Open nalreddy opened 2 weeks ago
Root is not necessary for uprobe/uretprobe/usdt
You nay try grant the CAP_SYS_PTRACE
for the first method, since it's using ptrace here.
Actually both of them can run in unprivileged containers, e.g. you can try github codespace.
Thanks for pointing out the problem! We will provide a document for all the permission related questions.
Thanks for pointing out the problem! We will provide a document for all the permission related questions.
You nay try grant the
CAP_SYS_PTRACE
for the first method, since it's using ptrace here.Actually both of them can run in unprivileged containers, e.g. you can try github codespace.
@yunwei37 do you mean to provide CAP_SYS_PTRACE to victim executable or bpf program executable (malloc) .
CAP_SYS_PTRACE should be add to command sudo bpftime attach 101771
. This is not the victim executable or bpf program executable (malloc).
Tried following steps to run bpftime with non root user and attach mode. malloc example.
Please do let me know anything wrong.
Running victim (get pid of victim) /bpftime$ ./example/malloc/victim
Setcap to bpftime command
~/.bpftime$ ls bpftime bpftime_daemon bpftimetool libbpftime-agent.so libbpftime-agent-transformer.so libbpftime-syscall-server.so runtime.log sudo setcap CAP_SYS_PTRACE=+eip bpftime
~/.bpftime$ getcap bpftime bpftime cap_sys_ptrace=eip
3 . Attach without sudo
bpftime attach 8390
bpftime load ./example/malloc/malloc i don't see any prints here, added debug in malloc code , return ENOENTRY from bpfmaps.(malloc.c) no bpf_printk from malloc.bpf.c
tail -f ~/.bpftime/runtime.log [2024-10-08 04:58:19][info][8391] Injecting to 8390 [2024-10-08 04:58:19][info][8391] Successfully injected. ID: 1 [2024-10-08 04:58:19][info][8395] Global shm constructed. shm_open_type 1 for bpftime_maps_shm [2024-10-08 04:58:19][info][8395] Global shm initialized [2024-10-08 04:58:19][info][8395] Register attach-impl defined helper bpf_get_func_arg, index 183 [2024-10-08 04:58:19][info][8395] Register attach-impl defined helper bpf_get_func_ret_id, index 184 [2024-10-08 04:58:19][info][8395] Register attach-impl defined helper bpf_get_retval, index 186 [2024-10-08 04:58:19][info][8395] Initializing agent.. [2024-10-08 04:58:19][info][8395] Executable path: /home/satya/data/bpftime/example/malloc/victim [2024-10-08 04:58:19][info][8395] Attach successfully [2024-10-08 04:59:11][info][8412] Initialize syscall server [2024-10-08 04:59:11][info][8412] Global shm constructed. shm_open_type 0 for bpftime_maps_shm [2024-10-08 04:59:11][info][8412] Global shm initialized [2024-10-08 04:59:11][info][8412] bpftime-syscall-server started [2024-10-08 04:59:11][info][8412] Created uprobe/uretprobe perf event handler, module name /lib/x86_64-linux-gnu/libc.so.6, offset 9f920
@yunwei37
In our current product, we execute BPF programs without needing
sudo
by usingsetcap
to grant the necessary capabilities to the executable (specifically, we setbpf_cap
before running the BPF program).setcap CAP_BPF,CAP_SYS_RESOURCE,CAP_PERFMON=+eip tracer
How can we achieve the same functionality with
bpftime
?Are there instances where we must run
bpftime
withsudo
?Modes of Running
bpftime
To attach to it:
LD_PRELOAD
directly.Questions:
sudo
necessary in the first method? Is it required?sudo
—is this mandatory?Could you clarify in which cases we need to use
sudo
and which cases do not require it?We would prefer to avoid using
sudo
with BPF programs and run them as non-root. Is it possible to use the attach method withoutsudo
?