diff --git a/NOTICE.txt b/NOTICE.txt index 9594ffd92d1..fadf4cc224b 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -12257,11 +12257,11 @@ SOFTWARE. -------------------------------------------------------------------------------- Dependency : github.com/elastic/ebpfevents -Version: v0.3.1 +Version: v0.3.2 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/ebpfevents@v0.3.1/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/ebpfevents@v0.3.2/LICENSE.txt: The https://github.com/elastic/ebpfevents repository contains source code under various licenses: diff --git a/go.mod b/go.mod index 9c99c0ec736..ceb49abc9fa 100644 --- a/go.mod +++ b/go.mod @@ -200,7 +200,7 @@ require ( github.com/aws/smithy-go v1.13.5 github.com/awslabs/kinesis-aggregation/go/v2 v2.0.0-20220623125934-28468a6701b5 github.com/elastic/bayeux v1.0.5 - github.com/elastic/ebpfevents v0.3.1 + github.com/elastic/ebpfevents v0.3.2 github.com/elastic/elastic-agent-autodiscover v0.6.7 github.com/elastic/elastic-agent-libs v0.7.5 github.com/elastic/elastic-agent-shipper-client v0.5.1-0.20230228231646-f04347b666f3 diff --git a/go.sum b/go.sum index 9651b9b0e5e..e3e4c7f568f 100644 --- a/go.sum +++ b/go.sum @@ -660,8 +660,8 @@ github.com/elastic/bayeux v1.0.5 h1:UceFq01ipmT3S8DzFK+uVAkbCdiPR0Bqei8qIGmUeY0= github.com/elastic/bayeux v1.0.5/go.mod h1:CSI4iP7qeo5MMlkznGvYKftp8M7qqP/3nzmVZoXHY68= github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3 h1:lnDkqiRFKm0rxdljqrj3lotWinO9+jFmeDXIC4gvIQs= github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3/go.mod h1:aPqzac6AYkipvp4hufTyMj5PDIphF3+At8zr7r51xjY= -github.com/elastic/ebpfevents v0.3.1 h1:cUP3QXx6MhRGVXWZSgNalY8y5Vd1dgC56DMfeejnXFU= -github.com/elastic/ebpfevents v0.3.1/go.mod h1:o21z5xup/9dK8u0Hg9bZRflSqqj1Zu5h2dg2hSTcUPQ= +github.com/elastic/ebpfevents v0.3.2 h1:UJ8kW5jw2TpUR5MEMaZ1O62sK9JQ+5xTlj+YpQC6BXc= +github.com/elastic/ebpfevents v0.3.2/go.mod h1:o21z5xup/9dK8u0Hg9bZRflSqqj1Zu5h2dg2hSTcUPQ= github.com/elastic/elastic-agent-autodiscover v0.6.7 h1:+KVjltN0rPsBrU8b156gV4lOTBgG/vt0efFCFARrf3g= github.com/elastic/elastic-agent-autodiscover v0.6.7/go.mod h1:hFeFqneS2r4jD0/QzGkrNk0YVdN0JGh7lCWdsH7zcI4= github.com/elastic/elastic-agent-client/v7 v7.6.0 h1:FEn6FjzynW4TIQo5G096Tr7xYK/P5LY9cSS6wRbXZTc= diff --git a/libbeat/ebpf/seccomp_linux.go b/libbeat/ebpf/seccomp_linux.go new file mode 100644 index 00000000000..0645395a6d7 --- /dev/null +++ b/libbeat/ebpf/seccomp_linux.go @@ -0,0 +1,42 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +//go:build linux + +package ebpf + +import ( + "runtime" + + "github.com/elastic/beats/v7/libbeat/common/seccomp" +) + +func init() { + switch runtime.GOARCH { + case "amd64", "arm64": + syscalls := []string{ + "bpf", + "eventfd2", // needed by ringbuf + "perf_event_open", // needed by tracepoints + "openat", // needed to create map + "newfstatat", // needed for BTF + } + if err := seccomp.ModifyDefaultPolicy(seccomp.AddSyscall, syscalls...); err != nil { + panic(err) + } + } +} diff --git a/libbeat/ebpf/types.go b/libbeat/ebpf/types.go new file mode 100644 index 00000000000..7292972522f --- /dev/null +++ b/libbeat/ebpf/types.go @@ -0,0 +1,29 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package ebpf + +import ( + "github.com/elastic/ebpfevents" +) + +type EventMask uint64 + +type Watcher interface { + Subscribe(string, EventMask) <-chan ebpfevents.Record + Unsubscribe(string) +} diff --git a/x-pack/auditbeat/internal/ebpf/watcher_linux.go b/libbeat/ebpf/watcher_linux.go similarity index 76% rename from x-pack/auditbeat/internal/ebpf/watcher_linux.go rename to libbeat/ebpf/watcher_linux.go