Rafael David Tinoco
Rafael David Tinoco
> I was actually considering changing k8s kubernetes to instead of having one container, have two containers one for tracee-ebpf and another for tracee-rules and instead of a pipe, configure...
I'm moving this to draft and stale status until this is re-worked/re-discussed.
TL;DR is: we should have the events set by default (because they're dependency of all existing events that need procInfo, for example) but with eventConfig.emit = false (so they're not...
> But if we do what you suggest here, it results using more events than we have to. I think we want to reduce the amount of eBPF programs loaded...
And to add a bit more context, we have a similar situation when using docker in OSX, for example, their default kernel does not support embedded BTF information so we...
Yep, we can't destroy the hook without flushing other qdiscs unfortunately. I think there will be work todo in upstream for that to be solved.
Couldn't it be because of errors being printed to stdout ? One example is: ``` $ sudo ./dist/tracee-ebpf --output none --trace comm=ping --capture net=lo libbpf: Kernel error message: Exclusivity flag...
@AsafEitani do you have a reproducer here ? How are running tracee to get this error ? (Cmdline, so I can try it if you don't have a reproducer).
I'm using: ```go From 18fa4264f4571cd6270f349d56bdfbc854cea3db Mon Sep 17 00:00:00 2001 From: Rafael David Tinoco Date: Wed, 24 Aug 2022 11:21:09 -0300 Subject: [PATCH] parse_args: fix API bump for setsockopt/getsockopt ---...
@AlonZivony I recently spoke with @grantseltzer about bumping libbpfgo, and he is checking a few things to see if we go directly to libbpfgo w/ libbpf 1.0 OR stay at...