Merge branch 'main' into renovate/main-github.com-cilium-cilium-1.x

Signed-off-by: Mahé <mahe.tardy@gmail.com>
cilium · Feb 21, 2025 · 0bcdc65 · 0bcdc65
2 parents f0ef44c + a13050f
commit 0bcdc65
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 31 deletions.
diff --git a/pkg/bpf/detect.go b/pkg/bpf/detect.go
@@ -9,9 +9,7 @@ package bpf
 import (
 	"errors"
 	"fmt"
-	"os"
 	"path/filepath"
-	"strings"
 	"sync"
 	"unsafe"
 
@@ -231,39 +229,31 @@ func detectLSM() bool {
 	if features.HaveProgramType(ebpf.LSM) != nil {
 		return false
 	}
-	b, err := os.ReadFile("/sys/kernel/security/lsm")
+	prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{
+		Name: "probe_lsm_file_open",
+		Type: ebpf.LSM,
+		Instructions: asm.Instructions{
+			asm.Mov.Imm(asm.R0, 0),
+			asm.Return(),
+		},
+		AttachTo:   "file_open",
+		AttachType: ebpf.AttachLSMMac,
+		License:    "Dual BSD/GPL",
+	})
 	if err != nil {
-		logger.GetLogger().WithError(err).Error("failed to read /sys/kernel/security/lsm")
+		logger.GetLogger().WithError(err).Error("failed to load lsm probe")
 		return false
 	}
-	if strings.Contains(string(b), "bpf") {
-		prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{
-			Name: "probe_lsm_file_open",
-			Type: ebpf.LSM,
-			Instructions: asm.Instructions{
-				asm.Mov.Imm(asm.R0, 0),
-				asm.Return(),
-			},
-			AttachTo:   "file_open",
-			AttachType: ebpf.AttachLSMMac,
-			License:    "Dual BSD/GPL",
-		})
-		if err != nil {
-			logger.GetLogger().WithError(err).Error("failed to load lsm probe")
-			return false
-		}
-		defer prog.Close()
+	defer prog.Close()
 
-		link, err := link.AttachLSM(link.LSMOptions{
-			Program: prog,
-		})
-		if err != nil {
-			logger.GetLogger().WithError(err).Error("failed to attach lsm probe")
-			return false
-		}
-		link.Close()
-		return true
+	link, err := link.AttachLSM(link.LSMOptions{
+		Program: prog,
+	})
+	if err != nil {
+		logger.GetLogger().WithError(err).Error("failed to attach lsm probe")
+		return false
 	}
+	link.Close()
 
 	return false
 }

diff --git a/pkg/sensors/tracing/genericlsm.go b/pkg/sensors/tracing/genericlsm.go
@@ -354,7 +354,8 @@ func createGenericLsmSensor(
 	var err error
 
 	if !bpf.HasLSMPrograms() || !kernels.EnableLargeProgs() {
-		return nil, fmt.Errorf("Does you kernel support the bpf LSM? You can enable LSM BPF by modifying" +
+		return nil, fmt.Errorf("Unable to load simple LSM BPF program. " +
+			"Does you kernel support the bpf LSM? You can enable LSM BPF by modifying " +
 			"the GRUB configuration /etc/default/grub with GRUB_CMDLINE_LINUX=\"lsm=bpf\"")
 	}