Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[UMBRELLA] Missing syscalls #676

Closed
5 tasks done
leodido opened this issue Jun 19, 2019 · 27 comments
Closed
5 tasks done

[UMBRELLA] Missing syscalls #676

leodido opened this issue Jun 19, 2019 · 27 comments

Comments

@leodido
Copy link
Member

leodido commented Jun 19, 2019

What would you like to be added:

Missing syscalls:

Why is this needed:

This issue serves now as an umbrella issue to track the syscall the kernel module and/or eBPF driver are missing.

@fntlnz
Copy link
Contributor

fntlnz commented Jun 19, 2019

/area kernel-module

@stale
Copy link

stale bot commented Aug 18, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Aug 18, 2019
@leodido
Copy link
Member Author

leodido commented Aug 19, 2019

Since we also have evidence of other missing syscall (eg., copy_file_range) we could use this issue to track all of them.

Otherwise we can close this. When we'll have them in the kernel module we'll reopen it.


Converted this issue into an umbrealla one.

@stale stale bot removed the wontfix label Aug 19, 2019
@leodido leodido changed the title Alerts for execveat [UMBRELLA] Missing syscalls Aug 21, 2019
@fntlnz fntlnz added this to the 0.18.0 milestone Aug 29, 2019
@leodido leodido modified the milestones: 0.18.0, 0.19.0 Oct 3, 2019
@stale
Copy link

stale bot commented Dec 2, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Dec 2, 2019
@fntlnz
Copy link
Contributor

fntlnz commented Dec 4, 2019

This also needs rules updates.

@stale stale bot removed the wontfix label Dec 4, 2019
@leodido
Copy link
Member Author

leodido commented Dec 20, 2019

/milestone 1.0.0

@poiana poiana modified the milestones: 0.19.0, 1.0.0 Dec 20, 2019
@jalseth
Copy link

jalseth commented Jan 23, 2020

/assign

Targeting the 1.0.0 release, I'm basing the missing syscalls off of the latest stable kernel in GKE, which is 4.19. I will focus on the ones that obviously have security implications first, that way if we want to cut a release 1.0.0 without monitoring of some of the syscalls that aren't security related, we can.

@jalseth jalseth removed their assignment Mar 20, 2020
@stale
Copy link

stale bot commented May 19, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label May 19, 2020
@leodido
Copy link
Member Author

leodido commented May 19, 2020 via email

@stale stale bot removed the wontfix label May 19, 2020
@leogr
Copy link
Member

leogr commented Jun 5, 2020

I have found another missing syscall:

Also added a todo here for renameat2, more context 👉 #1250

@stale
Copy link

stale bot commented Aug 4, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. Issues labeled "cncf", "roadmap" and "help wanted" will not be automatically closed. Please refer to a maintainer to get such label added if you think this should be kept open.

@stale stale bot added the wontfix label Aug 4, 2020
@poiana
Copy link
Contributor

poiana commented May 23, 2021

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@leogr
Copy link
Member

leogr commented May 24, 2021

/remove-lifecycle stale

@poiana
Copy link
Contributor

poiana commented Sep 8, 2021

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@leogr
Copy link
Member

leogr commented Sep 15, 2021

/remove-lifecycle stale

@poiana
Copy link
Contributor

poiana commented Dec 14, 2021

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@leogr
Copy link
Member

leogr commented Dec 20, 2021

/remove-lifecycle stale

@poiana
Copy link
Contributor

poiana commented Mar 20, 2022

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@leogr
Copy link
Member

leogr commented Mar 23, 2022

All those syscalls were recently added. Not sure if we want still to keep this open to track other missing syscalls.
@FedeDP wdyt?

@FedeDP
Copy link
Contributor

FedeDP commented Mar 23, 2022

I think we can close this one and eventually open a new issue when new syscalls get requested. We are pretty solid at the moment IMO :)

@poiana
Copy link
Contributor

poiana commented Apr 22, 2022

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

@leogr
Copy link
Member

leogr commented Apr 26, 2022

/close

@poiana
Copy link
Contributor

poiana commented Apr 26, 2022

@leogr: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants