Rafael David Tinoco
Rafael David Tinoco
@itamarmaouda101 You have added `DebugfsCreateDir` to events_processor (concatenating dentry path and dirname)in PR: #1649 , Maybe you should do the same for #1648 changes (dentry path + filename). I believe...
> I bring you three issues for discussion. > > **1. Path length limitation** > > Currently it's working in vagrant env with `MAX_CACHED_PATH_SIZE` (64). Do you suggest another length...
> > I believe it is ok for now. > > ... > > Let's focus in the simplest cases for now, as you did (good enough for the exercise)....
Also:  Make sure to "fix format" your code for the next push (there is a Makefile target for it). This way the tests will pass the code analysis phase...
BTW @geyslan, I took so much time to review this that it has a conflict. Would you mind rebasing it to origin/main again, and address the minor comments ? I'll...
Adding @yanivagman for a review of this feature (might be controversial because of enriching delays and all, but I think because it is optional and disabled by default might be...
I'm going to merge this from another PR, solving the conflicts, adding some TODOs and opening an issue to address what I think should be addressed.
Closing this to merge https://github.com/aquasecurity/tracee/pull/2086 instead (solving conflicts).
> > In the CLI it would look like `-t security_file_open.comm=ls` > > To avoid collisions with argument filters, I would go for something like `-t security_file_open.context.comm=ls` Yep, I thought...
> Correct me if i'm wrong, direct submission of net_packet events from ebpf will still be through the old net event buffer right? If these can still be emitted, they...