aya: Set attach mode flag to 0 in bpf_link_create

aya/src/programs/cgroup_device.rs

@@ -1,5 +1,6 @@
 //! Cgroup device programs.
 
+use log::warn;
 use std::os::fd::AsFd;
 
 use aya_obj::generated::{
@@ -67,6 +68,10 @@ impl CgroupDevice {
     /// Attaches the program to the given cgroup.
     ///
     /// The returned value can be used to detach, see [CgroupDevice::detach]
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
     pub fn attach<T: AsFd>(
         &mut self,
         cgroup: T,
@@ -77,11 +82,17 @@ impl CgroupDevice {
         let cgroup_fd = cgroup.as_fd();
 
         if KernelVersion::at_least(5, 7, 0) {
+            if mode != CgroupAttachMode::default() {
+                warn!(
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
+                    mode
+                );
+            }
             let link_fd = bpf_link_create(
                 prog_fd,
                 LinkTarget::Fd(cgroup_fd),
                 BPF_CGROUP_DEVICE,
-                mode.into(),
+                0,
                 None,
             )
             .map_err(|io_error| SyscallError {

aya/src/programs/cgroup_skb.rs

@@ -1,11 +1,11 @@
 //! Cgroup skb programs.
 
-use std::{hash::Hash, os::fd::AsFd, path::Path};
-
 use aya_obj::generated::{
     bpf_attach_type::{BPF_CGROUP_INET_EGRESS, BPF_CGROUP_INET_INGRESS},
     bpf_prog_type::BPF_PROG_TYPE_CGROUP_SKB,
 };
+use log::warn;
+use std::{hash::Hash, os::fd::AsFd, path::Path};
 
 use crate::{
     VerifierLogLevel,
@@ -86,6 +86,10 @@ impl CgroupSkb {
     /// Attaches the program to the given cgroup.
     ///
     /// The returned value can be used to detach, see [CgroupSkb::detach].
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
     pub fn attach<T: AsFd>(
         &mut self,
         cgroup: T,
@@ -101,13 +105,13 @@ impl CgroupSkb {
             CgroupSkbAttachType::Egress => BPF_CGROUP_INET_EGRESS,
         };
         if KernelVersion::at_least(5, 7, 0) {
-            let link_fd = bpf_link_create(
+            if mode != CgroupAttachMode::default() {
-                prog_fd,
+                warn!(
-                LinkTarget::Fd(cgroup_fd),
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
-                attach_type,
+                    mode
-                mode.into(),
+                );
-                None,
+            }
-            )
+            let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
                 .map_err(|io_error| SyscallError {
                     call: "bpf_link_create",
                     io_error,

aya/src/programs/cgroup_sock.rs

@@ -1,5 +1,6 @@
 //! Cgroup socket programs.
 
+use log::warn;
 use std::{hash::Hash, os::fd::AsFd, path::Path};
 
 use aya_obj::generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK;
@@ -70,6 +71,10 @@ impl CgroupSock {
     /// Attaches the program to the given cgroup.
     ///
     /// The returned value can be used to detach, see [CgroupSock::detach].
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
     pub fn attach<T: AsFd>(
         &mut self,
         cgroup: T,
@@ -80,13 +85,13 @@ impl CgroupSock {
         let cgroup_fd = cgroup.as_fd();
         let attach_type = self.data.expected_attach_type.unwrap();
         if KernelVersion::at_least(5, 7, 0) {
-            let link_fd = bpf_link_create(
+            if mode != CgroupAttachMode::default() {
-                prog_fd,
+                warn!(
-                LinkTarget::Fd(cgroup_fd),
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
-                attach_type,
+                    mode
-                mode.into(),
+                );
-                None,
+            }
-            )
+            let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
                 .map_err(|io_error| SyscallError {
                     call: "bpf_link_create",
                     io_error,

aya/src/programs/cgroup_sock_addr.rs

@@ -1,5 +1,6 @@
 //! Cgroup socket address programs.
 
+use log::warn;
 use std::{hash::Hash, os::fd::AsFd, path::Path};
 
 use aya_obj::generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK_ADDR;
@@ -71,6 +72,10 @@ impl CgroupSockAddr {
     /// Attaches the program to the given cgroup.
     ///
     /// The returned value can be used to detach, see [CgroupSockAddr::detach].
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
     pub fn attach<T: AsFd>(
         &mut self,
         cgroup: T,
@@ -81,13 +86,13 @@ impl CgroupSockAddr {
         let cgroup_fd = cgroup.as_fd();
         let attach_type = self.data.expected_attach_type.unwrap();
         if KernelVersion::at_least(5, 7, 0) {
-            let link_fd = bpf_link_create(
+            if mode != CgroupAttachMode::default() {
-                prog_fd,
+                warn!(
-                LinkTarget::Fd(cgroup_fd),
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
-                attach_type,
+                    mode
-                mode.into(),
+                );
-                None,
+            }
-            )
+            let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
                 .map_err(|io_error| SyscallError {
                     call: "bpf_link_create",
                     io_error,

aya/src/programs/cgroup_sockopt.rs

@@ -1,5 +1,6 @@
 //! Cgroup socket option programs.
 
+use log::warn;
 use std::{hash::Hash, os::fd::AsFd, path::Path};
 
 use aya_obj::generated::bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCKOPT;
@@ -68,6 +69,10 @@ impl CgroupSockopt {
     /// Attaches the program to the given cgroup.
     ///
     /// The returned value can be used to detach, see [CgroupSockopt::detach].
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
     pub fn attach<T: AsFd>(
         &mut self,
         cgroup: T,
@@ -78,13 +83,13 @@ impl CgroupSockopt {
         let cgroup_fd = cgroup.as_fd();
         let attach_type = self.data.expected_attach_type.unwrap();
         if KernelVersion::at_least(5, 7, 0) {
-            let link_fd = bpf_link_create(
+            if mode != CgroupAttachMode::default() {
-                prog_fd,
+                warn!(
-                LinkTarget::Fd(cgroup_fd),
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
-                attach_type,
+                    mode
-                mode.into(),
+                );
-                None,
+            }
-            )
+            let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
                 .map_err(|io_error| SyscallError {
                     call: "bpf_link_create",
                     io_error,

aya/src/programs/cgroup_sysctl.rs

@@ -1,5 +1,6 @@
 //! Cgroup sysctl programs.
 
+use log::warn;
 use std::{hash::Hash, os::fd::AsFd};
 
 use aya_obj::generated::{
@@ -66,6 +67,10 @@ impl CgroupSysctl {
     /// Attaches the program to the given cgroup.
     ///
     /// The returned value can be used to detach, see [CgroupSysctl::detach].
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
     pub fn attach<T: AsFd>(
         &mut self,
         cgroup: T,
@@ -76,11 +81,17 @@ impl CgroupSysctl {
         let cgroup_fd = cgroup.as_fd();
 
         if KernelVersion::at_least(5, 7, 0) {
+            if mode != CgroupAttachMode::default() {
+                warn!(
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
+                    mode
+                );
+            }
             let link_fd = bpf_link_create(
                 prog_fd,
                 LinkTarget::Fd(cgroup_fd),
                 BPF_CGROUP_SYSCTL,
-                mode.into(),
+                0,
                 None,
             )
             .map_err(|io_error| SyscallError {

aya/src/programs/links.rs

@@ -38,7 +38,7 @@ pub trait Link: std::fmt::Debug + Eq + std::hash::Hash + 'static {
 }
 
 /// Program attachment mode.
-#[derive(Clone, Copy, Debug, Default)]
+#[derive(Clone, Copy, Debug, Default, PartialEq)]
 pub enum CgroupAttachMode {
     /// Allows only one BPF program in the cgroup subtree.
     #[default]

aya/src/programs/sock_ops.rs

@@ -1,4 +1,5 @@
 //! Socket option programs.
+use log::warn;
 use std::os::fd::AsFd;
 
 use aya_obj::generated::{
@@ -65,6 +66,10 @@ impl SockOps {
     /// Attaches the program to the given cgroup.
     ///
     /// The returned value can be used to detach, see [SockOps::detach].
+    ///
+    /// # Warning
+    ///
+    /// attach modes other than CgroupAttachMode::default() may not be passed on to kernel BPF APIs
     pub fn attach<T: AsFd>(
         &mut self,
         cgroup: T,
@@ -75,13 +80,13 @@ impl SockOps {
         let cgroup_fd = cgroup.as_fd();
         let attach_type = BPF_CGROUP_SOCK_OPS;
         if KernelVersion::at_least(5, 7, 0) {
-            let link_fd = bpf_link_create(
+            if mode != CgroupAttachMode::default() {
-                prog_fd,
+                warn!(
-                LinkTarget::Fd(cgroup_fd),
+                    "CgroupAttachMode {:?} will not be passed on to bpf_link_create",
-                attach_type,
+                    mode
-                mode.into(),
+                );
-                None,
+            }
-            )
+            let link_fd = bpf_link_create(prog_fd, LinkTarget::Fd(cgroup_fd), attach_type, 0, None)
                 .map_err(|io_error| SyscallError {
                     call: "bpf_link_create",
                     io_error,