Kornilios Kourtis

> > Thanks, changes LGTM. I left one comment about removing the unneeded `name` field. > > One of the things we also need to do is update the CLI:...

Everything's ✅ , so merging this. Many thanks @joshuajorel this is an awesome contribution.

Thanks @anfedotoff! Here are some first thoughts: Considering your proposal: ``` spec: lsm: - call: "bprm_check_security" args: - index: 0 type: "linux_binprm" # file type also is allowed selectors: -...

> LGTM! We still able to filter by file path, before collecting a hash in your approach, right? In other words I mean not to call ima bpf-helpers if filtering...

> It makes sense. I'll take time to learn more about how to validate tracing policy for correctness. Here's an example of checking whether the "multi kprobe" feature is supported:...

The usual way of passing arguments to userspace is to store them in `->args` of msg_generic_kprobe > I think we can use a separate map BPF_MAP_TYPE_HASH for passing hashes to...

> I suppose it is possible to put hashes in `->args` at Action phase? Maybe it is better to use `->args`, as you suggest. That's a good question! I don't...

Thanks! Can you please provide a sysdump or the tetragon pod logs? For the sysdump, please see https://tetragon.io/docs/troubleshooting/#automatic-log--state-collection.

Not clear to me what exactly the issue is, I'll add some speculation and notes for future reference We dont' seem to have a proper /procRoot: ``` 2024-04-17T06:46:13.367309227Z time="2024-04-17T06:46:13Z" level=warning...

Failure is: ``` --- FAIL: TestNamespacedPolicies (0.00s) logcapture.go:25: time="2024-03-14T23:41:13Z" level=info msg="Supported cgroup controller 'memory' is active on the system" cgroup.controller.hierarchyID=9 cgroup.controller.index=4 cgroup.controller.name=memory cgroup.fs=/sys/fs/cgroup logcapture.go:25: time="2024-03-14T23:41:13Z" level=info msg="Supported cgroup controller 'pids'...