Remove kernel version check for LSM Resolve flag #3415

ScriptSathi · 2025-02-18T09:18:51Z

This PR is the follow-up to this comment #3143 (comment)

In genericlsm.go we check the kernel version for the use of the Resolve flag. But it is not reliable because vendors may (like rhel) may have kernels with additional patches, but they are detected as lower than the required version.

This condition was not necessary because in any case following code will return an error since it can not found the required hook. So this commit remove this check and add a specific case where the error should raise for LSM hooks only. Signed-off-by: Tristan d'Audibert <tristan.daudibert@orange.com>

ScriptSathi · 2025-02-18T09:22:06Z

pkg/btf/btf.go

@@ -123,6 +123,11 @@ func FindBtfFuncParamFromHook(hook string, argIndex int) (*btf.FuncParam, error)
 	}

 	if err = spec.TypeByName(hook, &hookFn); err != nil {
+		if strings.HasPrefix(hook, "bpf_lsm_") {


I think it is acceptable to such a check instead of passing a boolean directly to the function. I wanted to keep the function resilient

ScriptSathi requested a review from a team as a code owner February 18, 2025 09:18

ScriptSathi requested a review from olsajiri February 18, 2025 09:18

ScriptSathi commented Feb 18, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove kernel version check for LSM Resolve flag #3415

Remove kernel version check for LSM Resolve flag #3415

ScriptSathi commented Feb 18, 2025

ScriptSathi Feb 18, 2025

Remove kernel version check for LSM Resolve flag #3415

Are you sure you want to change the base?

Remove kernel version check for LSM Resolve flag #3415

Conversation

ScriptSathi commented Feb 18, 2025

ScriptSathi Feb 18, 2025

Choose a reason for hiding this comment