Skip to content

Commit

Permalink
feat: Detect CAP_BPF when detect env
Browse files Browse the repository at this point in the history
If no capability to run bpf progs, we must check CAP_BPF asap.

Without this check, there will be many noisy logs before log "error:operation
not permitted", like #678 (comment).

Signed-off-by: Leon Hwang <hffilwlqm@gmail.com>
  • Loading branch information
Asphaltt committed Dec 5, 2024
1 parent fdd8827 commit 8bd8274
Showing 1 changed file with 30 additions and 0 deletions.
30 changes: 30 additions & 0 deletions cli/cmd/env_detection.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,14 @@
package cmd

import (
"errors"
"fmt"
"runtime"

"github.com/cilium/ebpf"
"github.com/cilium/ebpf/asm"
"github.com/gojue/ecapture/pkg/util/kernel"
"golang.org/x/sys/unix"
)

func detectKernel() error {
Expand All @@ -42,6 +46,28 @@ func detectKernel() error {

return nil
}
func detectBpfCap() error {
// BPF 权限检测
prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{
Name: "uprobe_dummy",
Type: ebpf.Kprobe,
Instructions: asm.Instructions{
asm.Mov.Imm(asm.R0, 0),
asm.Return(),
},
License: "GPL",
})
if err != nil {
if errors.Is(err, unix.EPERM) {
return fmt.Errorf("the current user does not have CAP_BPF to load bpf programs. Please run as root or use sudo.")
}

return fmt.Errorf("failed to create bpf program: %v", err)
}
defer prog.Close()

return nil
}

func detectEnv() error {
// 环境检测
Expand All @@ -50,5 +76,9 @@ func detectEnv() error {
return err
}

if err := detectBpfCap(); err != nil {
return err
}

return nil
}

0 comments on commit 8bd8274

Please sign in to comment.