Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make run fails in Ubuntu 24.04 #1755

Open
navin772 opened this issue May 17, 2024 · 1 comment · May be fixed by #1781
Open

make run fails in Ubuntu 24.04 #1755

navin772 opened this issue May 17, 2024 · 1 comment · May be fixed by #1781
Assignees
@EraKin575
Labels
bug Something isn't working

Comments

@navin772
Copy link
Member

navin772 commented May 17, 2024
edited
Loading

Bug Report

General Information
Following the development guide on a Ubuntu 24.02 VM the make run command fails with the error:

navin@navin:~/KubeArmor/KubeArmor$ make run
cd /home/navin/KubeArmor/KubeArmor; make -C ../protobuf
make[1]: Entering directory '/home/navin/KubeArmor/protobuf'
make[1]: Nothing to be done for 'build'.
make[1]: Leaving directory '/home/navin/KubeArmor/protobuf'
cd /home/navin/KubeArmor/KubeArmor; go mod tidy
cd /home/navin/KubeArmor/KubeArmor; bpftool btf dump file /sys/kernel/btf/vmlinux format c > BPF/vmlinux.h || true
if grep -q bpf '/sys/kernel/security/lsm'; then \
        cd /home/navin/KubeArmor/KubeArmor; go generate ./... || true; \
fi
cd /home/navin/KubeArmor/KubeArmor; CGO_ENABLED=0 go build -ldflags "-X main.BuildDate=2024-05-17T11:35:53Z -X main.GitCommit=294ed3b2 -X main.GitBranch=main -X main.GitState=dirty -X main.GitSummary=294ed3b2-dirty" -o kubearmor main.go
cd /home/navin/KubeArmor/deployments/CRD; kubectl apply -f KubeArmorPolicy.yaml
customresourcedefinition.apiextensions.k8s.io/kubearmorpolicies.security.kubearmor.com configured
cd /home/navin/KubeArmor/deployments/CRD; kubectl apply -f KubeArmorHostPolicy.yaml
customresourcedefinition.apiextensions.k8s.io/kubearmorhostpolicies.security.kubearmor.com configured
cd /home/navin/KubeArmor/KubeArmor; sudo rm -f /tmp/kubearmor.log
cd /home/navin/KubeArmor/KubeArmor/BPF; make clean
make[1]: Entering directory '/home/navin/KubeArmor/KubeArmor/BPF'
make[1]: Leaving directory '/home/navin/KubeArmor/KubeArmor/BPF'
cd /home/navin/KubeArmor/KubeArmor/BPF; make
make[1]: Entering directory '/home/navin/KubeArmor/KubeArmor/BPF'
Kernel BTF information found
Generating vmlinux.h for kernel 6.8.0
Compiling eBPF bytecode: system_monitor.bpf.o ...
make[1]: Leaving directory '/home/navin/KubeArmor/KubeArmor/BPF'
cd /home/navin/KubeArmor/KubeArmor; DEBUG=true sudo -E ./kubearmor -logPath=/tmp/kubearmor.log -enableKubeArmorPolicy -enableKubeArmorHostPolicy -hostVisibility=process,file,network,capabilities -defaultFilePosture block -defaultCapabilitiesPosture block -defaultNetworkPosture block -hostDefaultFilePosture block -hostDefaultCapabilitiesPosture block -hostDefaultNetworkPosture block
2024-05-17 11:36:02.212986      INFO    BUILD-INFO: commit: 294ed3b2, branch: main, date: 2024-05-17T11:35:53Z
2024-05-17 11:36:02.213114      INFO    Arguments [bpfFsPath:/sys/fs/bpf cluster:default coverageTest:false criSocket: debug:false defaultCapabilitiesPosture:audit defaultFilePosture:audit defaultNetworkPosture:audit defaultPostureLogs:true enableKubeArmorHostPolicy:false enableKubeArmorPolicy:true enableKubeArmorStateAgent:false enableKubeArmorVm:false enforcerAlerts:true gRPC:32767 host:navin hostDefaultCapabilitiesPosture:audit hostDefaultFilePosture:audit hostDefaultNetworkPosture:audit hostVisibility:default initTimeout:60s k8s:true kubeconfig: logPath:none lsm:bpf,apparmor,selinux seLinuxProfileDir:/tmp/kubearmor.selinux tlsCertPath:/var/lib/kubearmor/tls tlsCertProvider:self tlsEnabled:false untrackedNs:kube-system,kubearmor visibility:process,file,network,capabilities]
2024-05-17 11:36:02.213184      INFO    Configuration [{Cluster:default Host:navin GRPC:32767 TLSEnabled:false TLSCertPath:/var/lib/kubearmor/tls TLSCertProvider:self LogPath:/tmp/kubearmor.log SELinuxProfileDir: CRISocket: Visibility:process,file,network,capabilities HostVisibility:process,file,network,capabilities Policy:true HostPolicy:true KVMAgent:false K8sEnv:true Debug:true DefaultFilePosture:block DefaultNetworkPosture:block DefaultCapabilitiesPosture:block HostDefaultFilePosture:block HostDefaultNetworkPosture:block HostDefaultCapabilitiesPosture:block CoverageTest:false ConfigUntrackedNs:[] LsmOrder:[] BPFFsPath: EnforcerAlerts:false DefaultPostureLogs:false InitTimeout: StateAgent:false}]
