Skip to content

Commit

Permalink
MULTIARCH-4654: Enabled the Security Profiles Operator for ppc64le, a…
Browse files Browse the repository at this point in the history
…dded fixes for seccomp and SELinux profiles, and verified functionality with logenricher.

Signed-off-by: Pranita Turrey <[email protected]>
  • Loading branch information
pranitaT authored and root committed Jan 15, 2025
1 parent c1398b4 commit 1572e7c
Show file tree
Hide file tree
Showing 19 changed files with 1,053 additions and 90 deletions.
11 changes: 7 additions & 4 deletions Dockerfile.ubi
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,16 @@ USER root
WORKDIR /work

RUN dnf install -y \
libseccomp-devel
libseccomp-devel \
libbpf

ADD . /work
RUN mkdir -p build

# Use latest golang
RUN GO_VERSION=$(curl -sSfL "https://go.dev/VERSION?m=text" | head -n1) && \
curl -sSfL -o- https://go.dev/dl/$GO_VERSION.linux-amd64.tar.gz | \
RUN ARCH=$(arch | sed 's|x86_64|amd64|g' | sed 's|aarch64|arm64|g') && \
GO_VERSION=$(curl -sSfL "https://go.dev/VERSION?m=text" | head -n1) && \
curl -sSfL -o- https://go.dev/dl/$GO_VERSION.linux-${ARCH}.tar.gz | \
tar xfz - -C /usr/local
ENV PATH="/usr/local/go/bin:$PATH"

Expand All @@ -48,7 +50,8 @@ ARG version
USER root

RUN microdnf install -y \
libseccomp
libseccomp\
libbpf

LABEL name="Security Profiles Operator" \
version=$version \
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,54 @@ data:
security-profiles-operator.json: |
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": [
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X86",
"SCMP_ARCH_X32",
"SCMP_ARCH_AARCH64"
"archMap": [
{
"architecture": "SCMP_ARCH_X86_64",
"subArchitectures": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X32"
]
},
{
"architecture": "SCMP_ARCH_AARCH64",
"subArchitectures": [
"SCMP_ARCH_ARM"
]
},
{
"architecture": "SCMP_ARCH_MIPS64",
"subArchitectures": [
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64N32"
]
},
{
"architecture": "SCMP_ARCH_MIPS64N32",
"subArchitectures": [
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64"
]
},
{
"architecture": "SCMP_ARCH_MIPSEL64",
"subArchitectures": [
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64N32"
]
},
{
"architecture": "SCMP_ARCH_MIPSEL64N32",
"subArchitectures": [
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64"
]
},
{
"architecture": "SCMP_ARCH_S390X",
"subArchitectures": [
"SCMP_ARCH_S390"
]
}
],
"syscalls": [
{
Expand Down Expand Up @@ -91,6 +134,7 @@ data:
"setuid",
"sigaltstack",
"socket",
"stat",
"statfs",
"tgkill",
"time",
Expand Down
1 change: 1 addition & 0 deletions deploy/base/clusterserviceversion.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ metadata:
operatorframework.io/suggested-namespace: security-profiles-operator
operators.openshift.io/valid-subscription: '["OpenShift Kubernetes Engine", "OpenShift Container Platform", "OpenShift Platform Plus"]'
operatorframework.io/cluster-monitoring: "true"
operatorframework.io/os.linux: supported
name: security-profiles-operator.v0.0.0
namespace: placeholder
spec:
Expand Down
61 changes: 56 additions & 5 deletions deploy/base/profiles/bpf-recorder.json
Original file line number Diff line number Diff line change
@@ -1,10 +1,60 @@
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": [
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X86",
"SCMP_ARCH_X32",
"SCMP_ARCH_AARCH64"
"archMap": [
{
"architecture": "SCMP_ARCH_X86_64",
"subArchitectures": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X32"
]
},
{
"architecture": "SCMP_ARCH_AARCH64",
"subArchitectures": [
"SCMP_ARCH_ARM"
]
},
{
"architecture": "SCMP_ARCH_MIPS64",
"subArchitectures": [
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64N32"
]
},
{
"architecture": "SCMP_ARCH_MIPS64N32",
"subArchitectures": [
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64"
]
},
{
"architecture": "SCMP_ARCH_MIPSEL64",
"subArchitectures": [
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64N32"
]
},
{
"architecture": "SCMP_ARCH_MIPSEL64N32",
"subArchitectures": [
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64"
]
},
{
"architecture": "SCMP_ARCH_PPC64LE",
"subArchitectures": [
"SCMP_ARCH_PPC64",
"SCMP_ARCH_PPC"
]
},
{
"architecture": "SCMP_ARCH_S390X",
"subArchitectures": [
"SCMP_ARCH_S390"
]
}
],
"syscalls": [
{
Expand Down Expand Up @@ -87,6 +137,7 @@
"setuid",
"sigaltstack",
"socket",
"stat",
"statfs",
"symlinkat",
"tgkill",
Expand Down
63 changes: 57 additions & 6 deletions deploy/base/profiles/security-profiles-operator.json
Original file line number Diff line number Diff line change
@@ -1,11 +1,61 @@
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": [
"SCMP_ARCH_X86_64",
"SCMP_ARCH_X86",
"SCMP_ARCH_X32",
"SCMP_ARCH_AARCH64"
],
"archMap": [
{
"architecture": "SCMP_ARCH_X86_64",
"subArchitectures": [
"SCMP_ARCH_X86",
"SCMP_ARCH_X32"
]
},
{
"architecture": "SCMP_ARCH_AARCH64",
"subArchitectures": [
"SCMP_ARCH_ARM"
]
},
{
"architecture": "SCMP_ARCH_MIPS64",
"subArchitectures": [
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64N32"
]
},
{
"architecture": "SCMP_ARCH_MIPS64N32",
"subArchitectures": [
"SCMP_ARCH_MIPS",
"SCMP_ARCH_MIPS64"
]
},
{
"architecture": "SCMP_ARCH_MIPSEL64",
"subArchitectures": [
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64N32"
]
},
{
"architecture": "SCMP_ARCH_MIPSEL64N32",
"subArchitectures": [
"SCMP_ARCH_MIPSEL",
"SCMP_ARCH_MIPSEL64"
]
},
{
"architecture": "SCMP_ARCH_PPC64LE",
"subArchitectures": [
"SCMP_ARCH_PPC64",
"SCMP_ARCH_PPC"
]
},
{
"architecture": "SCMP_ARCH_S390X",
"subArchitectures": [
"SCMP_ARCH_S390"
]
}
],
"syscalls": [
{
"names": [
Expand Down Expand Up @@ -88,6 +138,7 @@
"setuid",
"sigaltstack",
"socket",
"stat",
"statfs",
"tgkill",
"time",
Expand Down
Loading

0 comments on commit 1572e7c

Please sign in to comment.