Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove SYS_PTRACE #388

Merged
merged 7 commits into from
Oct 20, 2023
Merged

Remove SYS_PTRACE #388

merged 7 commits into from
Oct 20, 2023

Conversation

pellared
Copy link
Member

@pellared pellared commented Oct 16, 2023
edited
Loading

@pellared
Copy link
Member Author

pellared commented Oct 16, 2023
edited
Loading

@edeNFed @RonFed Do you know from where the SYS_PTRACE requirement comes from? I do not think it is valid.

@pellared pellared added the documentation Improvements or additions to documentation label Oct 16, 2023
@pellared pellared marked this pull request as ready for review October 16, 2023 09:53
@pellared pellared requested a review from a team October 16, 2023 09:53
pellared
pellared commented Oct 16, 2023
View reviewed changes
CHANGELOG.md Show resolved Hide resolved
@RonFed
Copy link
Contributor

RonFed commented Oct 16, 2023

@edeNFed @RonFed Do you know from where the SYS_PTRACE requirement comes from?

It is there since we are using ptrace to allocate memory for the traced process.
Assuming we are running as root (which we have to assume I think), this is probably not needed

@pellared pellared mentioned this pull request Oct 16, 2023
Merged
@pellared
Copy link
Member Author

pellared commented Oct 16, 2023
edited
Loading

@edeNFed @RonFed Do you know from where the SYS_PTRACE requirement comes from?

It is there since we are using ptrace to allocate memory for the traced process. Assuming we are running as root (which we have to assume I think), this is probably not needed

You are right.

From https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities

The --privileged flag gives all capabilities to the container.

I was thinking if we could run without root (unprivileged). But I do not know enough about eBPF security to know if there is a possibility to securely configure it.

I quickly ran through :

I think we can merge this PR.

MrAlias
MrAlias approved these changes Oct 18, 2023
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
@MrAlias MrAlias merged commit 3034872 into open-telemetry:main Oct 20, 2023
@pellared pellared deleted the remove-SYS_PTRACE branch October 20, 2023 16:05
@MrAlias MrAlias added this to the v0.8.0-alpha milestone Nov 14, 2023
@MrAlias MrAlias mentioned this pull request Nov 14, 2023
Merged
@dzy176 dzy176 mentioned this pull request Jan 7, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrAlias MrAlias MrAlias approved these changes

Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
v0.8.0-alpha
Development

Successfully merging this pull request may close these issues.
3 participants
@pellared @RonFed @MrAlias