beyla icon indicating copy to clipboard operation
beyla copied to clipboard
verified publisher icon grafana

Beyla: inform that CAP_NET_ADMIN is required

Open mariomac opened this issue 1 year ago • 1 comments

In the error message that Beyla shows when some capabilities are missing, it is not currently showing that CAP_NET_ADMIN is required, as tc_ingress and tc_egress ebpf programs require that extra capability.

mariomac avatar Oct 03 '24 08:10 mariomac

Because the bpf programs tc_ingress and tc_egress are part of ktracer, they are being unconditionally loaded. When fixing this issue, we need to make sure they are not loaded when cfg.EBPF.UseLinuxTC is set to false, as the loading of these programs is what requires CAP_NET_ADMIN.

rafaelroquetto avatar Oct 03 '24 15:10 rafaelroquetto

Ah good catch @rafaelroquetto, I think we should add a separate issue to make sure we don't miss this part.

grcevski avatar Oct 07 '24 16:10 grcevski

@mariomac have we improved the error message and now tell people that the capability is missing?

grafsean avatar Feb 03 '25 13:02 grafsean

@grafsean correct, we now display the error message citing CAP_NET_ADMIN when it's missing. We can close this issue if you want. This is the related PR: https://github.com/grafana/beyla/pull/1588

rafaelroquetto avatar Feb 03 '25 20:02 rafaelroquetto

@rafaelroquetto and does this PR #1587 add the necessary documentation?

grafsean avatar Feb 04 '25 08:02 grafsean