chore: update site description #1759
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
chore: update site description chore: update site description Signed-off-by: Shedrack Akintayo <[email protected]> chore: fix title Signed-off-by: Shedrack Akintayo <[email protected]> chore: update site in i8n
Signed-off-by: Kornilios Kourtis <[email protected]>
There are dead links in the Getting Started section of the README. This patch fixes this by: 1. Replacing all the dead links with the corresponding updated link in the documentation. Fixes: #1653 Signed-off-by: Paul Arah <[email protected]>
Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: Djalal Harouni <[email protected]>
Signed-off-by: Djalal Harouni <[email protected]>
Signed-off-by: Djalal Harouni <[email protected]>
Signed-off-by: Mauricio Vásquez <[email protected]>
Fixes: #1623 Signed-off-by: Shedrack Akintayo <[email protected]>
Mismatches between the BPF and userspace API are often the cause of bizarre bugs that are difficult to debug. This might happen if a developer makes a change to one and forgets to update the other, or it might simply happen during development if the userspace and BPF targets go out of sync. This PR introduces alignment checks to the Tetragon startup process so that we can fail with a clear error message when such situations arise. Signed-off-by: William Findlay <[email protected]>
Signed-off-by: Kornilios Kourtis <[email protected]>
Removing GenericTracepointConf type as a cleanup, because that abstraction is not actually needed anywhere. Signed-off-by: Jiri Olsa <[email protected]>
Adding possibility to specify option for the set. It's an array of name/value pairs and it's meant to be processed and interpreted by each sensor. Signed-off-by: Jiri Olsa <[email protected]>
We are about to pass options to createGenericKprobeSensor function, so it's better the function takes the whole spec poitner rather than adding another function argument. Signed-off-by: Jiri Olsa <[email protected]>
Adding support to process options passed in spec for kprobe sensor. At the moment the only supported option is to disable kprobe multi (like with --disable-kprobe-multi option). Signed-off-by: Jiri Olsa <[email protected]>
We can now localy disable kprobe multi, let's use it for security_ override test, which won't work with kprobe multi. Signed-off-by: Jiri Olsa <[email protected]>
Signed-off-by: Jiri Olsa <[email protected]>
….55.1 Signed-off-by: cilium-renovate[bot] <134692979+cilium-renovate[bot]@users.noreply.github.com>
Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: Mahe Tardy <[email protected]>
The action was timing out: taking around 11min to build, 2min to create the archive, upload was more than 6/7min thus triggering the 20min limit. Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: cilium-renovate[bot] <134692979+cilium-renovate[bot]@users.noreply.github.com>
Signed-off-by: cilium-renovate[bot] <134692979+cilium-renovate[bot]@users.noreply.github.com>
Signed-off-by: cilium-renovate[bot] <134692979+cilium-renovate[bot]@users.noreply.github.com>
Pick up cilium/cilium#26842. Signed-off-by: Michi Mutsuzaki <[email protected]>
Signed-off-by: Kornilios Kourtis <[email protected]>
Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: cilium-renovate[bot] <134692979+cilium-renovate[bot]@users.noreply.github.com>
[ port of cilium/cilium@924df33 ] Nothing in the tree depends on newer patch releases of Go, so we can keep this to the first patch release of this series. Signed-off-by: Mahe Tardy <[email protected]>
[ port of cilium/cilium@91d7a49 ] The goal here is to allow developer toolchains to have more flexibility around the specific version of Go compared with the latest patch releases. Note that all of the real-world code and all tests will continue to be updated to use the latest Go versions, it's just the go.mod that will start to drift, since the code can actually compile with earlier versions of Go; we don't require specific patch versions based on the set of standard library features used in the code. Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: cilium-renovate[bot] <134692979+cilium-renovate[bot]@users.noreply.github.com>
Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: Dean <[email protected]>
I finally understood that the allowedVersion was broken, restricting <1.22. Docker does not have version semantics because of tags so it was using a fallback to npm and thus filtering out any version with the -alpine suffix. Explaining the missing updates on stable 1.0. Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: Mahe Tardy <[email protected]>
This new struct will store information about the binary path from the moment we persist the execve information in the execve_map. We tried to reduce at maximum the size of what we store, ending up with 256 bytes instead of the theoretical maximum MAX_PATH 4096 bytes (+ metadata). This will be useful when doing the matchBinary at a later stage and retrieving the information about the process from the execve_map. Signed-off-by: Mahe Tardy <[email protected]>
This commits introduces changes on the proc reader part, which scans /proc at startup and initialize/fill execve_map with information of processes that were started before tetragon. Also it moves the part that is trimming the p.args if the size of the process information would not fit in the allocated buffer. We were previously doing it in the part that parses /proc, which was too early because in the case of execve_map initialization, it's not needed (and we now need at least 255 bytes of the binary path guaranted), while it's needed for pushing the execve event, where it was moved. We also needed the 'exe' value at execve_map initialization, which was already merged with 'cmdline' early at /proc parsing since it was not necessary previously. Now we merge 'exe' and 'cmdline' on demand at a later stage (again when pushing the execve event). Signed-off-by: Mahe Tardy <[email protected]>
A new binary struct was added BPF side to store a part of the binary path inside the execve_map values (to do comparison at a later stage). Signed-off-by: Mahe Tardy <[email protected]>
This copies the information to persist in the execve_map. Signed-off-by: Mahe Tardy <[email protected]>
This commits introduces the new "tg_mb_sel_opts", that stores the matchBinaries selector options on userspace, to use on BPF side. It adapts the code to parse the selector and to populate the map with the options at progam loading time. Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: Mahe Tardy <[email protected]>
This commit introduces a new implementation for matchBinaries using the stored binary path from the execve information to match against a hash maps of the matchBinaries paths for In and NotIn operators. This hash map is in a map of maps containing potentially a hash map per matchBinaries selector. Note that a first iteration was made using the strings machinery, using multiple map strings and thus reducing CPU cycles, but it proved to be too complex for 4.19. This also remove old unnecessary fields and code for the old matchBinaries implementation. Signed-off-by: Mahe Tardy <[email protected]>
This cleans up the old implementation and add the userspace side for the new implementation: parsing the the matchBinaries selectors and populating the map at program loading time with the paths. Signed-off-by: Mahe Tardy <[email protected]>
Signed-off-by: Mahe Tardy <[email protected]>
This test is a bit more advanced than the previous usual ones (TestKprobeMatchBinaries) since it can check for the absence of the filtered event from the output of the perfring. Signed-off-by: Mahe Tardy <[email protected]>
Previous matchBinaries selector implementation would skip events triggered by process started before Tetragon. Signed-off-by: Mahe Tardy <[email protected]>
- remove cmd/tetra/main.go viper.BindPFlags - replace viper.Get -> Common.XXX - add cmd/tetra/common/flags.go variable - change connect logic Signed-off-by: Jack-R-lantern <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR updates the docs site description