Tweak capabilities detection

[rafaelroquetto]

This PR reshuffles the capability detection flow after an analysis performed. In a nutshell, we don't need anything but CAP_BPF and CAP_NET_RAW for network observability using socket filters.

Also, CAP_NET_ADMIN does not imply CAP_NET_RAW, so that is fixed as well.

The entire list of capabilities per tracer is as follow:

Socket flow fetcher

• CAP_BPF -> for BPF_PROG_TYPE_SOCK_FILTER
• CAP_NET_RAW -> for creating AF_PACKET socket

Flow fetcher (tc)

• CAP_BPF
• CAP_NET_ADMIN -> for PROG_TYPE_SCHED_CLS
• CAP_PERFMON -> direct access to struct __sk_buff::data and pointer arithmetic

Watcher

• CAP_BPF
• CAP_CHECKPOINT_RESTORE
• CAP_DAC_READ_SEARCH -> access to /proc/self/mem to determine kernel version
• CAP_PERFMON -> for BPF_PROG_TYPE_KPROBE

Generic tracer

• CAP_BPF
• CAP_DAC_READ_SEARCH
• CAP_CHECKPOINT_RESTORE
• CAP_PERFMON
• CAP_NET_RAW -> for creating AF_PACKET socket used by beyla_socket__http_filter
• CAP_SYS_PTRACE -> access to /proc/pid/exe and other nodes in /proc

TC tracers

• CAP_BPF
• CAP_DAC_READ_SEARCH
• CAP_PERFMON
• CAP_NET_ADMIN -> for BPF_PROG_TYPE_SCHED_CLS, BPF_PROG_TYPE_SOCK_OPS and BPF_PROG_TYPE_SK_MSG

GO tracer

• CAP_BPF
• CAP_DAC_READ_SEARCH
• CAP_CHECKPOINT_RESTORE
• CAP_PERFMON
• CAP_NET_RAW -> for creating AF_PACKET socket used by beyla_socket__http_filter
• CAP_SYS_PTRACE -> access to /proc/pid/exe and other nodes in /proc
• CAP_SYS_ADMIN -> for probe based (bpf_probe_write_user()) library level context propagation

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.00%. Comparing base (ab3c784) to head (54bc7aa).
Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1588      +/-   ##
==========================================
- Coverage   71.05%   71.00%   -0.06%     
==========================================
  Files         197      197              
  Lines       19753    19756       +3     
==========================================
- Hits        14036    14027       -9     
- Misses       5041     5051      +10     
- Partials      676      678       +2     

Flag	Coverage Δ
integration-test	52.84% <0.00%> (-0.11%)	⬇️
k8s-integration-test	53.56% <0.00%> (-0.31%)	⬇️
oats-test	34.66% <0.00%> (-0.03%)	⬇️
unittests	47.03% <100.00%> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[grcevski]

Nice! LGTM!