Merge pull request #1 from rscampos/add_kernel_611_612_2

Add kernel 611 612 (test)

.github/actions/build-dependencies/action.yaml

@@ -64,11 +64,6 @@ runs:
         sudo ln -s /usr/local/clang/bin/llvm-readelf /usr/bin/llvm-readelf
         sudo ln -s /usr/local/clang/bin/opt /usr/bin/opt
       shell: bash
-    - name: Install OPA
-      run: |
-        sudo curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/v0.63.0/opa_linux_amd64_static
-        sudo chmod 755 /usr/bin/opa
-      shell: bash
     - name: Install staticchecker
       run: |
         GOROOT=/usr/local/go GOPATH=$HOME/go go install honnef.co/go/tools/cmd/[email protected]

.github/labeler.yml

@@ -56,12 +56,10 @@ area/signatures:
   - pkg/signatures/**/*
   - signatures/*
   - signatures/**/*
-  - "**/*.rego"
 area/testing:
   - tests/*
   - tests/**/*
   - "**/*_test.go"
-  - "**/*_test.rego"
 # area/uprobe:
 area/UX:
   - pkg/cmd/*

.github/workflows/pr.yaml

@@ -84,7 +84,7 @@ jobs:
   #
   verify-docs:
     name: Verify Documentation
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -128,7 +128,7 @@ jobs:
   #
   verify-analyze-code:
     name: Verify and Analyze Code
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout Code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -161,34 +161,13 @@ jobs:
         run: |
           make check-err
   #
-  # SIGNATURES CODE VERIFICATION
-  #
-  verify-signatures:
-    name: Verify Signatures
-    needs:
-      - verify-analyze-code
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout Code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          submodules: true
-      - name: Install Dependencies
-        uses: ./.github/actions/build-dependencies
-      - name: Build Signatures
-        run: |
-          make signatures
-      - name: Test Signatures
-        run: |
-          make test-signatures
-  #
   # TOOLS BUILD VERIFICATION
   #
   verify-tools:
     name: Verify Other Tools
     needs:
       - verify-analyze-code
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout Code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -219,7 +198,7 @@ jobs:
     name: Unit Tests
     needs:
       - verify-analyze-code
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout Code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -237,7 +216,7 @@ jobs:
     name: Integration Tests
     needs:
       - verify-analyze-code
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout Code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -255,7 +234,7 @@ jobs:
     name: Performance Tests
     needs:
       - verify-analyze-code
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout Code
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -274,7 +253,7 @@ jobs:
     #needs:
     #  - verify-signatures
     #  - verify-tools
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       matrix01: ${{ steps.set-matrix.outputs.matrix01 }}
     steps:
@@ -302,6 +281,14 @@ jobs:
               ["Mantic 6.5 aarch64"]="0387f77c4820c98db aarch64"
               ["Mantic 6.6 x86_64"]="05b5ac8f6c43b3ca5 x86_64"
               ["Mantic 6.6 aarch64"]="05c9d6cd9343f0a43 aarch64"
+              ["Noble 6.8 x86_64"]="0cc63426ae75d47c8 x86_64"
+              ["Noble 6.8 aarch64"]="0f5260685b3ec2293 aarch64"
+              ["Noble 6.10 x86_64"]="0ae23eabda70efc60 x86_64"
+              ["Noble 6.10 aarch64"]="01ce0f71400b5ff38 aarch64"
+              ["Noble 6.11 x86_64"]="0ce1f88aa63091921 x86_64"
+              ["Noble 6.11 aarch64"]="0123508488affb578 aarch64"
+              ["Noble 6.12 x86_64"]="0e38f3caba1b4234d x86_64"
+              ["Noble 6.12 aarch64"]="0547f429681dc1f2a aarch64"
               # expand as needed
           )
           for num in 01; do

.github/workflows/release-snapshot.yaml

@@ -17,6 +17,7 @@ jobs:
     runs-on: 
       - graas_ami-0cdf7ad6d9627da45_${{ github.event.number }}${{ github.run_attempt }}-${{ github.run_id }}
       - EXECUTION_TYPE=LONG
+      - INSTANCE_TYPE=2XLARGE
     permissions:
       contents: read
       packages: write
@@ -60,6 +61,7 @@ jobs:
     runs-on: 
       - graas_ami-07740487fa433aa54_${{ github.event.number }}${{ github.run_attempt }}-${{ github.run_id }}
       - EXECUTION_TYPE=LONG
+      - INSTANCE_TYPE=LARGE
     permissions:
       contents: read
       packages: write

.github/workflows/release.yaml

@@ -16,6 +16,7 @@ jobs:
     runs-on: 
       - graas_ami-0cdf7ad6d9627da45_${{ github.event.number }}${{ github.run_attempt }}-${{ github.run_id }}
       - EXECUTION_TYPE=LONG
+      - INSTANCE_TYPE=2XLARGE
     permissions:
       contents: write
       packages: write
@@ -60,6 +61,7 @@ jobs:
     runs-on:
       - graas_ami-07740487fa433aa54_${{ github.event.number }}${{ github.run_attempt }}-${{ github.run_id }}
       - EXECUTION_TYPE=LONG
+      - INSTANCE_TYPE=LARGE
     permissions:
       contents: write
       packages: write

