Use Aya in the userspace

This change replaces libbpf-rs with Aya as a loader of eBPF programs in
the userspace part in lockc.

eBPF programs still remain written in C and are going to be rewritten in
Rust in separate changes.

Another change is change of logging library to tracing.

Fixes: #135
Fixes: #106
Signed-off-by: Michal Rostecki <[email protected]>

Author: vadorovsky

Cargo.toml

@@ -1,6 +1,5 @@
 [workspace]
 members = [
     "lockc",
-    "lockc-uprobes",
     "xtask",
 ]

lockc-uprobes/Cargo.toml

@@ -12,38 +12,31 @@ license = "Apache-2.0 AND GPL-2.0-or-later"
 [badges]
 maintenance = { status = "actively-developed" }
 
-[lib]
-name = "lockc"
-
 [dependencies]
 anyhow = "1.0"
+aya = { git = "https://github.com/aya-rs/aya", branch = "main", features=["async_tokio"] }
 bindgen = "0.59"
 byteorder = "1.4"
-chrono = { version = "0.4", default-features = false, features = ["clock"] }
+clap = { version = "3.0", features = ["derive"] }
 config = { version = "0.11", default-features = false, features = ["toml"] }
-ctrlc = "3.2"
 fanotify-rs = { git = "https://github.com/vadorovsky/fanotify-rs", branch = "fix-pid-type" }
 futures = "0.3"
-goblin = "0.4"
 kube = "0.67"
 k8s-openapi = { version = "0.14", default-features = false, features = ["v1_23"] }
 lazy_static = "1.4"
 libc = { version = "0.2", features = [ "extra_traits" ] }
-libbpf-rs = "0.14"
-lockc-uprobes = { path = "../lockc-uprobes" }
 log = "0.4"
 nix = "0.23"
-plain = "0.2"
 procfs = "0.12"
 regex = { version = "1.5", default-features = false, features = ["perf"] }
 scopeguard = "1.1"
 serde = "1.0"
 serde_json = "1.0"
-simplelog = "0.11"
-sysctl = "0.4"
 thiserror = "1.0"
 tokio = { version = "1.7", features = ["macros", "process", "rt-multi-thread"] }
-which = "4.2"
+tracing = "0.1"
+tracing-core = "0.1"
+tracing-subscriber = { version = "0.3", features = ["json"] }
 
 [build-dependencies]
 anyhow = "1.0"
@@ -55,3 +48,6 @@ thiserror = "1.0"
 
 [dev-dependencies]
 tempfile = "3.2.0"
+
+[features]
+tests_bpf = []

lockc-uprobes/src/lib.rs

@@ -5,64 +5,52 @@
 #![allow(non_snake_case)]
 include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
 
-use byteorder::{NativeEndian, WriteBytesExt};
+use std::ffi::CString;
 
-#[derive(thiserror::Error, Debug)]
+use thiserror::Error;
+
+#[derive(Error, Debug)]
 pub enum NewBpfstructError {
-    #[error("FFI nul error")]
+    #[error(transparent)]
     NulError(#[from] std::ffi::NulError),
-}
-
-#[derive(thiserror::Error, Debug)]
-pub enum MapOperationError {
-    #[error("could not convert the key to a byte array")]
-    ByteWriteError(#[from] std::io::Error),
-
-    #[error("libbpf error")]
-    LibbpfError(#[from] libbpf_rs::Error),
-}
 
-/// Deletes an entry from the given map under the given key.
-pub fn map_delete(map: &mut libbpf_rs::Map, key: u32) -> Result<(), MapOperationError> {
-    let mut key_b = vec![];
-    key_b.write_u32::<NativeEndian>(key)?;
-
-    map.delete(&key_b)?;
-
-    Ok(())
+    #[error("could not convert Vec<u8> to CString")]
+    VecU8CStringConv,
 }
 
-pub trait BpfStruct {
-    /// Updates the given map with an entry under the given key and a value
-    /// with a binary representation of the struct.
-    fn map_update(&self, map: &mut libbpf_rs::Map, key: u32) -> Result<(), MapOperationError> {
-        let mut key_b = vec![];
-        key_b.write_u32::<NativeEndian>(key)?;
-
-        let val_b = unsafe { plain::as_bytes(self) };
-
-        map.update(&key_b, val_b, libbpf_rs::MapFlags::empty())?;
-
-        Ok(())
-    }
-}
-
-impl BpfStruct for container {}
-impl BpfStruct for process {}
-impl BpfStruct for accessed_path {}
-
 impl accessed_path {
     /// Creates a new accessed_path instance and converts the given Rust string
     /// into C fixed-size char array.
     pub fn new(path: &str) -> Result<Self, NewBpfstructError> {
-        let mut path_b = std::ffi::CString::new(path)?.into_bytes_with_nul();
+        let mut path_b = CString::new(path)?.into_bytes_with_nul();
         path_b.resize(PATH_LEN as usize, 0);
         Ok(accessed_path {
-            path: path_b.try_into().unwrap(),
+            path: path_b
+                .try_into()
+                .map_err(|_| NewBpfstructError::VecU8CStringConv)?,
         })
     }
 }
 
+impl container_id {
+    /// Creates a new container_id instance and converts the given Rust string
+    /// into C fixed size char array.
+    pub fn new(id: &str) -> Result<Self, NewBpfstructError> {
+        let mut id_b = CString::new(id)?.into_bytes_with_nul();
+        id_b.resize(CONTAINER_ID_LIMIT as usize, 0);
+        Ok(container_id {
+            id: id_b
+                .try_into()
+                .map_err(|_| NewBpfstructError::VecU8CStringConv)?,
+        })
+    }
+}
+
+unsafe impl aya::Pod for accessed_path {}
+unsafe impl aya::Pod for container {}
+unsafe impl aya::Pod for container_id {}
+unsafe impl aya::Pod for process {}
+
 #[cfg(test)]
 mod tests {
     use super::*;

lockc/Cargo.toml

@@ -0,0 +1,24 @@
+use tokio::sync::oneshot;
+
+use crate::{bpfstructs::container_policy_level, maps::MapOperationError};
+
+/// Set of commands that the fanotify thread can send to the eBPF thread
+/// to request eBPF map operations.
+#[derive(Debug)]
+pub enum EbpfCommand {
+    AddContainer {
+        container_id: String,
+        pid: i32,
+        policy_level: container_policy_level,
+        responder_tx: oneshot::Sender<Result<(), MapOperationError>>,
+    },
+    DeleteContainer {
+        container_id: String,
+        responder_tx: oneshot::Sender<Result<(), MapOperationError>>,
+    },
+    AddProcess {
+        container_id: String,
+        pid: i32,
+        responder_tx: oneshot::Sender<Result<(), MapOperationError>>,
+    },
+}