Cover image for Learning about eBPF on macOS

Learning about eBPF on macOS

booyaa profile image Mark Sta Ana Originally published at booyaa.wtf on ・1 min read

Photo by Sarah Lee on Unsplash

I've created this is a short post to talk about a new GitHub repo that might be useful to some: vagrant-bcctools.

It's a simple Vagrant box using the latest (at the time of writing) version of Ubuntu (bionic) with the bcc tools package installed.

I needed a way to play around with eBPF on macOS locally. So before embarking on a fool's errand, I did some research. For details about my findings, see the repo's README.md.

I saw there was a Docker image, which doesn't work because I think it expects the underlying Docker host to be Linux base (volume mounts to /lib/modules, /usr/src and /etc/localtime).

The Vagrantfile provided by IO Visor is using such an old version of Ubuntu that a modern version of Vagrant seems to choke on it.

No doubt someone will point me to something that only requires xhyve (at me on Twitter or dev.to if you do know).

Posted on by:

booyaa profile

Mark Sta Ana


He/Him/Dat Boi. SRE for an Agribiz SaaS Startup. Terrorizing Azure with Terraform. Rusticating Windows.


Editor guide

Hey Mark,

I know what you mean, I spent the last few days playing around with bcc and it can be quite painful at times. I managed to generate an alpine image that contains the key dependencies for bpftrace, this way making it quite portable within linux distros. I am not sure though if this would work in a macOS. If you want to give it a go, here's more on the challenges and how I resolved them: