diff --git a/go.mod b/go.mod index f640df30a9..8a4c96afbc 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.26.0 require ( dario.cat/mergo v1.0.2 github.com/acobaugh/osrelease v0.1.0 - github.com/aquasecurity/libbpfgo v0.9.2-libbpf-1.5.1 + github.com/aquasecurity/libbpfgo v0.10.0-libbpf-1.5.1 github.com/blang/semver/v4 v4.0.0 github.com/cert-manager/cert-manager v1.20.2 github.com/go-logr/logr v1.4.3 diff --git a/go.sum b/go.sum index 161a6e9861..1ede648497 100644 --- a/go.sum +++ b/go.sum @@ -141,8 +141,8 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNg github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= -github.com/aquasecurity/libbpfgo v0.9.2-libbpf-1.5.1 h1:TDN+16Nim3gimjuTxd+sFhb4v06mEeYH0JfRWAFowA0= -github.com/aquasecurity/libbpfgo v0.9.2-libbpf-1.5.1/go.mod h1:JQNC5NuGwyYC7IZum6JqPNVHarFAuab+h4lO6t0jIhc= +github.com/aquasecurity/libbpfgo v0.10.0-libbpf-1.5.1 h1:i/6EeKnBR3XVeLmOyMbM0Oq+kIC08n613zwkD8lix8w= +github.com/aquasecurity/libbpfgo v0.10.0-libbpf-1.5.1/go.mod h1:veHe4u3xEpl0TBV+wX0AFJWOsnteNPOhNklRbYf3d+k= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= @@ -1099,10 +1099,10 @@ k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a h1:xCeOEAOoGYl2jnJoHkC3hk k8s.io/kube-openapi v0.0.0-20260317180543-43fb72c5454a/go.mod h1:uGBT7iTA6c6MvqUvSXIaYZo9ukscABYi2btjhvgKGZ0= k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0xi3g0ZcxxJ7vbWU= k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= -kernel.org/pub/linux/libs/security/libcap/cap v1.2.76 h1:mrdLPj8ujM6eIKGtd1PkkuCIodpFFDM42Cfm0YODkIM= -kernel.org/pub/linux/libs/security/libcap/cap v1.2.76/go.mod h1:7V2BQeHnVAQwhCnCPJ977giCeGDiywVewWF+8vkpPlc= -kernel.org/pub/linux/libs/security/libcap/psx v1.2.76 h1:3DyzQ30OHt3wiOZVL1se2g1PAPJIU7+tMUyvfMUj1dY= -kernel.org/pub/linux/libs/security/libcap/psx v1.2.76/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24= +kernel.org/pub/linux/libs/security/libcap/cap v1.2.78 h1:jgqg4gyu2BaYW9L6uzEtGLf8GNREwk/z4UFdwt5F3pE= +kernel.org/pub/linux/libs/security/libcap/cap v1.2.78/go.mod h1:VjuVda6m2qGkpCVfrFkpTGyvkdlZ2N5/yfo89tujlg8= +kernel.org/pub/linux/libs/security/libcap/psx v1.2.78 h1:PC3yNs51cX5LZ7U57a7xielBcoXB3xnV+rXD8V0H0DQ= +kernel.org/pub/linux/libs/security/libcap/psx v1.2.78/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24= oras.land/oras-go/v2 v2.6.0 h1:X4ELRsiGkrbeox69+9tzTu492FMUu7zJQW6eJU+I2oc= oras.land/oras-go/v2 v2.6.0/go.mod h1:magiQDfG6H1O9APp+rOsvCPcW1GD2MM7vgnKY0Y+u1o= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.34.0 h1:hSfpvjjTQXQY2Fol2CS0QHMNs/WI1MOSGzCm1KhM5ec= diff --git a/vendor/github.com/aquasecurity/libbpfgo/Makefile b/vendor/github.com/aquasecurity/libbpfgo/Makefile index 7e4d2a102d..11d1a8138c 100644 --- a/vendor/github.com/aquasecurity/libbpfgo/Makefile +++ b/vendor/github.com/aquasecurity/libbpfgo/Makefile @@ -6,7 +6,6 @@ BASEDIR = $(abspath ./) OUTPUT = ./output SELFTEST = ./selftest -HELPERS = ./helpers CLANG := clang CC := $(CLANG) @@ -124,17 +123,32 @@ endif # selftests +# To set a minimum Go version requirement for a specific selftest: +# 1. Create a .go-version file in the selftest directory (e.g., selftest/my-test/.go-version) +# 2. Add the minimum version in major.minor format (e.g., "1.21" for Go 1.21.0 or higher) +# 3. The selftest will be automatically skipped if the current Go version is lower +# Example: echo "1.21" > selftest/my-advanced-test/.go-version + +# current Go version (major.minor format) +GO_VERSION := $(shell $(GO) version | sed -n 's/.