-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Go tests for memfd and friends #186
base: main
Are you sure you want to change the base?
Conversation
f3d4e40
to
c8f17a0
Compare
a36eaf7
to
244b7ee
Compare
testing/kernel_builder/.config
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like this file doesn't need to be commited? It's generated in testing/kernel_builder/build.sh
. It also contains the same content repeatedly. I guess because it's not cleaned up between running build.sh
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed in latest version
@@ -2,10 +2,11 @@ from debian:bullseye | |||
|
|||
RUN dpkg --add-architecture arm64 | |||
RUN apt-get -y update | |||
RUN apt-get -y install xz-utils |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did this need to be in a separate command?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I moved it to the next command with all installs
testing/kernel_builder/Makefile
Outdated
${CONTAINER_ENGINE} run -v ${PWD}:/work ${IMAGE}-new:${TAG} | ||
|
||
image: | ||
${CONTAINER_ENGINE} build -f Dockerfile.old -t ${IMAGE}-old:${TAG} | ||
${CONTAINER_ENGINE} build -f Dockerfile.new -t ${IMAGE}-new:${TAG} | ||
${CONTAINER_ENGINE} build -f Dockerfile.new -t ${IMAGE}-new:${TAG} . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you could rename Dockerfile.new
to just Dockerfile
now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep, its one Dockerfile now
int key = 0x0afebabe; | ||
int size = 1024; | ||
long int shmflg = 0666 |IPC_CREAT; | ||
int shmid = shmget(key, size, shmflg); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this check for an error from shmget
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not necessary I think, currently we only monitor the attempt to shmget
, regardless if it failed or not - shmid does not go into ECS (we can think about logging return values later but that would be more probes)
341211f
to
57ac1d2
Compare
db88ffc
to
84bdd93
Compare
bab76d7
to
cd2f5bb
Compare
73461e2
to
bf24044
Compare
Those are partially imported source files that are best to leave unchanged.
Co-authored-by: Nicholas Berlin <[email protected]>
c572c2c
to
1847b17
Compare
Alright, I'm taking this over; apologies if I break things... |
Github is preventing me from approving this PR as I created it.
Otherwise good, thanks for the changes!! |
Add Go tests for all probes except
load_kernel_module
(this one will come in the next PR).Test for
shm_open
was not integrated because of complicated dependencies (libraries) of that glibc API that are difficult to integrate into the busybox of the kernel_testerStandalone versions of the
poc_*
C tests can be viewed here:https://github.com/elastic/linux-fileless-execution