Rafael David Tinoco

FTR: That is exactly why i changed the "distro test" image recently. It is able to generate other architecture's compilations/docker images/packages.

> I'm not sure this is because of the enrichment events not being enabled (cgroup_mkdir etc should be enabled by default). I think net events just aren't getting enriched since...

@AlonZivony we only need kconfig because of kconfig relocations within libbpf. Last we spoke about this, you started probing features from kallsyms (checking if symbols existed, to know if kconfig...

Yes, I also think that the kconfig file read need should be removed and we should rely in checking the existence (or not) of symbols. Maybe we should have a...

> But it make you vulnerable to errors per kernel version and distro. It is already very hard for us to guarantee that tracee works for all distros and versions,...

> > Every day i see more fit to have a "wrapper" simplifying many of the things we do that wouldn't fit the tool initialization process itself (like making tracee...

Now we do: https://github.com/aquasecurity/tracee/issues/2038

Check the `--output option:parse-arguments` flag and what it does. I believe it will answer your question.

Like we've already spoken on Telegram, I believe having a map indexed by proc id (pid/tid) and fd #, with a path name, that could be accessed in userland if...

Let me know once you have a suggestion, or even better if you have a code proposal testing it if it would be enough or not. Thanks!