Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Contributing docs #4424

Open
wants to merge 24 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 22 commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
bcc39f7
add first changes to guidelines
ShohamBit Dec 9, 2024
55663e1
improve docs of guidelines and overview in contributing
ShohamBit Dec 10, 2024
95e86cc
combine documentation and code guidelines
ShohamBit Dec 10, 2024
2b29f81
improve docs for setup development machine
ShohamBit Dec 10, 2024
0dbe799
improve building tracee docs
ShohamBit Dec 10, 2024
482c107
improve environment building docs
ShohamBit Dec 11, 2024
4bfe816
change console to bash
ShohamBit Dec 11, 2024
3b78323
add Kubernetes, Performance and Man docs to tracee
ShohamBit Dec 11, 2024
c61ecc5
Merge branch 'main' of https://github.com/aquasecurity/tracee into co…
ShohamBit Dec 11, 2024
363e7b2
add checkers docsto guidelines
ShohamBit Dec 11, 2024
0501e58
fix minor issues
ShohamBit Dec 11, 2024
a6b3995
resolve most changes
ShohamBit Dec 12, 2024
ab51f00
improve metrics=1 docs
ShohamBit Dec 17, 2024
540c8ce
improve guidelines to use makefiles mostly
ShohamBit Dec 17, 2024
c14fbca
update make help
ShohamBit Dec 22, 2024
4aae9c7
add help text
ShohamBit Dec 22, 2024
5b9a520
Merge branch 'main' of https://github.com/aquasecurity/tracee into co…
ShohamBit Dec 24, 2024
fe05d9a
enhance Issues docs part, added candidate labe docs
ShohamBit Jan 7, 2025
8d70805
Update docs/contributing/overview.md
ShohamBit Jan 8, 2025
6153e85
enhance backported and cherry-picked labels docs
ShohamBit Jan 8, 2025
9f72406
add candidate label docs
ShohamBit Jan 8, 2025
f63b97d
Merge branch 'contributing_docs' of https://github.com/ShohamBit/trac…
ShohamBit Jan 8, 2025
1ea57fb
Merge branch 'main' of https://github.com/aquasecurity/tracee into co…
ShohamBit Jan 8, 2025
0a6f8cc
added backport and cherry-pick labels
ShohamBit Jan 8, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -320,6 +320,7 @@ help:
@echo " $$ STATIC=1 make ... # build static binaries"
@echo " $$ BTFHUB=1 STATIC=1 make ... # build static binaries, embed BTF"
@echo " $$ DEBUG=1 make ... # build binaries with debug symbols"
@echo " $$ METRICS=1 make ... # build enabling BPF metrics"
@echo ""

#
Expand Down
87 changes: 20 additions & 67 deletions docs/contributing/building/building.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,23 +32,13 @@

3. **Clone** [tracee repository](https://github.com/aquasecurity/tracee/)

```console
git clone [email protected]:aquasecurity/tracee
```

```text
Cloning into 'tracee'...
remote: Enumerating objects: 13251, done.
remote: Counting objects: 100% (555/555), done.
remote: Compressing objects: 100% (240/240), done.
remote: Total 13251 (delta 343), reused 369 (delta 280), pack-reused 12696
Receiving objects: 100% (13251/13251), 11.75 MiB | 8.62 MiB/s, done.
Resolving deltas: 100% (8105/8105), done.
```bash
git clone [https://github.com/aquasecurity/tracee/](https://github.com/aquasecurity/tracee/)
```

4. All makefiles have a **help** target to give you needed instructions

```console
```bash
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
make help
```

Expand All @@ -64,10 +54,12 @@
$ make tracee-ebpf # build ./dist/tracee-ebpf
$ make tracee-rules # build ./dist/tracee-rules
$ make tracee-bench # build ./dist/tracee-bench
$ make tracee-gptdocs # build ./dist/tracee-gptdocs
$ make signatures # build ./dist/signatures
$ make e2e-net-signatures # build ./dist/e2e-net-signatures
$ make e2e-inst-signatures # build ./dist/e2e-inst-signatures
$ make tracee # build ./dist/tracee
$ make tracee-operator # build ./dist/tracee-operator

# clean

Expand All @@ -78,6 +70,7 @@
$ make clean-tracee-bench # wipe ./dist/tracee-bench
$ make clean-signatures # wipe ./dist/signatures
$ make clean-tracee # wipe ./dist/tracee
$ make clean-tracee-operator # wipe ./dist/tracee-operator

# test

Expand All @@ -90,65 +83,28 @@
$ STATIC=1 make ... # build static binaries
$ BTFHUB=1 STATIC=1 make ... # build static binaries, embed BTF
$ DEBUG=1 make ... # build binaries with debug symbols
$ METRICS=1 make ... # build enabling BPF metrics

```

5. Build **all** targets at once

```console
```bash
make all
```

```text
Submodule 'libbpf' (https://github.com/libbpf/libbpf.git) registered for path '3rdparty/libbpf'
Cloning into '/home/rafaeldtinoco/tracee/3rdparty/libbpf'...
mkdir -p dist/signatures
GOOS=linux CC=clang GOARCH=amd64 CGO_CFLAGS= CGO_LDFLAGS= go build \
--buildmode=plugin \
-o dist/signatures/builtin.so \
signatures/golang/export.go signatures/golang/kubernetes_api_connection.go signatures/golang/stdio_over_socket.go
```

6. Build a **static binary** by setting `STATIC=1`

```console
```bash
STATIC=1 make all
```

```text
CC="clang" \
CFLAGS=""-fPIC"" \
LD_FLAGS="" \
make \
-C ./3rdparty/libbpf/src \
BUILD_STATIC_ONLY=1 \
DESTDIR=/home/rafaeldtinoco/tracee/dist/libbpf \
OBJDIR=/home/rafaeldtinoco/tracee/dist/libbpf/obj \
INCLUDEDIR= LIBDIR= UAPIDIR= prefix= libdir= \
install install_uapi_headers
...
```

7. Build a **static binary** with [BTFHUB Support](https://github.com/aquasecurity/btfhub)

```console
```bash
BTFHUB=1 STATIC=1 make all
```

```text
Cloning into '/home/rafaeldtinoco/tracee/3rdparty/btfhub'...
remote: Enumerating objects: 205, done.
remote: Counting objects: 100% (16/16), done.
remote: Compressing objects: 100% (12/12), done.
remote: Total 205 (delta 4), reused 10 (delta 3), pack-reused 189
Receiving objects: 100% (205/205), 10.59 MiB | 7.56 MiB/s, done.
Resolving deltas: 100% (73/73), done.
Cloning into '/home/rafaeldtinoco/tracee/3rdparty/btfhub-archive'...
remote: Enumerating objects: 1993, done.
remote: Counting objects: 100% (28/28), done.
remote: Compressing objects: 100% (23/23), done.
Receiving objects: 15% (301/1993), 154.97 MiB | 15.72 MiB/s
```

!!! Note
BTFHUB support will embed several very small files (BTF files) into your
final binary. Those files will allow **tracee** binary to be executed
Expand All @@ -163,19 +119,16 @@
>plugin.Open("/tracee/dist/signatures/builtin.so"): Dynamic loading not supported
>```

8. Build a **debugable binary** with DWARF generation by setting `DEBUG=1`
8. Build a **debuggable binary** with DWARF generation by setting `DEBUG=1`

```console
```bash
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved
DEBUG=1 make
```

```text
GOOS=linux CC=clang GOARCH=amd64 CGO_CFLAGS="-I/home/gg/code/tracee/dist/libbpf" CGO_LDFLAGS="-lelf -lz /home/gg/code/tracee/dist/libbpf/libbpf.a" go build \
-tags core,ebpf \
-ldflags=" \
-extldflags \"\" \
-X main.version=\"v0.8.0-107-g121efeb\" \
" \
-v -o dist/tracee \
./cmd/tracee

9. Build enabling BPF metrics by setting `METRICS=1`.
ShohamBit marked this conversation as resolved.
Show resolved Hide resolved

BPF metrics are only available if the BPF object is built with `METRICS` debug flag defined.

```bash
METRICS=1 make
```
185 changes: 85 additions & 100 deletions docs/contributing/building/environment.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,72 +14,44 @@
If you want to build tracee on your local machine
[read this](./building.md).

## Quick steps

## Quick steps (**impatient readers**)
1. Build tracee environment:

!!! Example

* Build and execute **tracee**:

```console
make -f builder/Makefile.tracee-make alpine-prepare
make -f builder/Makefile.tracee-make alpine-shell
```

and inside the container:

```console
make clean
make tracee
sudo ./dist/tracee \
-o option:parse-arguments \
--scope comm=bash \
--scope follow
```

Now, in your host's bash shell, execute a command. You will see all events
(except scheduler ones) being printed, in "table format", to stdout.

* Build and execute **tracee**:

```console
make -f builder/Makefile.tracee-make alpine-prepare
make -f builder/Makefile.tracee-make alpine-shell
```
```bash
make -f builder/Makefile.tracee-make alpine-prepare
make -f builder/Makefile.tracee-make alpine-shell
```

and inside the container:
2. Build and execute tracee:

```console
make clean
make all
sudo ./dist/tracee \
-o format:json \
-o option:parse-arguments \
--scope comm=bash \
--scope follow
```

Now, in your host's bash shell, execute: `sudo strace /bin/ls` and observe
tracee warning you about a possible risk (with its Anti-Debugging signature).
```bash
make clean
make tracee
sudo ./dist/tracee \
-o option:parse-arguments \
--scope comm=bash \
--scope follow
```

Now, for **more patient readers** ...
Now, in your host's shell, execute a command. You will see all events
(except scheduler ones) being printed, in "table format", to stdout.

## How to build and use the environment

In order to have a controlled building environment for tracee, tracee provides
a `Makefile.tracee-make` file that allows you to create and use a docker
container environment to build & test **tracee**.
a `Makefile.tracee-make` file that allows you to create and use a docker container environment to build & test **tracee**.

There are Two different environments that are maintained for building tracee:

Two different environments are maintained for building tracee:
* **Alpine**
* **Ubuntu**

* Alpine
* Ubuntu
The reason for that is that **Alpine Linux** is based in the [musl](https://en.wikipedia.org/wiki/Musl) C standard library.

The reason for that is that **Alpine Linux** is based in the
[musl](https://en.wikipedia.org/wiki/Musl) C standard library, while the
**Ubuntu Linux** uses [glibc](https://en.wikipedia.org/wiki/Glibc). By
supporting both building environments we can always be sure that the project
builds (and executes) correctly in both environments.
while the **Ubuntu Linux** uses [glibc](https://en.wikipedia.org/wiki/Glibc).

By supporting both building environments we can always be sure that the project builds (and executes) correctly in both environments.

!!! Attention
Locally created containers, called `alpine-tracee-make` or
Expand All @@ -91,81 +63,94 @@ builds (and executes) correctly in both environments.

* To create an **alpine-tracee-make** container:

```console
```bash
make -f builder/Makefile.tracee-make alpine-prepare
```

* To create an **ubuntu-tracee-make** container:

```console
```bash
make -f builder/Makefile.tracee-make ubuntu-prepare
```

### Executing a builder environment

* To execute an **alpine-tracee-make** shell:

```console
```bash
make -f builder/Makefile.tracee-make alpine-shell
```

* To execute an **ubuntu-tracee-make** shell:

```console
```bash
make -f builder/Makefile.tracee-make ubuntu-shell
```

### Using build environment as a **make** replacement

Instead of executing a builder shell, you may use `alpine-tracee-make`, or
`ubuntu-tracee-make`, as a replacement for the `make` command:
Instead of executing a builder shell, you may use `alpine-make`, or
`ubuntu-make`, as a replacement for the `make` command:

```console
make -f builder/Makefile.tracee-make ubuntu-prepare
make -f builder/Makefile.tracee-make ubuntu-make ARG="help"
make -f builder/Makefile.tracee-make ubuntu-make ARG="clean"
make -f builder/Makefile.tracee-make ubuntu-make ARG="bpf"
make -f builder/Makefile.tracee-make ubuntu-make ARG="tracee"
make -f builder/Makefile.tracee-make ubuntu-make ARG="all"
```
1. Create builder environment as described:
[Creating a builder environment](#creating-a-builder-environment)
2. Compile tracee using `ubuntu-make`

And, after the compilation, run the commands directly in your host:
* Build tracee binary:

```console
sudo ./dist/tracee \
-o option:parse-arguments \
--scope comm=bash \
--scope follow
```
```bash
make -f builder/Makefile.tracee-make ubuntu-make ARG="tracee"
```

> **Note**: the generated binary must be compatible to your host (depending on
> glibc version, for example).
* Show help for make file:

If you don't want to depend on host's libraries versions, or if you are using
the `alpine-tracee-make` container as a replacement for `make`, and your host
is not an **Alpine Linux**, then you may set `STATIC=1` variable so you can run
compiled binaries in your host:
```bash
make -f builder/Makefile.tracee-make ubuntu-make ARG="help"
```

```console
make -f builder/Makefile.tracee-make alpine-prepare
make -f builder/Makefile.tracee-make alpine-make ARG="help"
STATIC=1 make -f builder/Makefile.tracee-make alpine-make ARG="all"
```
* Remove tracee binary

and execute the static binary from your host:
```bash
make -f builder/Makefile.tracee-make ubuntu-make ARG="clean"
```

```console
ldd dist/tracee
```
* Build binaries for all

```text
not a dynamic executable
```
```bash
make -f builder/Makefile.tracee-make ubuntu-make ARG="all"
```

!!! Attention
compiling **tracee-rules** with STATIC=1 won't allow you to use golang based
signatures:
> ```text
> 2021/12/13 13:27:21 error opening plugin /tracee/dist/signatures/builtin.so:
> plugin.Open("/tracee/dist/signatures/builtin.so"): Dynamic loading not supported
> ```
3. Run tracee binary

```bash
sudo ./dist/tracee
```

> **Note**: the generated binary must be compatible to your host (depending on glibc version).

If you don't want to depend on host's libraries versions, or your host is not an **Alpine Linux** or you are using the `alpine-make` container as a replacement for `make`, then it's necessary to set `STATIC` variable to `1` so you can run compiled binaries in your host machine:

1. Compile tracee

```bash
make -f builder/Makefile.tracee-make alpine-prepare
STATIC=1 make -f builder/Makefile.tracee-make alpine-make ARG="all"
```

2. Verify the executable is static

* Note: ldd print the shared libraries required by an executable file

```bash
ldd dist/tracee
```

```text
not a dynamic executable
```

3. Execute the static binary from your host

```bash
sudo ./dist/tracee
```
Loading
Loading