-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
39 lines (33 loc) · 1.6 KB
/
Copy pathDockerfile
File metadata and controls
39 lines (33 loc) · 1.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# syntax=docker/dockerfile:1
# eBPF SQLite tracer. The image carries the build toolchain (clang/llvm/libbpf/
# bpftool to compile the BPF object + skeleton; pahole/curl/unzip for gen_btf.sh)
# and the source. The expensive per-version SQLite BTF blobs are NOT baked in:
# mount the working tree (with .btf-cache / build) at /app instead, and the blobs
# will later be fetched from GitHub CI releases.
#
# eBPF needs a real Linux kernel with BTF exposed at /sys/kernel/btf/vmlinux and
# privileges to load/attach uprobes, so run --privileged (or CAP_BPF/CAP_PERFMON)
# with /sys/kernel/btf available:
#
# docker build -t sqlite-hook .
# docker run --rm --privileged --pid=host \
# -v "$PWD":/app -v /sys/kernel/btf:/sys/kernel/btf:ro \
# sqlite-hook --pid <target-pid>
FROM ubuntu:25.10
ENV DEBIAN_FRONTEND=noninteractive
# Mirrors the provisioning in ebpf.yaml, plus: the standalone bpftool package
# (installs /usr/sbin/bpftool, already on PATH — linux-tools-generic on 25.10
# does not ship it), pahole (dwarves) and curl/unzip for gen_btf.sh, and
# sqlite3/fossil so run_tests.sh's CLI/fossil cases exercise instead of skipping.
RUN apt-get update -qq && apt-get install -y -qq \
clang llvm libelf-dev zlib1g-dev libbpf-dev bpftool \
build-essential pkg-config git \
dwarves curl unzip ca-certificates \
sqlite3 fossil \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
# Source is expected to be bind-mounted at /app at run time; copy it in as well
# so the image is usable standalone (the mount, when present, shadows this).
COPY . .
ENTRYPOINT ["/app/docker-entrypoint.sh"]
CMD ["--help"]