Nadav Strahilevitz
Nadav Strahilevitz
Possibly related: https://github.com/aquasecurity/tracee/pull/1958#issuecomment-1183341217 (with regards to tracee's file creation permissions).
From currently testing - this doesn't reproduce as late as commit `1224824a63742c0b67aed3a6e431a52341286615` (libbpfgo 0.8.0 update) With a git bisect I found commit `2d2d100323697c7637bbb25da53d7466d15aaab6` to blame, which is PR #1819, so...
So relevant capability is CAP_DAC_OVERRIDE. Talked with @AlonZivony and there was also a conclusion that this isn't a bad thing, rather there may be a design fault in letting tracee...
> A possible solution might be creating the directory with the correct permissions before dropping any extra capability. WDYT? So there are actually two places where we create the dir,...
@rafaeldtinoco @danielpacak Tagging you as Rafael requested.
@danielpacak So, as I explained these headers are a bit problematic because they were designed with the ebpf domain specifically in mind, but now we need to extrapolate them for...
To include REGO parity in this goal, I've uploaded #1654 and added it to the original post.
Currently, the only remaining PR for this goal is PR 1 (#1531). I have moved it back to draft since it's tests are failing. To make it work, tracee-rules needs...
Related - #1922
I will open a separate issue to track taking out the triggering from the derive package. Then this will only track a further refactor.