Melissa Kilby

> prefixes: ["/proc", "/sys/fs/cgroup"] Just acknowledging that kernel-side (where we only have the raw arg) we can have `//////proc` or path traversals that's what I would do as an attacker...

Looking back at first finding out if Falco can be usable when attempting to monitor files on your system, what would you think about the following approach? The kernel driver...

Thank you @stevenbrz - we now have a new repo https://github.com/falcosecurity/cncf-green-review-testing for benchmarking purposes. We are still developing it - also on the CNCF side. We would love your contributions...

Thank you very much for sharing these updates @stevenbrz. I wrote it earlier and still believe that kernel-side filtering needs to be part of Falco's future (one way or another),...

@stevenbrz thanks for sharing the patches. Shall we tackle the proposal after the Falco 0.38.0 release (end of May)? This would give all maintainers a bit more time to take...

Hi :wave: @wangyongfeng5 In addition to the global setting (not doing any sampling) https://github.com/falcosecurity/libs/blob/bf1280f5a7c637cedd2d7bc3e2d05f9fb2fcf5fe/driver/bpf/plumbing_helpers.h#L496 which for the Falco use case is disabled by default, we also have the flag https://github.com/falcosecurity/libs/blob/bf1280f5a7c637cedd2d7bc3e2d05f9fb2fcf5fe/driver/bpf/plumbing_helpers.h#L560...

Understood @wangyongfeng5 re this PR and the other one. Those are quite significant changes that align with custom clients and not the Falco client. Would it be ok to defer...

/remove-lifecycle stale

Suggestions for first pass review: - Test if it even works on `localhost` for you, please read README carefully - Scripts are glue-code type of scripting, mostly bash, nothing very...

Thanks @Molter73 for the very detailed first sweep of comments :heart:, will address all of them. Re @leogr https://github.com/falcosecurity/libs/pull/524#discussion_r1141376936 ... convert to Go would first like to discuss this more...