Merge branch 'falcosecurity:master' into issue_515_listen

.github/workflows/kernel_tests.yaml

@@ -0,0 +1,98 @@
+name: Test drivers against a matrix of kernels/distros
+
+on:
+  workflow_dispatch:
+    inputs:
+      libsversion:
+        description: libs version to be tested
+        type: string
+        required: false
+        default: master
+  push:
+    branches:
+      - master
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+\+driver'
+
+concurrency:
+  group: kernel-tests
+  cancel-in-progress: true
+
+jobs:
+  test-kernels:
+    strategy:
+      fail-fast: false
+      matrix:
+        architecture: [X64, ARM64]
+    runs-on: [ "self-hosted", "linux", "${{matrix.architecture}}" ]    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          repository: falcosecurity/kernel-testing
+          ref: v0.2.3
+
+      - name: Generate vars yaml
+        working-directory: ./ansible-playbooks
+        run: |
+          LIBS_V=${{ github.event.inputs.libsversion }}
+          LIBS_VERSION=${LIBS_V:-${{ github.ref_name }}}
+          cat > vars.yml <<EOF
+          run_id: "id-${{ github.run_id }}"
+          output_dir: "~/ansible_output_${{ github.run_id }}"
+          repos:
+            libs: {name: "falcosecurity-libs", repo: "https://github.com/falcosecurity/libs.git", version: "$LIBS_VERSION"}
+          EOF
+    
+      - name: Bootstrap VMs
+        working-directory: ./ansible-playbooks
+        run: |
+          ansible-playbook bootstrap.yml --extra-vars "@vars.yml"
+      
+      - name: Common setup
+        working-directory: ./ansible-playbooks
+        run: |
+          ansible-playbook common.yml --extra-vars "@vars.yml"
+
+      - name: Prepare github repos
+        working-directory: ./ansible-playbooks
+        run: |
+          ansible-playbook git-repos.yml --extra-vars "@vars.yml"
+      
+      - name: Run scap-open tests
+        working-directory: ./ansible-playbooks
+        run: |
+          ansible-playbook scap-open.yml --extra-vars "@vars.yml" || :
+          
+      - name: Tar output files
+        run: |
+          tar -cvf ansible_output.tar ~/ansible_output_${{ github.run_id }}
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: ansible_output_${{matrix.architecture}}
+          path: ansible_output.tar
+
+      - name: Build matrix_gen
+        working-directory: ./matrix_gen
+        env:
+          GOPATH: /root/go
+          GOCACHE: /root/.cache/go-build
+        run: |
+          go build .
+        
+      - name: Generate new matrix
+        working-directory: ./matrix_gen
+        run: |
+          ./matrix_gen --root-folder ~/ansible_output_${{ github.run_id }} --output-file matrix_${{matrix.architecture}}.md
+        
+      - uses: actions/upload-artifact@v3
+        with:
+          name: matrix_${{matrix.architecture}}
+          path: ./matrix_gen/matrix_${{matrix.architecture}}.md
+
+      - name: Cleanup
+        if: always()
+        working-directory: ./ansible-playbooks
+        run: |
+          ansible-playbook clean-up.yml --extra-vars "@vars.yml" || :

.github/workflows/pages.yml

@@ -0,0 +1,53 @@
+name: Deploy Github Pages
+on:
+  workflow_run:
+    workflows: ["Test drivers against a matrix of kernels/distros"]
+    types: [completed]
+    branches: [master]
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: "pages"
+  cancel-in-progress: true
+
+jobs:
+  deploy-pages:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Download matrixes
+        uses: dawidd6/action-download-artifact@v2
+        with:
+          workflow: kernel_tests.yaml
+          branch: master
+          name: matrix_*
+          name_is_regexp: true
+
+      - name: Disable Table Of Content for matrixes pages
+        run: |
+          mv matrix_*/*.md docs/
+          sed -i '1s/^/---\nhide:\n- toc\n---\n\n/' docs/matrix_X64.md
+          sed -i '1s/^/---\nhide:\n- toc\n---\n\n/' docs/matrix_ARM64.md
+
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.x
+
+      - run: pip install -r requirements.txt
+
+      - run: mkdocs build
+
+      - uses: actions/upload-pages-artifact@v1
+        with:
+          path: 'site'
+
+      - id: deployment
+        uses: actions/deploy-pages@v1

.github/workflows/release-body.yml

@@ -0,0 +1,49 @@
+name: Generate release body
+on:
+  workflow_run:
+    workflows: ["Test drivers against a matrix of kernels/distros"]
+    types: [completed]
+    branches: ['release/[0-9]+.[0-9]+.x'] # only match real release branches
+
+permissions:
+  contents: write
+
+concurrency:
+  group: "release-body"
+  cancel-in-progress: true
+
+jobs:
+  release-body:
+    runs-on: ubuntu-latest
+    steps:      
+      - name: Download matrixes
+        uses: dawidd6/action-download-artifact@v2
+        with:
+          workflow: kernel_tests.yaml
+          name: matrix_*
+          name_is_regexp: true
+          run_id: ${{ github.event.workflow_run.id }}
+
+      # Steps:
+      # Remove everything after the table (ie: since the first line that starts with "# ",
+      # ie: a markdown section start.
+      # Remove links to the markdown sections in the table too.
+      # Then, add a small title to each matrix
+      # Finally, merge them together
+      - name: Append matrixes to create release body
+        run: |
+          mv matrix_*/*.md .
+          sed -i -n '/# /q;p' matrix_X64.md
+          sed -i -n '/# /q;p' matrix_ARM64.md
+          sed -i 's/\[\(.\)\]([^)]*)/\1/g' matrix_X64.md
+          sed -i 's/\[\(.\)\]([^)]*)/\1/g' matrix_ARM64.md
+          sed -i '1s/^/# Driver Testing Matrix amd64\n\n/' matrix_X64.md
+          sed -i '1s/^/# Driver Testing Matrix arm64\n\n/' matrix_ARM64.md
+          cat matrix_X64.md matrix_ARM64.md > release-body.md
+
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        with:
+          body_path: ./release-body.md
+          append_body: true
+          tag_name: ${{ github.event.workflow_run.head_branch }}

README.md

@@ -5,9 +5,10 @@
 [![CI Build](https://github.com/falcosecurity/libs/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/falcosecurity/libs/actions/workflows/ci.yml)
 [![Architectures](https://img.shields.io/badge/ARCHS-x86__64%7Caarch64%7Cs390x-blueviolet)](#drivers-officially-supported-architectures)
 [![Drivers](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/FedeDP/1cbc5d42edf8e3a02fb75e76625f1072/raw/kernel.json)](https://github.com/falcosecurity/libs/actions/workflows/latest-kernel.yml)
+[![Kernel Tests](https://github.com/falcosecurity/libs/actions/workflows/kernel_tests.yaml/badge.svg)](https://github.com/falcosecurity/libs/actions/workflows/kernel_tests.yaml)
+[![Github Pages](https://github.com/falcosecurity/libs/actions/workflows/pages.yml/badge.svg)](https://falcosecurity.github.io/libs/)
 
-As per the [OSS Libraries Contribution Plan](https://github.com/falcosecurity/falco/blob/master/proposals/20210119-libraries-contribution.md), this repository has been chosen to be the new home for **libsinsp**, **libscap**, the **kernel module** and the **eBPF probe** sources.  
-Refer to https://falco.org/blog/contribution-drivers-kmod-ebpf-libraries/ for more information.  
+This repository contains **libsinsp**, **libscap**, the **kernel module** and the **eBPF probes** sources.
 
 These components are at the foundation of [Falco](https://github.com/falcosecurity/falco) and other projects that work with the same kind of data.
 
@@ -40,6 +41,8 @@ plus chisels related code and common utilities.
 external dependencies, plus the libscap and libsinsp ones; consumers
 (like Falco) use those modules to build the libs in their projects.
 
+ For an overview of the event sources that are implemented by the libs see also the official [Falco documentation](https://falco.org/docs/event-sources/).
+
 ## Versioning
 
 This project uses two different versioning schemes for the _libs_ and _driver_ components. In particular, the _driver_ versions are suffixed with `+driver` to distinguish them from the _libs_ ones. Both adhere to the [Semantic Versioning 2.0.0](https://semver.org/). You can find more detail about how we version those components in our [release process documentation](./release.md).
@@ -56,7 +59,7 @@ Right now our drivers officially support the following architectures:
 | **aarch64** | >= [3.16](https://github.com/torvalds/linux/commit/055b1212d141f1f398fca548f8147787c0b6253f) | >= 4.17    | >= 5.8            | _STABLE_ |
 | **s390x**   | >= 2.6                                                                                       | >= [5.5](https://github.com/torvalds/linux/commit/6ae08ae3dea) | >= 5.8            | _EXPERIMENTAL_ |
 
-**For a list of supported syscalls through specific events, please refer to [_report_](./driver/report.md).**
+**For a list of supported syscalls through specific events, please refer to [_report_](./docs/report.md).**
 
 > **NOTE:** while we strive to achieve maximum compatibility, we cannot assure that drivers correctly build against a new kernel version minutes after it gets released, since we might need to make some adjustments.    
 > To get properly notified whenever drivers stop building, we have a [CI workflow](.github/workflows/latest-kernel.yml) that tests the build against the [latest mainline kernel](https://www.kernel.org/) (RC too!)

