Federico Di Pierro
Federico Di Pierro
/cc @Andreagit97 @alacuku
TODO for completely dropping syscall_info_table, in favor of an autogenerated table during first call to `scap_get_syscall_info_table`: * fix category and name for syscalls that are not mapped to a specific...
Biggest parts of this one, ie: > merged g_syscall_code_routing_table into g_syscall_table The g_syscall_code_routing_table was not really useful by itself, and the 2 tables had same indexing. Merged. > dropped syscall_info_table;...
I like this! Thank you @deepskyblue86 !
Left some minor nits; feel free to discard them (or fix them in a subsequent PR)!
Hi! Thanks for opening this issue! Unfortunately this is a well known bug: basically on non x86_64 architectures, execve exit tracepoint is not called by the kernel, therefore we miss...
Hi @sumitd2 ! > The execve event: [2022-05-25T16:54:13.607406260+0000]:[HOST]:[CAT=PROCESS]:[PPID=1191499]:[PID=1296679]:[TYPE=execve]:[EXE=/usr/bin/bash]:[CMD=bash] is being reported correctly on ppc64le, even if it is a well known bug according to you guys. Can I ask you...
Hi! Fact is, our drivers do not really support ppc64le unfortunately. What's the build error? Note however, that even if we allow them to build on ppc64le, most probably subtle...
What's the relationship between this and https://github.com/falcosecurity/libs/pull/344?
Hi Andrea, like always, good catch! :D I agree with you; i'd phrase it in a different way actually: "if we today are able to push to userspace 1mln fd-only...