2024-05-17 11:36:02.213209      INFO    Final Configuration [{Cluster:default Host:navin GRPC:32767 TLSEnabled:false TLSCertPath:/var/lib/kubearmor/tls TLSCertProvider:self LogPath:/tmp/kubearmor.log SELinuxProfileDir: CRISocket: Visibility:process,file,network,capabilities HostVisibility:process,file,network,capabilities Policy:true HostPolicy:true KVMAgent:false K8sEnv:true Debug:true DefaultFilePosture:block DefaultNetworkPosture:block DefaultCapabilitiesPosture:block HostDefaultFilePosture:block HostDefaultNetworkPosture:block HostDefaultCapabilitiesPosture:block CoverageTest:false ConfigUntrackedNs:[kube-system kubearmor] LsmOrder:[bpf apparmor selinux] BPFFsPath:/sys/fs/bpf EnforcerAlerts:true DefaultPostureLogs:true InitTimeout:60s StateAgent:false}]
2024-05-17 11:36:02.213675      INFO    Initialized Kubernetes client
2024-05-17 11:36:02.213747      INFO    Started to monitor node events
2024-05-17 11:36:02.213761      INFO    GlobalCfg.Host=navin, KUBEARMOR_NODENAME=
2024-05-17 11:36:02.213790      INFO    Started watching node information
2024-05-17 11:36:03.214069      INFO    Node Name: navin
2024-05-17 11:36:03.214143      INFO    Node IP: 192.168.122.156
2024-05-17 11:36:03.214214      INFO    Node Annotations: map[alpha.kubernetes.io/provided-node-ip:192.168.122.156 flannel.alpha.coreos.com/backend-data:{"VNI":1,"VtepMAC":"2e:8b:4a:6e:d8:ca"} flannel.alpha.coreos.com/backend-type:vxlan flannel.alpha.coreos.com/kube-subnet-manager:true flannel.alpha.coreos.com/public-ip:192.168.122.156 k3s.io/hostname:navin k3s.io/internal-ip:192.168.122.156 k3s.io/node-args:["server","--disable","traefik","--docker","--container-runtime-endpoint","unix:https:///var/run/docker.sock","--kubelet-arg","cgroup-driver=systemd"] k3s.io/node-config-hash:U5AJKYRLFTFYB3SEXD7CJGI6BAOUSEX3T2S6XD6AQ5EMIZSUB4DQ==== k3s.io/node-env:{"K3S_DATA_DIR":"/var/lib/rancher/k3s/data/b159f6e26663d8c92285e7bc4a6881d85bd8c81efc55eb2cf191c54100387fbb","K3S_KUBECONFIG_MODE":"644"} kubearmor-policy:enabled kubearmor-visibility:process,file,network,capabilities node.alpha.kubernetes.io/ttl:0 volumes.kubernetes.io/controller-managed-attach-detach:true]
2024-05-17 11:36:03.214239      INFO    OS Image: Ubuntu 24.04 LTS
2024-05-17 11:36:03.214255      INFO    Kernel Version: 6.8.0-31-generic
2024-05-17 11:36:03.214271      INFO    Kubelet Version: v1.29.4+k3s1
2024-05-17 11:36:03.214288      INFO    Container Runtime: docker:https://26.1.2
2024-05-17 11:36:03.214927      INFO    Initialized KubeArmor Logger
2024-05-17 11:36:03.216974      INFO    Detected mounted BPF filesystem at /sys/fs/bpf
2024-05-17 11:36:03.217298      INFO    Initializing eBPF system monitor
2024-05-17 11:36:03.229466      INFO    Successfully added visibility map with key={PidNS:0 MntNS:0} to the kernel
2024-05-17 11:36:03.239452      INFO    Successfully added visibility map with key={PidNS:12648430 MntNS:12648430} to the kernel
2024-05-17 11:36:03.239570      INFO    eBPF system monitor object file path: /home/navin/KubeArmor/KubeArmor/BPF/system_monitor.bpf.o
2024-05-17 11:36:03.389960      ERROR   Failed to initialize BPF (bpf module is nil program sys_exit_openat: load program: permission denied: 4745: (85) call bpf_probe_read_str#45: R1 unbounded memory access, make sure to bounds check any such access (truncated, 816 line(s) omitted))
github.com/kubearmor/KubeArmor/KubeArmor/log.Errf
        /home/navin/KubeArmor/KubeArmor/log/logger.go:108
github.com/kubearmor/KubeArmor/KubeArmor/core.(*KubeArmorDaemon).InitSystemMonitor
        /home/navin/KubeArmor/KubeArmor/core/kubeArmor.go:257
github.com/kubearmor/KubeArmor/KubeArmor/core.KubeArmor
        /home/navin/KubeArmor/KubeArmor/core/kubeArmor.go:532
main.main
        /home/navin/KubeArmor/KubeArmor/main.go:79
runtime.main
        /usr/local/go/src/runtime/proc.go:271
2024-05-17 11:36:03.390019      ERROR   Failed to initialize KubeArmor Monitor
github.com/kubearmor/KubeArmor/KubeArmor/log.Err
        /home/navin/KubeArmor/KubeArmor/log/logger.go:103
github.com/kubearmor/KubeArmor/KubeArmor/feeder.(*Feeder).Err
        /home/navin/KubeArmor/KubeArmor/feeder/feeder.go:423
github.com/kubearmor/KubeArmor/KubeArmor/core.KubeArmor
        /home/navin/KubeArmor/KubeArmor/core/kubeArmor.go:533
main.main
        /home/navin/KubeArmor/KubeArmor/main.go:79
runtime.main
        /usr/local/go/src/runtime/proc.go:271
2024-05-17 11:36:03.390065      INFO    Stopped KubeArmor Monitor
2024-05-17 11:36:03.390071      INFO    Terminated KubeArmor
2024-05-17 11:36:05.390337      INFO    Stopped KubeArmor Logger
2024-05-17 11:36:05.390467      INFO    Waiting for routine terminations