cmake/modules/CompilerFlags.cmake

@@ -1,6 +1,6 @@
 option(BUILD_WARNINGS_AS_ERRORS "Enable building with -Wextra -Werror flags")
 
-option(ENABLE_PIC "Build position independent libraries and executables" OFF)
+option(ENABLE_PIC "Build position independent libraries and executables" ${BUILD_SHARED_LIBS})
 if(ENABLE_PIC)
 	set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 endif()

cmake/modules/libbpf.cmake

@@ -26,7 +26,7 @@ else()
         URL_HASH
         "SHA256=32b0c41eabfbbe8e0c8aea784d7495387ff9171b5a338480a8fbaceb9da8d5e5"
         CONFIGURE_COMMAND mkdir -p build root
-        BUILD_COMMAND ${CMAKE_MAKE_PROGRAM} BUILD_STATIC_ONLY=y OBJDIR=${LIBBPF_BUILD_DIR}/build DESTDIR=${LIBBPF_BUILD_DIR}/root NO_PKG_CONFIG=1 "EXTRA_CFLAGS=-I${LIBELF_INCLUDE} -I${ZLIB_INCLUDE}" "LDFLAGS=-Wl,-Bstatic" "EXTRA_LDFLAGS=-L${LIBELF_SRC}/libelf/libelf -L${ZLIB_SRC}" -C ${LIBBPF_SRC}/libbpf/src install install_uapi_headers
+        BUILD_COMMAND ${CMAKE_MAKE_PROGRAM} BUILD_STATIC_ONLY=y OBJDIR=${LIBBPF_BUILD_DIR}/build DESTDIR=${LIBBPF_BUILD_DIR}/root NO_PKG_CONFIG=1 "EXTRA_CFLAGS=-fPIC -I${LIBELF_INCLUDE} -I${ZLIB_INCLUDE}" "LDFLAGS=-Wl,-Bstatic" "EXTRA_LDFLAGS=-L${LIBELF_SRC}/libelf/libelf -L${ZLIB_SRC}" -C ${LIBBPF_SRC}/libbpf/src install install_uapi_headers
         INSTALL_COMMAND ""
         UPDATE_COMMAND ""
     )

cmake/modules/libelf.cmake

@@ -7,7 +7,12 @@ if(LIBELF_INCLUDE)
     # we already have LIBELF
 elseif(NOT USE_BUNDLED_LIBELF)
     find_path(LIBELF_INCLUDE elf.h PATH_SUFFIXES elf)
-    find_library(LIBELF_LIB NAMES libelf.a libelf.so)
+    if(BUILD_SHARED_LIBS)
+        set(LIBELF_LIB_SUFFIX ${CMAKE_SHARED_LIBRARY_SUFFIX})
+    else()
+        set(LIBELF_LIB_SUFFIX ${CMAKE_STATIC_LIBRARY_SUFFIX})
+    endif()
+    find_library(LIBELF_LIB NAMES libelf${LIBELF_LIB_SUFFIX})
     if(LIBELF_LIB)
         message(STATUS "Found LIBELF: include: ${LIBELF_INCLUDE}, lib: ${LIBELF_LIB}")
     else()

cmake/modules/libscap.cmake

@@ -53,37 +53,51 @@ endfunction()
 
 add_subdirectory(${LIBSCAP_DIR}/userspace/libscap ${PROJECT_BINARY_DIR}/libscap)
 
-# We can switch to using the MANUALLY_ADDED_DEPENDENCIES when our minimum
-# CMake version is 3.8 or later.
-set(LIBSCAP_LIBS
-	scap
-	scap_engine_noop
-	scap_engine_source_plugin
-	scap_error
-	scap_event_schema)
-
-set(libscap_conditional_libs
-	driver_event_schema
-	pman
-	scap_engine_bpf
-	scap_engine_gvisor
-	scap_engine_kmod
-	scap_engine_modern_bpf
-	scap_engine_nodriver
-	scap_engine_savefile
-	scap_engine_test_input
-	scap_engine_udig
-	scap_engine_util
-	scap_platform
-	scap_platform_util)
-
-foreach(libscap_conditional_lib ${libscap_conditional_libs})
-	if(TARGET ${libscap_conditional_lib})
-		list(APPEND LIBSCAP_LIBS ${libscap_conditional_lib})
+set(LIBSCAP_INSTALL_LIBS)
+
+# All of the targets in userspace/libscap
+get_directory_property(libscap_subdirs DIRECTORY ${LIBSCAP_DIR}/userspace/libscap SUBDIRECTORIES)
+set(libscap_subdir_targets)
+foreach(libscap_subdir ${LIBSCAP_DIR}/userspace/libscap ${libscap_subdirs})
+	get_directory_property(subdir_targets DIRECTORY ${libscap_subdir} BUILDSYSTEM_TARGETS)
+	list(APPEND libscap_subdir_targets ${subdir_targets})
+endforeach()
+
+set(install_lib_type STATIC_LIBRARY)
+if (BUILD_SHARED_LIBS)
+	set(install_lib_type SHARED_LIBRARY)
+endif()
+
+# Installation targets only
+foreach(libscap_subdir_target ${libscap_subdir_targets})
+	get_target_property(cl_target_type ${libscap_subdir_target} TYPE)
+	if (${cl_target_type} STREQUAL ${install_lib_type})
+		list(APPEND LIBSCAP_INSTALL_LIBS ${libscap_subdir_target})
 	endif()
 endforeach()
 
