1967550 – Recommend: bcc-tool instead of Requiring it

Bug 1967550 - Recommend: bcc-tool instead of Requiring it

Summary: Recommend: bcc-tool instead of Requiring it

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	bcc
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	beta
Target Release:	---
Assignee:	Jerome Marchand
QA Contact:	Ziqian SUN (Zamir)
Docs Contact:
URL:
Whiteboard:
Depends On:	1966519
Blocks:	1966953
TreeView+	depends on / blocked

Reported:	2021-06-03 10:56 UTC by Jerome Marchand
Modified:	2021-12-07 21:47 UTC (History)
CC List:	6 users (show)
Fixed In Version:	bcc-0.20.0-5.el9
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1966519
Environment:
Last Closed:	2021-12-07 21:44:43 UTC
Type:	Bug
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)

Description Jerome Marchand 2021-06-03 10:56:22 UTC

+++ This bug was initially created as a clone of Bug #1966519 +++

Description of problem:
We would like to ship the Security Profiles Operator in OpenShift. One of the things it does is record syscalls that the workload is doing with the seccomp-bpf hook. So we'd like to include the seccomp-bpf hook in RHCOS, but because RHCOS tries to have a minimal footprint, we need to trim the dependencies down a bit. The most critical parts are really the python libraries (python is not allowed on RHCOS), but the fewer packages, the better in general.

It seems that the simplest way would be to not require bcc-tools but  instead Recommend them. That way, we'd retain backwards compatibility, while environments where the tools are not required could choose not to install them.

Version-Release number of selected component (if applicable):
bcc-0.20.0-1.el8.1.x86_64

How reproducible:


Steps to Reproduce:
1. yum install bcc
2.
3.

Actual results:
bcc installs bcc-tools which brings in python3-bcc, python3-netaddr, kernel-devel etc

Expected results:
no python, no kernel-devel

Additional info:
The openshift enhancement proposal can be find at https://github.com/openshift/enhancements/pull/745 and our team's tracker to include the seccomp hook can be found at https://issues.redhat.com/browse/CMP-927

--- Additional comment from Jerome Marchand on 2021-06-01 13:10:31 UTC ---

(In reply to Jakub Hrozek from comment #0)
> Description of problem:
> We would like to ship the Security Profiles Operator in OpenShift. One of
> the things it does is record syscalls that the workload is doing with the
> seccomp-bpf hook. So we'd like to include the seccomp-bpf hook in RHCOS, but
> because RHCOS tries to have a minimal footprint, we need to trim the
> dependencies down a bit. The most critical parts are really the python
> libraries (python is not allowed on RHCOS), but the fewer packages, the
> better in general.
> 
> It seems that the simplest way would be to not require bcc-tools but 
> instead Recommend them. That way, we'd retain backwards compatibility, while
> environments where the tools are not required could choose not to install
> them.

I'm not quite sure why bcc depends on bcc-tools: that seems unnecessary. I'll try to find if the were a valid reason for it, but my guess would be there never really was one.

> 
> Version-Release number of selected component (if applicable):
> bcc-0.20.0-1.el8.1.x86_64
> 
> How reproducible:
> 
> 
> Steps to Reproduce:
> 1. yum install bcc
> 2.
> 3.
> 
> Actual results:
> bcc installs bcc-tools which brings in python3-bcc, python3-netaddr,
> kernel-devel etc
> 
> Expected results:
> no python, no kernel-devel
> 
> Additional info:
> The openshift enhancement proposal can be find at
> https://github.com/openshift/enhancements/pull/745 and our team's tracker to
> include the seccomp hook can be found at
> https://issues.redhat.com/browse/CMP-927

--- Additional comment from Jakub Hrozek on 2021-06-02 08:01:06 UTC ---

(In reply to Jerome Marchand from comment #1)
> (In reply to Jakub Hrozek from comment #0)
> > Description of problem:
> > We would like to ship the Security Profiles Operator in OpenShift. One of
> > the things it does is record syscalls that the workload is doing with the
> > seccomp-bpf hook. So we'd like to include the seccomp-bpf hook in RHCOS, but
> > because RHCOS tries to have a minimal footprint, we need to trim the
> > dependencies down a bit. The most critical parts are really the python
> > libraries (python is not allowed on RHCOS), but the fewer packages, the
> > better in general.
> > 
> > It seems that the simplest way would be to not require bcc-tools but 
> > instead Recommend them. That way, we'd retain backwards compatibility, while
> > environments where the tools are not required could choose not to install
> > them.
> 
> I'm not quite sure why bcc depends on bcc-tools: that seems unnecessary.
> I'll try to find if the were a valid reason for it, but my guess would be
> there never really was one.

Great, thank you very much for looking into this. I wonder if you already plan on updating bcc in the near future so I could take time timing into account? Is there maybe already a z-stream update that this could be attached to or were you thinking 8.5?

--- Additional comment from Jerome Marchand on 2021-06-03 10:54:30 UTC ---

(In reply to Jakub Hrozek from comment #2)
> Great, thank you very much for looking into this. I wonder if you already
> plan on updating bcc in the near future so I could take time timing into
> account? Is there maybe already a z-stream update that this could be
> attached to or were you thinking 8.5?

There should be no trouble for 8.5. There is no z-stream update planed atm.

Note You need to log in before you can comment on or make changes to this bug.