Andrea Terzolo
/milestone 0.10.0
My 2 cents on this. Even if we are able to recover the `struct linux_binprm` from `sys_exit` it would be really a mess and really expensive while with `sched/sched_process_exec` we...
Just thinking again about it... since we have the collision with this tracepoint already used in ARM, what about using a `kprobe`? Ok, kernel functions could change over time but...
> To be honest, here I would vote for the second choice because this would open a new world for Falco! We could trace almost whatever we want not only...
> Would favor staying open minded and explore all options. Furthermore, shall we follow a data-driven approach? Meaning we measure perf overhead on actual production servers instead of making decisions...
Now they work over #643 :point_down: https://github.com/Andreagit97/libs/tree/try_e2e. There is a problem in the building with `minimal_deps` but I think it is related to the fact that in `minimal_deps` we don't...