  • Environment description (GKE, VM-Kubeadm, vagrant-dev-env, minikube, microk8s, ...)
    OS - Ubuntu 24.02 server (VM)
    K3s

  • Kernel version (run uname -a)
    6.8.0

  • Orchestration system version in use (e.g. kubectl version, ...)
    K3s - v1.29.4+k3s1

  • Link to relevant artifacts (policies, deployments scripts, ...)

  • Target containers/pods

To Reproduce

  1. Create an Ubuntu 24.02 server VM.
  2. Follow the self-managed kubernetes guide for K3s installation.
  3. Inside the KubeArmor directory run make, start the local proxy kubectl proxy & then make run.

Expected behavior
make run should run without any errors.

Screenshots

If applicable, add screenshots to help explain your problem.
@navin772 navin772 added the bug Something isn't working label May 17, 2024
@EraKin575
Copy link

I would like to work on this issue

@navin772 navin772 changed the title "make run" fails in Ubuntu 24.02 make run fails in Ubuntu 24.02 Jun 5, 2024
@navin772 navin772 changed the title make run fails in Ubuntu 24.02 make run fails in Ubuntu 24.04 Jun 12, 2024
@navin772 navin772 linked a pull request Jun 12, 2024 that will close this issue
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EraKin575 EraKin575

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(setup.sh): Enable LLVM tools installation on Ubuntu 24.04 navin772/KubeArmor
2 participants
@navin772 @EraKin575