index f751abe8019..edf69cd2217 100644 --- a/x-pack/auditbeat/internal/ebpf/watcher_linux.go +++ b/libbeat/ebpf/watcher_linux.go @@ -1,6 +1,19 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. //go:build linux diff --git a/libbeat/ebpf/watcher_other.go b/libbeat/ebpf/watcher_other.go new file mode 100644 index 00000000000..fc9da1b4cb8 --- /dev/null +++ b/libbeat/ebpf/watcher_other.go @@ -0,0 +1,28 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +//go:build !linux + +package ebpf + +import "errors" + +var ErrNotSupported = errors.New("not supported") + +func NewWatcher() (Watcher, error) { + return nil, ErrNotSupported +} diff --git a/x-pack/auditbeat/internal/ebpf/watcher_test.go b/libbeat/ebpf/watcher_test.go similarity index 55% rename from x-pack/auditbeat/internal/ebpf/watcher_test.go rename to libbeat/ebpf/watcher_test.go index 0fa13cebcef..13d27ffd52c 100644 --- a/x-pack/auditbeat/internal/ebpf/watcher_test.go +++ b/libbeat/ebpf/watcher_test.go @@ -1,6 +1,19 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. //go:build linux diff --git a/x-pack/auditbeat/internal/ebpf/seccomp_linux.go b/x-pack/auditbeat/internal/ebpf/seccomp_linux.go deleted file mode 100644 index 4771e388afd..00000000000 --- a/x-pack/auditbeat/internal/ebpf/seccomp_linux.go +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -//go:build linux - -package ebpf - -import ( - "runtime" - - "github.com/elastic/beats/v7/libbeat/common/seccomp" -) - -func init() { - switch runtime.GOARCH { - case "amd64", "arm64": - syscalls := []string{ - "bpf", - "eventfd2", // needed by ringbuf - "perf_event_open", // needed by tracepoints - "openat", // needed to create map - "newfstatat", // needed for BTF - } - if err := seccomp.ModifyDefaultPolicy(seccomp.AddSyscall, syscalls...); err != nil { - panic(err) - } - } -} diff --git a/x-pack/auditbeat/internal/ebpf/types.go b/x-pack/auditbeat/internal/ebpf/types.go deleted file mode 100644 index 8dec9a8401d..00000000000 --- a/x-pack/auditbeat/internal/ebpf/types.go +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package ebpf - -import ( - "github.com/elastic/ebpfevents" -) - -type EventMask uint64 - -type Watcher interface { - Subscribe(string, EventMask) <-chan ebpfevents.Record - Unsubscribe(string) -} diff --git a/x-pack/auditbeat/internal/ebpf/watcher_other.go b/x-pack/auditbeat/internal/ebpf/watcher_other.go deleted file mode 100644 index 8d13ba13596..00000000000 --- a/x-pack/auditbeat/internal/ebpf/watcher_other.go +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -//go:build !linux - -package ebpf - -import "errors" - -var ErrNotSupported = errors.New("not supported") - -func NewWatcher() (Watcher, error) { - return nil, ErrNotSupported -} diff --git a/x-pack/auditbeat/processors/add_session_metadata/provider/ebpf_provider/ebpf_provider.go b/x-pack/auditbeat/processors/add_session_metadata/provider/ebpf_provider/ebpf_provider.go index ea40955dcaf..1d8aa257980 100644 --- a/x-pack/auditbeat/processors/add_session_metadata/provider/ebpf_provider/ebpf_provider.go +++ b/x-pack/auditbeat/processors/add_session_metadata/provider/ebpf_provider/ebpf_provider.go @@ -13,7 +13,7 @@ import ( "github.com/mohae/deepcopy" "github.com/elastic/beats/v7/libbeat/beat" - "github.com/elastic/beats/v7/x-pack/auditbeat/internal/ebpf" + "github.com/elastic/beats/v7/libbeat/ebpf" "github.com/elastic/beats/v7/x-pack/auditbeat/processors/add_session_metadata/processdb" "github.com/elastic/beats/v7/x-pack/auditbeat/processors/add_session_metadata/provider" "github.com/elastic/beats/v7/x-pack/auditbeat/processors/add_session_metadata/types"