Kornilios Kourtis
Kornilios Kourtis
This is a first PR for supporting NRI (https://github.com/containerd/nri), and having an easy way to install the tetragon runtime hook in containerd. Please see patches. The idea here (which will...
## Tetragon release checklist - [x] Check that there are no [release blockers]. - [x] Set `RELEASE` environment variable. For example, if you are releasing `v0.8.1`: export RELEASE=v0.8.1 - [x]...
``` I0612 10:26:17.754634 14418 dumpinfo.go:299] contacting gops agentaddr127.0.0.1:8118 coverage: [no statements] panic: test timed out after 20m0s running tests: TestLabelsDemoApp (20m0s) TestLabelsDemoApp/Run_Workload (20m0s) TestLabelsDemoApp/Run_Workload/Run_Workload (20m0s) goroutine 476 [running]: testing.(*M).startAlarm.func1() /opt/hostedtoolcache/go/1.22.4/x64/src/testing/testing.go:2366...
https://github.com/cilium/tetragon/blob/main/docs/content/en/docs/concepts/tracing-policy/selectors.md#notify-killer-action see: https://github.com/cilium/tetragon/pull/2117
The sensors gRPC interface is outdated. We should deprecate it and use tracingpolicies instead. Before deprecating, however, we need to provide the functionality to disable a tracingpolicy as we, currently,...
``` === RUN TestK8s === RUN TestK8s/namespaces === RUN TestK8s/pod_labels map_test.go:24: Error Trace: /home/runner/work/tetragon/tetragon/go/src/github.com/cilium/tetragon/pkg/policyfilter/map_test.go:24 /home/runner/work/tetragon/tetragon/go/src/github.com/cilium/tetragon/pkg/policyfilter/k8s_test.go:429 /home/runner/work/tetragon/tetragon/go/src/github.com/cilium/tetragon/pkg/policyfilter/k8s_test.go:773 Error: Not equal: expected: map[policyfilter.PolicyID]map[policyfilter.CgroupID]struct {}{0x1:map[policyfilter.CgroupID]struct {}{0x3c12b25a44aff3ec:struct {}{}, 0x3c2746fd7b823f78:struct {}{}, 0x41741c658872581d:struct {}{}, 0xf902e3c713283c61:struct {}{}},...
Follow ups from #703 - [ ] move handling to a goroutine https://github.com/cilium/tetragon/blob/966b30173222e4b92a748c3f4344e52c89b51a90/pkg/policyfilter/state.go#L51-L53 - [ ] debugging documentation (e.g., figure out whether certain cgroup ids are part of the map...
After this PR, we can do: ```shell lvh images pull quay.io/lvh-images/kind@sha256:eaa587681844b157a595afb23c1fdcc60f3e8e9a3404a8bd1c826089dc1a89da --platform linux/arm64 lvh kernel pull 5.15-main --platform linux/arm64 lvh run --qemu-arch arm64 --image _data/images/kind_5.10.qcow2 --kernel 5.15-main/boot/vmlinuz-5.15.164 ``` To boot...
For historic reasons, kprobes, tracepoints, and now lsm hooks live under the (generic) tracing sensor `pkg/sensors/tracing`. Also for historic reasons, policies that combine any two of the above are not...