loading the six bpf programs and seeing events flow is only checked by the sudo-gated cmd/bpf-verify harness, never in CI, so a CO-RE regression or a struct-layout drift (see #116) wouldn't be caught automatically.
propose: an integration test (build tag integration, real ebpf build) that runs the kerno image in a privileged testcontainer with /sys/kernel/btf and /sys/kernel/debug mounted, generates synthetic activity (syscalls, a localhost tcp connection), and asserts the collectors actually receive events. github's ubuntu runners ship BTF, so this is feasible there. gate it so it skips cleanly when the host kernel lacks BTF or the container can't get privileged.
depends on the harness issue, and pairs with #42 (run it across the kernel matrix). label area/bpf.
loading the six bpf programs and seeing events flow is only checked by the sudo-gated
cmd/bpf-verifyharness, never in CI, so a CO-RE regression or a struct-layout drift (see #116) wouldn't be caught automatically.propose: an integration test (build tag
integration, realebpfbuild) that runs the kerno image in a privileged testcontainer with/sys/kernel/btfand/sys/kernel/debugmounted, generates synthetic activity (syscalls, a localhost tcp connection), and asserts the collectors actually receive events. github's ubuntu runners ship BTF, so this is feasible there. gate it so it skips cleanly when the host kernel lacks BTF or the container can't get privileged.depends on the harness issue, and pairs with #42 (run it across the kernel matrix). label area/bpf.