Makefile

@@ -37,7 +37,6 @@ CMD_INSTALL ?= install
 CMD_LLC ?= llc
 CMD_MD5 ?= md5sum
 CMD_MKDIR ?= mkdir
-CMD_OPA ?= opa
 CMD_PKGCONFIG ?= pkg-config
 CMD_RM ?= rm
 CMD_SED ?= sed
@@ -205,7 +204,6 @@ env:
 	@echo "CMD_LLC                  $(CMD_LLC)"
 	@echo "CMD_MD5                  $(CMD_MD5)"
 	@echo "CMD_MKDIR                $(CMD_MKDIR)"
-	@echo "CMD_OPA                  $(CMD_OPA)"
 	@echo "CMD_PKGCONFIG            $(CMD_PKGCONFIG)"
 	@echo "CMD_RM                   $(CMD_RM)"
 	@echo "CMD_SED                  $(CMD_SED)"
@@ -266,9 +264,6 @@ env:
 	@echo "GOSIGNATURES_DIR         $(GOSIGNATURES_DIR)"
 	@echo "GOSIGNATURES_SRC         $(GOSIGNATURES_SRC)"
 	@echo ---------------------------------------
-	@echo "REGO_SIGNATURES_DIR      $(REGO_SIGNATURES_DIR)"
-	@echo "REGO_SIGNATURES_SRC      $(REGO_SIGNATURES_SRC)"
-	@echo ---------------------------------------
 	@echo "E2E_NET_DIR              $(E2E_NET_DIR)"
 	@echo "E2E_NET_SRC              $(E2E_NET_SRC)"
 	@echo "E2E_INST_DIR             $(E2E_INST_DIR)"
@@ -318,7 +313,6 @@ help:
 	@echo "    $$ make test-unit                # run unit tests"
 	@echo "    $$ make test-types               # run unit tests for types module"
 	@echo "    $$ make test-integration         # run integration tests"
-	@echo "    $$ make test-signatures          # opa test (tracee-rules)"
 	@echo ""
 	@echo "# flags"
 	@echo ""
@@ -591,20 +585,11 @@ GOSIGNATURES_SRC :=	$(shell find $(GOSIGNATURES_DIR) \
 			! -path '$(GOSIGNATURES_DIR)/examples/*' \
 			)
 
-REGO_SIGNATURES_DIR ?= signatures/rego
-REGO_SIGNATURES_SRC :=	$(shell find $(REGO_SIGNATURES_DIR) \
-			-type f \
-			-name '*.rego' \
-			! -name '*_test.rego' \
-			! -path '$(REGO_SIGNATURES_DIR)/examples/*' \
-			)
-
 .PHONY: signatures
 signatures: $(OUTPUT_DIR)/signatures
 
 $(OUTPUT_DIR)/signatures: \
 	$(GOSIGNATURES_SRC) \
-	$(REGO_SIGNATURES_SRC) \
 	| .eval_goenv \
 	.checkver_$(CMD_GO) \
 	.check_$(CMD_INSTALL) \
@@ -615,8 +600,6 @@ $(OUTPUT_DIR)/signatures: \
 		--buildmode=plugin \
 		-o $@/builtin.so \
 		$(GOSIGNATURES_SRC)
-	# disable rego signatures by default (keep golang signatures only)
-	# $(CMD_INSTALL) -m 0644 $(REGO_SIGNATURES_SRC) $@
 
 .PHONY: clean-signatures
 clean-signatures:
@@ -823,12 +806,6 @@ test-integration: \
 		-count=1 \
 		./tests/integration/... \
 
-.PHONY: test-signatures
-test-signatures: \
-	| .check_$(CMD_OPA)
-#
-	$(CMD_OPA) test $(REGO_SIGNATURES_DIR) --verbose
-
 .PHONY: test-upstream-libbpfgo
 test-upstream-libbpfgo: \
 	| .eval_goenv \

Vagrantfile

@@ -131,7 +131,6 @@ Vagrant.configure("2") do |config|
       HOME="/home/#{vm_user}"
       LLVM_VERSION="14"
       GO_VERSION="1.22.3"
-      OPA_VERSION="v0.63.0"
       KUBECTL_VERSION="v1.29"
       VM_TYPE="#{vm_type}"
 
@@ -224,13 +223,6 @@ Vagrant.configure("2") do |config|
       apt-get install --yes docker.io
       usermod -aG docker ${USER}
 
