To make the review of your request easier, please use the following template to provide all the required details and also include any other information that may be relevant.
- name: otel-ebpf-profiler
- description: An OpenTelemetry Collector distribution that is made specifically to be used as a whole-system, cross-language profiler for Linux via eBPF.
- snapcraft: otel-ebpf-profiler-snap/snap/snapcraft.yaml at main · canonical/otel-ebpf-profiler-snap · GitHub
- upstream: GitHub - open-telemetry/opentelemetry-ebpf-profiler: The production-scale datacenter profiler (C/C++, Go, Rust, Python, Java, NodeJS, .NET, PHP, Ruby, Perl, ...)
- upstream-relation: We, the Canonical Observability team, are planning to charm the upstream Opentelemetry eBPF profiler as a machine charm. Thus, the need for the snap.
- supported-category: debug tools
- reasoning: This snap is similar to the case of snapped parca-agent, yet another system-wide eBPF profiler. For the profiler to function correctly, it must have access to the binaries of all processes running on the system (which can be an unpredictable path) in order to extract symbol information required for symbolization. Since such broad file system access cannot be granted under strict confinement, classic confinement seems to be the only viable option.
I understand that strict confinement is generally preferred over classic.
I’ve tried the existing interfaces to make the snap to work under strict confinement.