Melissa Kilby
Melissa Kilby
Pulled latest changes and simulated https://github.com/falcosecurity/libs/pull/521#issuecomment-1227099508 in the `sinsp-example` and everything seems to work as expected. Simulation was using the new APIs to enforce syscalls of interest, but adding `fchmodat`...
> Hi @incertum, I totally agree with tags `container` and `host`. In addition AFAIK you can also load rules based on tags so you may want to use the `host`...
@leogr Added additional details into the doc as suggested. Ok to ask for more polishing commit. After that we can merge and you can edit the rest in a follow...
Additional context: - @Andreagit97 initially implemented the size of the buffer in bytes as param - `power of 2` constraint and benefits of validation checks had been raised as well...
Nice, appreciate the additional insights @gnosek @leogr - learned new stuff :) Realistically, most end users probably only need to bump the buffer size up, not down. Therefore, anchored differently...
@Andreagit97 yeah either way will be fine, I think most end users want to spend like 30 seconds on it and just select the next number if the default doesn't...
Amazing will take a look! @loresuso made some suggestions in the doc on how to maybe simplify "memfd+exec", have 100% confidence that this is doable and sane and would suggest...
@FedeDP ty let me look into `scap-procs` - once feature complete will implement this for modern_bpf, scap file and kmod, always leave the kmod fun for the end :) Also...
@LucaGuerra ❤️ 😎 as always a fantastic summary and technical assessment of what the actual problem here is. Fully agree that all these signals combined will be super valuable in...
Edited: We have moved all brainstorming to https://github.com/falcosecurity/libs/issues/615 in order to keep this PR focused.