-      #
-      # opa
-      #
-
-      echo ">>> Installing opa"
-      curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/${OPA_VERSION}/opa_linux_${ARCH}_static
-      chmod 755 /usr/bin/opa
     SHELL
 
     vm_config.vm.provision "shell", privileged: true, reboot: true, inline: <<-SHELL

builder/Dockerfile.alpine-tracee-container

@@ -10,15 +10,8 @@ ARG FLAVOR=tracee-ebpf-core
 #
 
 ARG GO_VERSION=1.22.0
-ARG OPA_VERSION=v0.63.0
 
 
-# This workaround is required since OPA 0.65.0 (latest published release) has cve-2024-24790.
-# After solved we can rollback to the commented installation lines below.
-#
-# Stage 1: Set the base image to get the OPA binary
-FROM openpolicyagent/opa:0.66.0-dev-static AS opa-extractor
-
 #
 # tracee-base
 #
@@ -35,15 +28,6 @@ RUN apk --no-cache update && \
     apk --no-cache add libelf zlib zstd && \
     apk --no-cache add libc6-compat
 
-# install OPA
-
-# ARG OPA_VERSION
-# RUN curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/${OPA_VERSION}/opa_linux_${TARGETARCH}_static && \
-# chmod 755 /usr/bin/opa
-
-# Stage 2: Copy the OPA binary from the OPA extractor
-COPY --from=opa-extractor /opa /usr/bin/opa
-
 #
 # tracee-make-base
 #

builder/Dockerfile.alpine-tracee-make

@@ -40,11 +40,6 @@ RUN cd /tmp && \
     cd ./btfhub && \
     ./3rdparty/bpftool.sh
 
-# install OPA
-RUN TARGETARCH=$(uname -m | sed 's:x86_64:amd64:g' | sed 's:aarch64:arm64:g') && \
-    curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/v0.63.0/opa_linux_${TARGETARCH}_static && \
-    chmod 755 /usr/bin/opa
-
 # install extra tools for testing things
 RUN apk --no-cache add man-pages man-pages-posix bash-completion vim iproute2 vlan bridge-utils net-tools \
     netcat-openbsd iputils wget lynx w3m stress-ng

builder/Dockerfile.ubuntu-tracee-make

@@ -12,7 +12,6 @@ ARG gid=1000
 #
 
 ARG GO_VERSION=1.22.0
-ARG OPA_VERSION=v0.63.0
 
 # install needed environment
 
@@ -36,11 +35,6 @@ RUN cd /tmp && \
     cd ./btfhub && \
     ./3rdparty/bpftool.sh
 
-# install OPA
-RUN altarch=$(uname -m | sed 's:x86_64:amd64:g' | sed 's:aarch64:arm64:g') && \
-    curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/${OPA_VERSION}/opa_linux_${altarch}_static && \
-    chmod 755 /usr/bin/opa
-
 # extra tools for testing things
 
 RUN export DEBIAN_FRONTEND=noninteractive && \

cmd/tracee-rules/main.go

@@ -11,7 +11,6 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/open-policy-agent/opa/compile"
 	"github.com/urfave/cli/v2"
 	"kernel.org/pub/linux/libs/security/libcap/cap"
 
@@ -44,27 +43,14 @@ func main() {
 				return errors.New("no flags specified")
 			}
 
-			var target string
-			switch strings.ToLower(c.String("rego-runtime-target")) {
-			case "wasm":
-				return errors.New("target unsupported: wasm")
-			case "rego":
-				target = compile.TargetRego
-			default:
-				return fmt.Errorf("invalid target specified: %s", strings.ToLower(c.String("rego-runtime-target")))
-			}
-
 			var rulesDir []string
 			if c.String("rules-dir") != "" {
 				rulesDir = []string{c.String("rules-dir")}
 			}
 
 			sigs, _, err := signature.Find(
-				target,
-				c.Bool("rego-partial-eval"),
 				rulesDir,
 				c.StringSlice("rules"),
-				c.Bool("rego-aio"),
 			)
 			if err != nil {
 				return err
@@ -187,11 +173,7 @@ func main() {
 			},
 			&cli.StringFlag{
 				Name:  "rules-dir",
-				Usage: "directory where to search for rules in OPA (.rego) and Go plugin (.so) formats",
-			},
-			&cli.BoolFlag{
-				Name:  "rego-partial-eval",
-				Usage: "enable partial evaluation of rego rules",
+				Usage: "directory where to search for rules in Go plugin (.so) format",
 			},
 			&cli.BoolFlag{
 				Name:  "list",
@@ -227,15 +209,6 @@ func main() {
 				Usage: "enable pyroscope agent",
 				Value: false,
 			},
-			&cli.BoolFlag{
-				Name:  "rego-aio",
-				Usage: "compile rego signatures altogether as an aggregate policy. By default each signature is compiled separately.",
-			},
-			&cli.StringFlag{
-				Name:  "rego-runtime-target",
-				Usage: "select which runtime target to use for evaluation of rego rules: rego, wasm",
-				Value: "rego",
-			},
 			&cli.BoolFlag{
 				Name:  "list-events",
 				Usage: "print a list of events that currently loaded signatures require",