-
Notifications
You must be signed in to change notification settings - Fork 903
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[UMBRELLA] Missing syscalls #676
Comments
/area kernel-module |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Since we also have evidence of other missing syscall (eg., Otherwise we can close this. When we'll have them in the kernel module we'll reopen it. Converted this issue into an umbrealla one. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This also needs rules updates. |
/milestone 1.0.0 |
/assign Targeting the 1.0.0 release, I'm basing the missing syscalls off of the latest stable kernel in GKE, which is 4.19. I will focus on the ones that obviously have security implications first, that way if we want to cut a release 1.0.0 without monitoring of some of the syscalls that aren't security related, we can. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
/keep
L.
…On Tue, May 19, 2020 at 10:20 PM stale[bot] ***@***.***> wrote:
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs. Thank you
for your contributions.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#676 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAA5J477TYQJK6XDXOJZK3LRSLSZRANCNFSM4HZJ5DDA>
.
|
I have found another missing syscall:
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. Issues labeled "cncf", "roadmap" and "help wanted" will not be automatically closed. Please refer to a maintainer to get such label added if you think this should be kept open. |
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
All those syscalls were recently added. Not sure if we want still to keep this open to track other missing syscalls. |
I think we can close this one and eventually open a new issue when new syscalls get requested. We are pretty solid at the moment IMO :) |
Stale issues rot after 30d of inactivity. Mark the issue as fresh with Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle rotten |
/close |
@leogr: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What would you like to be added:
Missing syscalls:
execveat
copy_file_range
renameat2
("renameat2" syscall support draios/sysdig#1603)open_by_handle_at
userfaultfd
(new: userfaultfd support libs#50)Why is this needed:
This issue serves now as an umbrella issue to track the syscall the kernel module and/or eBPF driver are missing.
The text was updated successfully, but these errors were encountered: