Skip to content

Commit

Permalink
MULTIARCH-4654: Enabled the Security Profiles Operator for ppc64le, a…
Browse files Browse the repository at this point in the history 
…dded fixes for seccomp and SELinux profiles, and verified functionality with logenricher.

Signed-off-by: Pranita Turrey <pranita.turrey@ibm.com>
  • Loading branch information
@pranitaT
pranitaT committed Jan 24, 2025
1 parent c1398b4 commit efec1f0
Show file tree
Hide file tree
Showing 18 changed files with 647 additions and 88 deletions.
13 changes: 8 additions & 5 deletions Dockerfile.ubi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,17 @@ USER root
WORKDIR /work

RUN dnf install -y \
libseccomp-devel
libseccomp-devel \
libbpf

ADD . /work
RUN mkdir -p build

# Use latest golang
RUN GO_VERSION=$(curl -sSfL "https://go.dev/VERSION?m=text" | head -n1) && \
curl -sSfL -o- https://go.dev/dl/$GO_VERSION.linux-amd64.tar.gz | \
tar xfz - -C /usr/local
RUN ARCH=$(arch | sed 's|x86_64|amd64|g' | sed 's|aarch64|arm64|g') && \
GO_VERSION=$(curl -sSfL https://go.dev/VERSION?m=text | head -n1) && \
curl -sSfL https://go.dev/dl/${GO_VERSION}.linux-${ARCH}.tar.gz | \
tar -xzf - -C /usr/local
ENV PATH="/usr/local/go/bin:$PATH"

ARG APPARMOR_ENABLED=0
Expand All @@ -48,7 +50,8 @@ ARG version
USER root

RUN microdnf install -y \
libseccomp
libseccomp \
libbpf

LABEL name="Security Profiles Operator" \
version=$version \
Expand Down
54 changes: 49 additions & 5 deletions bundle/manifests/security-profiles-operator-profile_v1_configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,54 @@ data:
security-profiles-operator.json: |
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": [
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X86",
"SCMP_ARCH_X32",
"SCMP_ARCH_AARCH64"
"archMap": [
{
"architecture": "SCMP_ARCH_X86_64",
"subArchitectures": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X32"
]
},
{
"architecture": "SCMP_ARCH_AARCH64",
"subArchitectures": [
"SCMP_ARCH_ARM"
]
},
{
"architecture": "SCMP_ARCH_MIPS64",
"subArchitectures": [
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64N32"
]
},
{
"architecture": "SCMP_ARCH_MIPS64N32",
"subArchitectures": [
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64"
]
},
{
"architecture": "SCMP_ARCH_MIPSEL64",
"subArchitectures": [
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64N32"
]
},
{
"architecture": "SCMP_ARCH_MIPSEL64N32",
"subArchitectures": [
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64"
]
},
{
"architecture": "SCMP_ARCH_S390X",
"subArchitectures": [
"SCMP_ARCH_S390"
]
}
],
"syscalls": [
{
Expand Down Expand Up @@ -91,6 +134,7 @@ data:
"setuid",
"sigaltstack",
"socket",
"stat",
"statfs",
"tgkill",
"time",
Expand Down
1 change: 1 addition & 0 deletions deploy/base/clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ metadata:
operatorframework.io/suggested-namespace: security-profiles-operator
operators.openshift.io/valid-subscription: '["OpenShift Kubernetes Engine", "OpenShift Container Platform", "OpenShift Platform Plus"]'
operatorframework.io/cluster-monitoring: "true"
operatorframework.io/os.linux: supported
name: security-profiles-operator.v0.0.0
namespace: placeholder
spec:
Expand Down
33 changes: 28 additions & 5 deletions deploy/base/profiles/bpf-recorder.json
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,32 @@
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": [
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X86",
"SCMP_ARCH_X32",
"SCMP_ARCH_AARCH64"
"archMap": [
{
"architecture": "SCMP_ARCH_X86_64",
"subArchitectures": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X32"
]
},
{
"architecture": "SCMP_ARCH_AARCH64",
"subArchitectures": [
"SCMP_ARCH_ARM"
]
},
{
"architecture": "SCMP_ARCH_PPC64LE",
"subArchitectures": [
"SCMP_ARCH_PPC64",
"SCMP_ARCH_PPC"
]
},
{
"architecture": "SCMP_ARCH_S390X",
"subArchitectures": [
"SCMP_ARCH_S390"
]
}
],
"syscalls": [
{
Expand Down Expand Up @@ -87,6 +109,7 @@
"setuid",
"sigaltstack",
"socket",
"stat",
"statfs",
"symlinkat",
"tgkill",
Expand Down
35 changes: 29 additions & 6 deletions deploy/base/profiles/security-profiles-operator.json
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,33 @@
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": [
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X86",
"SCMP_ARCH_X32",
"SCMP_ARCH_AARCH64"
],
"archMap": [
{
"architecture": "SCMP_ARCH_X86_64",
"subArchitectures": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X32"
]
},
{
"architecture": "SCMP_ARCH_AARCH64",
"subArchitectures": [
"SCMP_ARCH_ARM"
]
},
{
"architecture": "SCMP_ARCH_PPC64LE",
"subArchitectures": [
"SCMP_ARCH_PPC64",
"SCMP_ARCH_PPC"
]
},
{
"architecture": "SCMP_ARCH_S390X",
"subArchitectures": [
"SCMP_ARCH_S390"
]
}
],
"syscalls": [
{
"names": [
Expand Down Expand Up @@ -88,6 +110,7 @@
"setuid",
"sigaltstack",
"socket",
"stat",
"statfs",
"tgkill",
"time",
Expand Down
68 changes: 57 additions & 11 deletions deploy/helm/templates/static-resources.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -689,11 +689,33 @@ data:
bpf-recorder.json: |
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": [
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X86",
"SCMP_ARCH_X32",
"SCMP_ARCH_AARCH64"
"archMap": [
{
"architecture": "SCMP_ARCH_X86_64",
"subArchitectures": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X32"
]
},
{
"architecture": "SCMP_ARCH_AARCH64",
"subArchitectures": [
"SCMP_ARCH_ARM"
]
},
{
"architecture": "SCMP_ARCH_PPC64LE",
"subArchitectures": [
"SCMP_ARCH_PPC64",
"SCMP_ARCH_PPC"
]
},
{
"architecture": "SCMP_ARCH_S390X",
"subArchitectures": [
"SCMP_ARCH_S390"
]
}
],
"syscalls": [
{
Expand Down Expand Up @@ -776,6 +798,7 @@ data:
"setuid",
"sigaltstack",
"socket",
"stat",
"statfs",
"symlinkat",
"tgkill",
Expand All @@ -792,12 +815,34 @@ data:
security-profiles-operator.json: |
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": [
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X86",
"SCMP_ARCH_X32",
"SCMP_ARCH_AARCH64"
],
"archMap": [
{
"architecture": "SCMP_ARCH_X86_64",
"subArchitectures": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X32"
]
},
{
"architecture": "SCMP_ARCH_AARCH64",
"subArchitectures": [
"SCMP_ARCH_ARM"
]
},
{
"architecture": "SCMP_ARCH_PPC64LE",
"subArchitectures": [
"SCMP_ARCH_PPC64",
"SCMP_ARCH_PPC"
]
},
{
"architecture": "SCMP_ARCH_S390X",
"subArchitectures": [
"SCMP_ARCH_S390"
]
}
],
"syscalls": [
{
"names": [
Expand Down Expand Up @@ -880,6 +925,7 @@ data:
"setuid",
"sigaltstack",
"socket",
"stat",
"statfs",
"tgkill",
"time",
Expand Down
68 changes: 57 additions & 11 deletions deploy/namespace-operator.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2972,11 +2972,33 @@ data:
bpf-recorder.json: |
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": [
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X86",
"SCMP_ARCH_X32",
"SCMP_ARCH_AARCH64"
"archMap": [
{
"architecture": "SCMP_ARCH_X86_64",
"subArchitectures": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X32"
]
},
{
"architecture": "SCMP_ARCH_AARCH64",
"subArchitectures": [
"SCMP_ARCH_ARM"
]
},
{
"architecture": "SCMP_ARCH_PPC64LE",
"subArchitectures": [
"SCMP_ARCH_PPC64",
"SCMP_ARCH_PPC"
]
},
{
"architecture": "SCMP_ARCH_S390X",
"subArchitectures": [
"SCMP_ARCH_S390"
]
}
],
"syscalls": [
{
Expand Down Expand Up @@ -3059,6 +3081,7 @@ data:
"setuid",
"sigaltstack",
"socket",
"stat",
"statfs",
"symlinkat",
"tgkill",
Expand All @@ -3075,12 +3098,34 @@ data:
security-profiles-operator.json: |
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": [
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X86",
"SCMP_ARCH_X32",
"SCMP_ARCH_AARCH64"
],
"archMap": [
{
"architecture": "SCMP_ARCH_X86_64",
"subArchitectures": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X32"
]
},
{
"architecture": "SCMP_ARCH_AARCH64",
"subArchitectures": [
"SCMP_ARCH_ARM"
]
},
{
"architecture": "SCMP_ARCH_PPC64LE",
"subArchitectures": [
"SCMP_ARCH_PPC64",
"SCMP_ARCH_PPC"
]
},
{
"architecture": "SCMP_ARCH_S390X",
"subArchitectures": [
"SCMP_ARCH_S390"
]
}
],
"syscalls": [
{
"names": [
Expand Down Expand Up @@ -3163,6 +3208,7 @@ data:
"setuid",
"sigaltstack",
"socket",
"stat",
"statfs",
"tgkill",
"time",
Expand Down
Loading

0 comments on commit efec1f0

Please sign in to comment.