bpf-recorder needs /sys/kernel/tracing/events/raw_syscalls/sys_enter/id

spod crashes when using the eBPF based recorder, because the container cannot access /sys/kernel/tracing/events/raw_syscalls/sys_enter/id: I0122 08:11:14.334147 9234 bpfrecorder.go:517] "Excluding mount namespace" logger="bpf-recorder" mntns=4026531841 I0122 08:11:14.335822 9234 bpfrecorder.go:534] "BPF module successfully loaded." logger="bpf-recorder" I0122 08:11:14.335896 9234 bpfrecorder.go:218] "Doing BPF start/stop self-test..." logger="bpf-recorder" I0122 08:11:14.335967 9234 bpfrecorder.go:541] "Start BPF recording: Attaching all programs..." logger="bpf-recorder" libbpf: failed to open '/sys/kernel/tracing/events/raw_syscalls/sys_enter/id': No such file or directory libbpf: failed to determine tracepoint 'raw_syscalls/sys_enter' perf event ID: No such file or directory libbpf: prog 'sys_enter': failed to create tracepoint 'raw_syscalls/sys_enter' perf event: No such file or directory I0122 08:11:14.335948 9234 bpfrecorder.go:698] "Processing bpf events" logger="bpf-recorder" E0122 08:11:14.336538 9234 main.go:240] "running security-profiles-operator" err="StartRecording self-test: attach base hooks: attach bpf program sys_enter: failed to attach program: no such file or directory" logger="setup"
kubernetes-sigs · Jan 23, 2025 · 2627bb3 · 2627bb3
1 parent acce4a6
commit 2627bb3
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/internal/pkg/manager/spod/bindata/spod.go b/internal/pkg/manager/spod/bindata/spod.go
@@ -53,6 +53,7 @@ const (
 	SelinuxdDBPath                                   = SelinuxdPrivateDir + "/selinuxd.db"
 	sysKernelDebugPath                               = "/sys/kernel/debug"
 	sysKernelSecurityPath                            = "/sys/kernel/security"
+	sysKernelTracingPath                             = "/sys/kernel/tracing"
 	InitContainerIDNonRootenabler                    = 0
 	InitContainerIDSelinuxSharedPoliciesCopier       = 1
 	ContainerIDDaemon                                = 0
@@ -556,6 +557,11 @@ semodule -i /opt/spo-profiles/selinuxrecording.cil
 								MountPath: sysKernelSecurityPath,
 								ReadOnly:  true,
 							},
+							{
+								Name:      "sys-kernel-tracing-volume",
+								MountPath: sysKernelTracingPath,
+								ReadOnly:  true,
+							},
 							{
 								Name:      "host-etc-osrelease-volume",
 								MountPath: etcOSReleasePath,
@@ -736,6 +742,15 @@ semodule -i /opt/spo-profiles/selinuxrecording.cil
 							},
 						},
 					},
+					{
+						Name: "sys-kernel-tracing-volume",
+						VolumeSource: corev1.VolumeSource{
+							HostPath: &corev1.HostPathVolumeSource{
+								Path: sysKernelTracingPath,
+								Type: &hostPathDirectory,
+							},
+						},
+					},
 					{
 						Name: "host-etc-osrelease-volume",
 						VolumeSource: corev1.VolumeSource{