This article is available at: https://www.ebpf.top/post/bpf_capabilities_debug Author: kira skyler Introduction Unleash the Power of eBPF to Track Capability Changes Introduction In the Linux operating system, “capabilities” are a permission mechanism used for all privileges in the Linux system, finely divided into multiple independent permission bits. This way, users or processes can be granted only the specific permissions needed to perform specific tasks, without requiring all permissions. In the Linux capabilities system, permission assignments are divided into different sets, such as the Inheritable set, Permitted set, Effective set, Bounding set, and Ambient set. Each set controls the permissions of processes or threads in different scenarios. These capabilities may change under different circumstances, such as switching users, where a new user may likely have a different set of capabilities, and these sets may change according to different rules when creating child processes or executing new programs.……

Continue reading

This article can be found at: https://www.ebpf.top/post/ebpf_rust_aya 1. Introduction 2. Setting Up Rust Development Environment 2.1 Create a VM Virtual Machine 2.2 Install Rust Development Environment 2.3 Install Dependencies for bpf-linker and bpftool 3. Aya Guide to Create eBPF Programs 3.1 Creating a Project Using the Guide 3.2 Compile eBPF Program 3.3 Run User-space Program 4. Conclusion References 1. Introduction A significant change in Linux Kernel version 6.1 is the introduction of support for the Rust programming language. Rust is a system programming language that offers robust compile-time guarantees and precise control over memory lifetimes. Integrating Rust language into kernel development will bring additional safety measures to the early stages of kernel development. eBPF is a technology in the kernel that enables running user-defined programs based on events, with a validator mechanism ensuring the security of eBPF programs running in……

Continue reading

This article can be found at: https://www.ebpf.top/post/no_space_left_on_devices 1. Understanding “no space left on device” Error 2. Problem Analysis and Localization 2.1 Preliminary Identification of Problematic Function 2.2 Locating the Root Cause of the Issue 2.3 Identifying the Root Cause of the Issue 3. Analysis of Discrepancies Between Code Flow and Tracing Process References Recently, there have been cases of failures in creating containers with the error “no space left on device” in the production environment. However, during the investigation, it was found that disk space and inodes were quite normal. In cases where conventional troubleshooting methods have failed, is there a quick and universal approach to pinpointing the root cause of the problem? This article records the analysis and troubleshooting process using eBPF + Ftrace in a separate environment. Considering the general applicability of this approach, it has been organized in the hope of serving as a stepping stone for further exploration.……

Continue reading