tetragon
tetragon copied to clipboard
cilium
filters: implement capability filters
Implement a new export filter for process capabilities. The filter includes support for matching effective, permitted, and inheritable capability sets, with various match behaviours. Behaviours include:
-
any: matches if one or more listed capabilities appear in process caps -
all: matches if all listed capabilities appear in process caps -
exactly: matches if listed capabilities are exactly equal to process caps -
none: matches if no listed capabilities are in process caps
The following are some example uses.
Match when effective capabilities include either CAP_SYS_ADMIN or CAP_BPF:
{"capabilities": {"effective": {"any": ["CAP_SYS_ADMIN", "CAP_BPF"]}}}
Match when permitted capabilities do not include CAP_SYS_ADMIN:
{"capabilities": {"permitted": {"none": ["CAP_SYS_ADMIN", "CAP_BPF"]}}}
Match when inheritable capabilities include either CAP_SYS_ADMIN and CAP_BPF:
{"capabilities": {"inheritable": {"all": ["CAP_SYS_ADMIN", "CAP_BPF"]}}}
Match when inheritable capabilities are exactly CAP_SYS_ADMIN:
{"capabilities": {"inheritable": {"exactly": ["CAP_SYS_ADMIN"]}}}
Introduce an export filter type for process capabilities.
Deploy Preview for tetragon ready!
| Name | Link |
|---|---|
| Latest commit | b7fe3206eb44a189d59d78e97be25193aca395e4 |
| Latest deploy log | https://app.netlify.com/sites/tetragon/deploys/65cf76ddf97b6300078f275c |
| Deploy Preview | https://deploy-preview-2107--tetragon.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}