*go\([0-9]*\.[0-9]*\).*/\1/p') SELFTESTS = $(shell find $(SELFTEST) -mindepth 1 -maxdepth 1 -type d ! -name 'common' ! -name 'build') define FOREACH - SELFTESTERR=0; \ - for DIR in $(SELFTESTS); do \ - echo "INFO: entering $$DIR..."; \ - $(MAKE) -j1 -C $$DIR $(1) || SELFTESTERR=1; \ - done; \ - if [ $$SELFTESTERR -eq 1 ]; then \ - exit 1; \ - fi + SELFTESTERR=0; \ + for DIR in $(SELFTESTS); do \ + echo "INFO: entering $$DIR..."; \ + if [ -f "$$DIR/.go-version" ]; then \ + REQUIRED_VERSION=$$(cat "$$DIR/.go-version"); \ + if ! printf '%s\n%s\n' "$$REQUIRED_VERSION" "$(GO_VERSION)" | sort -V -C; then \ + echo "INFO: skipping $$DIR (requires Go $$REQUIRED_VERSION, current: $(GO_VERSION))"; \ + continue; \ + fi; \ + fi; \ + $(MAKE) -j1 -C $$DIR $(1) || SELFTESTERR=1; \ + done; \ + if [ $$SELFTESTERR -eq 1 ]; then \ + exit 1; \ + fi endef .PHONY: selftest @@ -162,25 +176,6 @@ selftest-dynamic-run: selftest-clean: $(call FOREACH, clean) -# helpers test - -.PHONY: helpers-test-run -.PHONY: helpers-test-static-run -.PHONY: helpers-test-dynamic-run - -helpers-test-run: helpers-test-static-run - -helpers-test-static-run: libbpfgo-static - cd $(HELPERS) && \ - CC=$(CLANG) \ - CGO_CFLAGS=$(CGO_CFLAGS_STATIC) \ - CGO_LDFLAGS=$(CGO_LDFLAGS_STATIC) \ - sudo -E env PATH=$(PATH) $(GO) test -v ./... - -helpers-test-dynamic-run: libbpfgo-dynamic - cd $(HELPERS) && \ - sudo $(GO) test -v ./... - # vagrant VAGRANT_DIR = $(abspath ./builder) diff --git a/vendor/github.com/aquasecurity/libbpfgo/Readme.md b/vendor/github.com/aquasecurity/libbpfgo/Readme.md index ec9306e00d..a1f027a50c 100644 --- a/vendor/github.com/aquasecurity/libbpfgo/Readme.md +++ b/vendor/github.com/aquasecurity/libbpfgo/Readme.md @@ -37,7 +37,6 @@ Currently you will find the following GNU Makefile rules: | clean | cleans entire tree | | selftest | builds all selftests (static) | | selftest-run | runs all selftests (static) | -| helpers-test-run | runs all helpers tests (static) | * libbpf dynamically linked (libbpf from OS) @@ -47,7 +46,6 @@ Currently you will find the following GNU Makefile rules: | libbpfgo-dynamic-test | 'go test' with dynamic libbpfgo | | selftest-dynamic | build tests with dynamic libbpfgo | | selftest-dynamic-run | run tests using dynamic libbpfgo | -| helpers-test-dynamic-run | run helpers package unit tests using dynamic libbpfgo | * statically compiled (libbpf submodule) @@ -57,7 +55,6 @@ Currently you will find the following GNU Makefile rules: | libbpfgo-static-test | 'go test' with static libbpfgo | | selftest-static | build tests with static libbpfgo | | selftest-static-run | run tests using static libbpfgo | -| helpers-test-static-run | run helpers package unit tests using static libbpfgo | * examples diff --git