off-by: Rafael Roquetto <rafael.roquetto@grafana.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
@kolyshkin @dims
Remove tun/tap from the default device rules
dd47908 
Looking through git blame, this was added by commit 9fac183
aka "Initial commit of runc binary", most probably by mistake.

Obviously, a container should not have access to tun/tap device, unless
it is explicitly specified in configuration.

Now, removing this might create a compatibility issue, but I see no
other choice.

Aside from the obvious misconfiguration, this should also fix the
annoying

> Apr 26 03:46:56 foo.bar systemd[1]: Couldn't stat device /dev/char/10:200: No such file or directory

messages from systemd on every container start, when runc uses systemd
cgroup driver, and the system runs an old (< v240) version of systemd
(the message was presumably eliminated by [1]).

[1] systemd/systemd@d5aecba

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@lifubang @dims
fix some unit test error after bump ebpf to 0.12.3
353cf30 
Signed-off-by: lfbzhm <lifubang@acmcoder.com>
kolyshkin
kolyshkin reviewed Oct 10, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@kolyshkin kolyshkin left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. In general, we only backport fixes. What issue does this backport fix?
  2. tun/tap removal looks risky for a backport to a stable 1.1.x series.
  3. This also requires bump to go 1.21 in go.mod, which we tried hard to avoid in the past in a stable series.

@dims
Copy link
Copy Markdown
Contributor Author

dims commented Oct 10, 2024
edited
Loading

@kolyshkin just realized the last point (needs 1.21 from the CI logs) and Looks like it's not feasible in the near future :(

So the context is that i wanted to check if there is a way to pick up new cilium/ebpf in kubernetes to address cilium/ebpf#1095 which got fixed in cilium/ebpf#1557

I do agree that avoiding the bump is important and this scenario we are facing in kubernetes is not important enough to push for this cherry pick.

go build -trimpath "-buildmode=pie"  -tags "seccomp" -ldflags "-X main.gitCommit=4bca174 -X main.version=1.1.15+dev " -o runc .
Error: vendor/github.com/cilium/ebpf/btf/marshal.go:8:2: cannot find package "." in:
	/home/runner/work/runc/runc/vendor/maps
Error: vendor/github.com/cilium/ebpf/btf/core.go:[9](https://github.com/opencontainers/runc/actions/runs/11279865095/job/31371545929?pr=4436#step:6:10):2: cannot find package "." in:
	/home/runner/work/runc/runc/vendor/slices
make: *** [Makefile:62: runc] Error 1
Error: Process completed with exit code 2.

@dims dims closed this Oct 10, 2024
@dims dims mentioned this pull request Oct 21, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kolyshkin kolyshkin kolyshkin left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dims @kolyshkin @rafaelroquetto @lifubang