Bug 2219192

Summary: bpf-opensnoop fails to run
Product: Red Hat Enterprise Linux 9 Reporter: Carlos Rodriguez-Fernandez <carlosrodrifernandez>
Component: bccAssignee: Jerome Marchand <jmarchan>
Status: ASSIGNED --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: bfubel, bstinson, ctrautma, jmarchan, jwboyer, ldoskova, rdossant
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Carlos Rodriguez-Fernandez 2023-07-02 22:40:20 UTC 
Description of problem:


bpf-opensnoop fails to run.

```
bpf-opensnoop -d 1
libbpf: prog 'tracepoint__syscalls__sys_exit_open': failed to create BPF link for perf_event FD 15: -13 (Permission denied)
libbpf: prog 'tracepoint__syscalls__sys_exit_open': failed to attach to tracepoint 'syscalls/sys_exit_open': Permission denied
libbpf: prog 'tracepoint__syscalls__sys_exit_open': failed to auto-attach: -13
failed to attach BPF programs
```

Version-Release number of selected component (if applicable):
Name         : libbpf-tools
Version      : 0.26.0
Release      : 3.el9

How reproducible:

Steps to Reproduce:
1. Download Centos Stream 9 QCOW2 and run it
2. run dnf install libbpf-tools
3. run bpf-opensnoop -d 1

Actual results:

```
libbpf: prog 'tracepoint__syscalls__sys_exit_open': failed to create BPF link for perf_event FD 15: -13 (Permission denied)
libbpf: prog 'tracepoint__syscalls__sys_exit_open': failed to attach to tracepoint 'syscalls/sys_exit_open': Permission denied
libbpf: prog 'tracepoint__syscalls__sys_exit_open': failed to auto-attach: -13
failed to attach BPF programs
```

Expected results:
It doesn't error but works as intended

Additional info:
Comment 1 Jerome Marchand 2023-07-21 13:48:38 UTC 
This is a known issue upstream:
https://github.com/iovisor/bcc/issues/4638

Functions that bcc relied on were inlined. The proper fix is to add tracepoint to the kernel.