a/vendor/github.com/aquasecurity/libbpfgo/libbpfgo.go b/vendor/github.com/aquasecurity/libbpfgo/libbpfgo.go index f6dabf2d69..98fa576803 100644 --- a/vendor/github.com/aquasecurity/libbpfgo/libbpfgo.go +++ b/vendor/github.com/aquasecurity/libbpfgo/libbpfgo.go @@ -80,7 +80,7 @@ func SetStrictMode(mode LibbpfStrictMode) { func BPFProgramTypeIsSupported(progType BPFProgType) (bool, error) { supportedC := C.libbpf_probe_bpf_prog_type(C.enum_bpf_prog_type(int(progType)), nil) - if supportedC < 1 { + if supportedC < 0 { return false, syscall.Errno(-supportedC) } @@ -89,7 +89,7 @@ func BPFProgramTypeIsSupported(progType BPFProgType) (bool, error) { func BPFMapTypeIsSupported(mapType MapType) (bool, error) { supportedC := C.libbpf_probe_bpf_map_type(C.enum_bpf_map_type(int(mapType)), nil) - if supportedC < 1 { + if supportedC < 0 { return false, syscall.Errno(-supportedC) } diff --git a/vendor/github.com/aquasecurity/libbpfgo/map.go b/vendor/github.com/aquasecurity/libbpfgo/map.go index a9aeee87f4..10db3aa104 100644 --- a/vendor/github.com/aquasecurity/libbpfgo/map.go +++ b/vendor/github.com/aquasecurity/libbpfgo/map.go @@ -7,6 +7,7 @@ package libbpfgo import "C" import ( + "errors" "fmt" "syscall" "unsafe" @@ -310,6 +311,8 @@ func (m *BPFMap) Unpin(pinPath string) error { return nil } +var ErrNoInnerMap = errors.New("map has no inner map") + // // BPFMap Map of Maps // @@ -324,7 +327,12 @@ func (m *BPFMap) Unpin(pinPath string) error { // https://lore.kernel.org/bpf/20200429002739.48006-4-andriin@fb.com/ func (m *BPFMap) InnerMapInfo() (*BPFMapInfo, error) { innerMapC, errno := C.bpf_map__inner_map(m.bpfMap) + if innerMapC == nil { + // EINVAL is returned if the map is not a map of maps + if errno == syscall.EINVAL { + return nil, ErrNoInnerMap + } return nil, fmt.Errorf("failed to get inner map for %s: %w", m.Name(), errno) } diff --git a/vendor/github.com/aquasecurity/libbpfgo/module.go b/vendor/github.com/aquasecurity/libbpfgo/module.go index 6967acd9cf..60b397a9d9 100644 --- a/vendor/github.com/aquasecurity/libbpfgo/module.go +++ b/vendor/github.com/aquasecurity/libbpfgo/module.go @@ -115,9 +115,12 @@ func NewModuleFromBufferArgs(args NewModuleArgs) (*Module, error) { } C.cgo_libbpf_set_print_fn() - // TODO: remove this once libbpf memory limit bump issue is solved - if err := bumpMemlockRlimit(); err != nil { - return nil, err + // If skipped, we rely on libbpf to do the bumping if deemed necessary + if !args.SkipMemlockBump { + // TODO: remove this once libbpf memory limit bump issue is solved + if err := bumpMemlockRlimit(); err != nil { + return nil, err + } } var btfFilePathC *C.char diff --git a/vendor/modules.txt b/vendor/modules.txt index cd669a9990..b31c06ee4f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -265,7 +265,7 @@ github.com/aliyun/credentials-go/credentials/utils # github.com/antlr4-go/antlr/v4 v4.13.1 ## explicit; go 1.22 github.com/antlr4-go/antlr/v4 -# github.com/aquasecurity/libbpfgo v0.9.2-libbpf-1.5.1 +# github.com/aquasecurity/libbpfgo v0.10.0-libbpf-1.5.1 ## explicit; go 1.21 github.com/aquasecurity/libbpfgo # github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2