-install(TARGETS ${LIBSCAP_LIBS}
+# Installation targets and their dependencies
+set(libscap_link_libraries)
+foreach(libscap_install_lib ${LIBSCAP_INSTALL_LIBS})
+	list(APPEND libscap_link_libraries ${libscap_install_lib})
+	get_target_property(install_lib_link_libraries ${libscap_install_lib} LINK_LIBRARIES)
+	foreach (install_lib_link_library ${install_lib_link_libraries})
+		if (NOT ${install_lib_link_library} IN_LIST libscap_subdir_targets)
+			list(APPEND libscap_link_libraries ${install_lib_link_library})
+		endif()
+	endforeach()
+endforeach()
+list(REMOVE_DUPLICATES libscap_link_libraries)
+
+set(libscap_link_flags)
+foreach(libscap_link_library ${libscap_link_libraries})
+	list(APPEND libscap_link_flags "-l${libscap_link_library}")
+endforeach()
+
+string(REPLACE ";" " " LIBSCAP_LINK_LIBRARIES_FLAGS "${libscap_link_flags}")
+configure_file(${LIBSCAP_DIR}/userspace/libscap/libscap.pc.in ${PROJECT_BINARY_DIR}/libscap/libscap.pc @ONLY)
+
+install(TARGETS ${LIBSCAP_INSTALL_LIBS}
 			ARCHIVE DESTINATION "${CMAKE_INSTALL_LIBDIR}/${LIBS_PACKAGE_NAME}"
 			LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}/${LIBS_PACKAGE_NAME}"
 			RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}"

docs/index.md

@@ -0,0 +1,10 @@
+# Falcosecurity drivers
+
+## Falco drivers kernel testing matrixes
+
+Here you can find kernel testing support matrixes for [Falco](https://falco.org/) drivers.  
+For more info, make sure to read the [driver kernel testing framework proposal](https://github.com/falcosecurity/libs/blob/master/proposals/20230530-driver-kernel-testing-framework.md).  
+
+## Syscalls Report
+
+You can also find the list of supported syscalls by our drivers, be it through specific filler or generic.

docs/matrix.md

@@ -0,0 +1,25 @@
+# Home of Falco drivers kernel testing matrixes
+
+Basically, we use Ansible playbooks to spawn Firecracker microvms where we can test:  
+
+* kmod and ebpf drivers build
+* scap-open run with {kmod,ebpf,modern-bpf}
+
+The modern-bpf driver-enabled scap-open is built using the exactly same process used by [Falco release pipeline](https://github.com/falcosecurity/falco/blob/master/.github/workflows/reusable_build_packages.yaml#L15):   
+
+* the modern bpf skeleton is built on a Fedora machine
+* scap-open with embedded modern-bpf skeleton is built on a centos7 machine to allow largest possible support (old glibc version)
+* scap-open binary is copied to each spawned vm
+
+## Supported Archs
+
+For now, supported architectures are:  
+
+* AMD64
+* ARM64
+
+## Glossary
+
+* 🟢 -> means that the test was successful
+* 🟡 -> means that the test was skipped; you can click the symbol to reach the test section and checkout why the test was skipped.
+* ❌ -> means that the test failed; you can click the symbol to reach the test section and checkout why the test failed.

driver/report.md → docs/report.md

@@ -1,10 +1,3 @@
-# Supported Syscalls
-
-This table represents the syscalls supported by our drivers.
-
-🟢 means that the syscall is fully instrumented so its parameters are available to userspace.
-🟡 means that the syscall is not fully instrumented so the userspace is just notified when the syscall happens but no parameters are available.
-
 |         SYSCALL         | SUPPORTED |
 |-------------------------|-----------|
 | _sysctl                 | 🟡        |