search

lockc-project / lockc

Making containers more secure with eBPF and Linux Security Modules (LSM)
https://lockc-project.github.io/
Apache License 2.0
219 stars 19 forks source link

Configure CI/CD system with >5.7 kernel runners #65

Open vadorovsky opened 3 years ago

vadorovsky commented 3 years ago

So far we are using Github Actions to run tests and checkers.

The problem is that all ubuntu-latest Github Actions have quite an old kernel, too old for us. If we want to have integration tests in CI, we need to be able to run them on kernel newer than 5.7.

I noticed that libbpf developers are somehow able to use their custom kernel and they have a repo with CI config:

https://github.com/libbpf/ci https://github.com/libbpf/libbpf/tree/master/.github

I have no idea how that works, didn't dig into that yet. Figuring that out would be the part of the task.

willfindlay commented 3 years ago

In BPFContain I was doing this using a custom VM that runs on top of the OSX image (the only one to support nested virtualization). Pros are it is easy to set up and it works well. Cons are that it is quite slow, particularly at the build stage.

vadorovsky commented 3 years ago

Examples of jobs running: https://github.com/libbpf/libbpf/runs/4229553591?check_suite_focus=true