Skip to content

Commit

Permalink
fix: update rlimit in CAP_BPF detection
Browse files Browse the repository at this point in the history 
When there's no locked memory, it will fail to detect CAP_BPF by
creating a bpf prog.

Signed-off-by: Leon Hwang <[email protected]>
  • Loading branch information
@Asphaltt
Asphaltt committed Dec 27, 2024
1 parent b01cb60 commit 31f1364
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion cli/cmd/env_detection.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (

"github.com/cilium/ebpf"
"github.com/cilium/ebpf/asm"
"github.com/cilium/ebpf/rlimit"
"github.com/gojue/ecapture/pkg/util/kernel"
"golang.org/x/sys/unix"
)
Expand All @@ -47,6 +48,11 @@ func detectKernel() error {
return nil
}
func detectBpfCap() error {
err := rlimit.RemoveMemlock()
if err != nil {
return fmt.Errorf("failed to remove rlimit memlock: %v", err)
}

// BPF 权限检测
prog, err := ebpf.NewProgram(&ebpf.ProgramSpec{
Name: "uprobe_dummy",
Expand All @@ -59,7 +65,7 @@ func detectBpfCap() error {
})
if err != nil {
if errors.Is(err, unix.EPERM) {
return fmt.Errorf("the current user does not have CAP_BPF to load bpf programs. Please run as root or use sudo or add the --privileged=true flag for Docker.")
return fmt.Errorf("the current user does not have CAP_BPF to load bpf programs. Please run as root or use sudo or add the --privileged=true flag for Docker. Error: %v", err)
}

return fmt.Errorf("failed to create bpf program: %v", err)
Expand Down

0 comments on commit 31f1364

Please sign in to comment.