Itay Shakury
Itay Shakury
How is this different than current argument based fillers?
we have filters at the event level as well: e.g `--trace openat.pathname=/tmp*`
> On events pipeline in tracee-ebpf, drop events with low priority when required that might be too late, if we're defining the desired solution here, I think we want to...
SGTM, a couple of suggestions: we need to be able to keep track of what events the user chose (which is what chosen events originally meant to do) in addition...
I've fixed those issues, but I should note that pretty-printed arg values (e.g `O_WRONLY`) will break. I think we need to communicate if it's raw or printed in the arg...
I don't think we can merge this before #1029 right? I've talked with @grantseltzer about looking into #986 generally
it creates a regression AFAIU > pretty-printed arg values (e.g O_WRONLY) will break
please also consider https://github.com/aquasecurity/tracee/issues/436
the tcpconnect test is a fantastic write up but I don't think it's the "quick start" we needed. for someone who's just starting out, I think there's too much non-libbpfgo...
from #80 > It is well known that cgo has bad performance when calling c code, and even worse when calling go callbacks from c (see, for example, https://about.sourcegraph.com/go/gophercon-2018-adventures-in-cgo-performance/). This...