contrib: Modify verify.sh to check generic LSM bpf objects

Signed-off-by: Andrei Fedotov <anfedotoff@yandex-team.ru>
cilium · Jul 11, 2024 · 233e9dc · 233e9dc
1 parent 44efce4
commit 233e9dc
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/contrib/verify/verify.sh b/contrib/verify/verify.sh
@@ -78,13 +78,31 @@ for obj in "$TETRAGONDIR"/*.o; do
 		continue
 	fi
 
+	# Skip if LSM BPF is not enabled
+	if [[ "$B" == bpf_generic_lsm* && $(cat /boot/config-$(uname -r) | grep CONFIG_BPF_LSM) != "CONFIG_BPF_LSM=y" ]]; then
+		continue
+	fi
+
 	echo -e -n "Verifying $BLUEUNDER$obj$NOCOLOR... "
 	OUT="/tmp/tetragon-verify-$B"
 
 	FLAGS=""
 	[ "$DEBUG" -eq 1 ] && FLAGS="-d"
 	bpftool help 2>&1 | grep -q -- "--legacy" && FLAGS="$FLAGS --legacy"
 
+	# Rename sections to pass verifier
+	if [[ "$B" == bpf_generic_lsm* ]]; then
+		llvm-objcopy --rename-section lsm/generic_lsm=lsm/file_open \
+			--rename-section lsm/0=lsm/file_open \
+			--rename-section lsm/1=lsm/file_open \
+			--rename-section lsm/2=lsm/file_open \
+			--rename-section lsm/3=lsm/file_open \
+			--rename-section lsm/4=lsm/file_open \
+			--rename-section lsm/5=lsm/file_open \
+			"$obj" "${obj}.fixup"
+		obj="${obj}.fixup"
+	fi
+
 	bpftool $FLAGS prog loadall "$obj" "$PINDIR" &> "$OUT"
 	if [ $? -ne 0 ]; then
 		echo -e "${RED}Failed!${NOCOLOR}"