Federico Di Pierro
Federico Di Pierro
/remove-lifecycle stale
Moreover, the PoC repo indeed actually helped us spot at least a couple of issues. I :100: agree on having something similar (if not exactly that repo) running in our...
> Personally, I prefer this second option and the test folder should be already there if the https://github.com/falcosecurity/libs/pull/484 is merged. I find this approach cleaner when more than one component...
Hi! Thanks for this PR! I think that the main issue is that increasing the log level would flood your log super quickly! I guess that's the reason why it...
/test build-libs-minimal build-libs-bundled-deps
@alban can you try with Falco 0.32.1 that ships the PR linked by @jasondellaluce ? If it works for you, i think we can close this one :)
This is really cool @loresuso ! Thanks for this effort!
/ok-to-test
> I agree with you, maybe we can better document the fact those new fields (is_exe_writable and is_exe_upper_layer) can be trusted only on specific kernel versions? I thought about that...
> Yeah, I don't like that too, execve gets called pretty much of course, let's not waste space on the ring buffer just for this :) I meant that we...