Federico Di Pierro
Federico Di Pierro
@akorp question: are you able to try a different driver, eg: kmod or legacy ebpf probe?
Thanks for the hint @michaelSchmidMaloon; i think we can then rule out the "kernel issue" option. Can you share the dmesg error?
Great to hear @gargayush18 ! Thank you very much for the info!
Hi! The secondary config file is fine, but in the main falco.yaml you have to specify that the secondary config file must override keys from the main config file: https://github.com/falcosecurity/falco/blob/master/falco.yaml#L163
Please note that Falco 0.41.0 fixed a longstanding crash in the kmod while CPU gets enabled at runtime: https://github.com/falcosecurity/libs/releases/tag/8.1.0%2Bdriver -> https://github.com/falcosecurity/libs/pull/2252
Thus i am pretty sure that upgrading Falco will fix the issue for you.
Thanks for this PR! Can you explain where the bug was and how is this PR fixing it? At least for me, it is not obvious by looking at the...
For reference, this is the test failure log: ``` level=info msg="BTF discovery: default kernel btf file found" btf-file=/sys/kernel/btf/vmlinux === RUN TestFindMaps === RUN TestFindMaps/NoSuchFile === RUN TestFindMaps/BaseSensorMemlock level=info msg="Exit probe...
Hi! Thanks for opening this issue. So, just guessing here, but shouldn't the `process_exec` be received **before** the `process_kprobe`? Btw can you enable debug logs? They might help us spotting...
**BLOCK THIS ONE** PER #4336 !