tetragon icon indicating copy to clipboard operation
tetragon copied to clipboard
verified publisher icon cilium

decouple tracing sensor

Open kkourt opened this issue 1 year ago • 0 comments

For historic reasons, kprobes, tracepoints, and now lsm hooks live under the (generic) tracing sensor pkg/sensors/tracing. Also for historic reasons, policies that combine any two of the above are not supported.

Splitting the code into:

  • the generic kprobe sensor
  • the generic tracepoint sensor
  • the generic lsm sensor
  • a library for supporting all generic sensors

Might be worthwhile, and it will also allow us to easily support policies that combine them. For that last part, we would need to review whether there are shared objects (e.g., bpf maps) between the different sensors and handle them appropriately. See also: https://github.com/cilium/tetragon/issues/408

kkourt avatar Jul 22 '24 09:07 kkourt