diff options
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/opensnitch-ebpf/default.nix')
-rw-r--r-- | nixpkgs/pkgs/os-specific/linux/opensnitch-ebpf/default.nix | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/opensnitch-ebpf/default.nix b/nixpkgs/pkgs/os-specific/linux/opensnitch-ebpf/default.nix new file mode 100644 index 000000000000..70332abbe6ef --- /dev/null +++ b/nixpkgs/pkgs/os-specific/linux/opensnitch-ebpf/default.nix @@ -0,0 +1,58 @@ +{ lib +, kernel +, stdenv +, clang-tools +, llvmPackages +, elfutils +, flex +, bison +, bc +, opensnitch +}: + +stdenv.mkDerivation rec { + pname = "opensnitch_ebpf"; + version = "${opensnitch.version}-${kernel.version}"; + + inherit (opensnitch) src; + + sourceRoot = "source/ebpf_prog"; + + nativeBuildInputs = with llvmPackages; [ + bc + bison + clang + clang-tools + elfutils + flex + libllvm + ]; + + # We set -fno-stack-protector here to work around a clang regression. + # This is fine - bpf programs do not use stack protectors + # https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=opensnitch-ebpf-module&id=984b952a784eb701f691dd9f2d45dfeb8d15053b + env.NIX_CFLAGS_COMPILE = "-fno-stack-protector"; + + env.KERNEL_DIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/source"; + env.KERNEL_HEADERS="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; + + extraConfig ='' + CONFIG_UPROBE_EVENTS=y + ''; + + installPhase = '' + runHook preInstall + for file in opensnitch*.o; do + install -Dm644 "$file" "$out/etc/opensnitchd/$file" + done + runHook postInstall + ''; + + meta = with lib; { + description = "eBPF process monitor module for OpenSnitch"; + homepage = "https://github.com/evilsocket/opensnitch"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ onny ]; + platforms = platforms.linux; + }; +} |