Andrey Fedotov

I started to develop IMA hashes collection for LSM events: (#2818) and met some problems: 1. `bpf_ima_inode_hash/bpf_ima_file_hash` can be called only from **BPF_F_SLEEPABLE** lsm programs: *lsm.s*. 2. *lsm.s* programs are...

As I promised, I put my thoughts about overcoming our problems. First of all, I think we need to make as less changes in bpf code part as possible. Adding...

Btw, we can use `struct msg_execve_key current`, as key for `ima_hashes` map. So we only need to set `e->common.flags` at action phase, that we need to tail call to lsm.s...

Implemented in #2818

Username is useful when tetragon works on host. On different hosts the same username can have different UIDs. So username will help to identify the actual user without access to...