Release highlights and discussion: https://github.com/aquasecurity/tracee/discussions/331
Changelog
e210c72f743d4b65f4690952943665c8026b4d2c fix version detection for docker build
8d0ac305a004a1bda981ae15362b18218672c31a fix version detection for release
dab487d56f78bfda6c4a3bfab7d11085b54f2bcf fix version detection for release
b481f0d80f9086e09b279c738b23c34f31a99c50 update readme for release
b837b6bb2f3cae7a52babdbea631f9bca3bf5069 fix kernel headers defaults in other distros
aa5ec50335fc83f04ad85d5d3ebc3882ae7616a8 make bpf obj file version dependent
e123fcab6a69d5bbe2da125b4281b734c2c3ff23 refactor release script, include slim images in notes
87d70f913d6bfdbb02ef03c4c24a37c24132fe34 update readme
318933ebee39fa3014e653d5c8723c59f4f40c3b update readme
eb47b745ffad10c3b7b68abb5836c4998479fe46 test for bpf build in ci
5b90fd50ddf3ef8fe7af384fd1625ed4110394a6 fetch libbpf source from make if needed
52c397bd0ae6b8835f87492f33ad1f2e150a10ca fix building in docker without tools
86392ee70437dde9a1ba443bc2579a0e9c366359 fix release process and add slim image
ee46b6fcd5ac1561fea005f1de354476c140070b fix typo
85c3379737ec3dd6024ca1894fe42619f1d206b6 docker builder in cwd
151b137da5df5a56a8d68428ec330980c959e65f make docker targets real targets
ae2fd1a664bd3551b5462162d5b7119e9d446d45 improve naming of tools and fix make bpf-docker
4a9734ec2875367663b6f78bafb44872e603929e optimize docker building
5faa7c1beeefdc5a2ebb8bc4f7d4497370972447 improve building in docker
e4f502cedda2a87f98451d94c3b36e7633149f6f require llvm 9
b4ddc9937de84590e5e5b99c9e39315e200e147b Add a --filter
flag which takes arguments of the form
99c36bef218669a2918a8f599f5e5b1c252d9d0a update_logo
42e11de939ee1f9ca196301a9d944f1027e71787 fix clang version detection
efa68eee877345d13f6d48442f4bcd62b348aad6 tracee use libbpgo relatively
8d536dbe0f70528eed44062cb0574ba1d4cffea1 fix naming convention
9f5a3055573f20720784fbd83e7d7366ab60e8b0 add libbpfgo readme
5aaf2309338e7bbe13b658d41bc368e1a32fc6ca make libbpfgo a module
d5be3a6942c48f7bddf8913a10036be1265a50e8 feat: add test to ci/cd workflow
2a9d54ed435bece014e90f31c242270d531e27d7 Fix capture exec with empty string
a78a915e4b1027b1d25f2e0676c76b13b4fe2ff5 fix test target and add test-docker
1943eaa6a688e9f549567df27d875785d8cf13ee fix bundle path
4bd1c7b68812ca807b53db322d941ec54e2ec89e check minimum clang version (#310)
d8a55e7775b92b7ec50080d28424e6cf462b718f Fix and enable tests again
9edac6b77c4bf7a42ca3aeefe3d47bcce5d7ab21 Add sched_process_exit event
f35a8f393ea132322cb7077322e1060695f08d4b Add libbpf uapi headers - fix ubuntu16 compilation
aefd3cd5a0ebe8817d1ec4d1a29701488aa7bf6d Fix asm_inline for kernel > 5.4
fe77c7f30b3b14bf1fb69a5a7acf4abd3594a7c2 Print uts name in container mode
46f1e2adac79446641b5583320b2fe64a08b9262 force clang compiler
d0757229eee66ee6b7c3ea84bf7b47e1287068ca rewrite release process
2cccd1d9ce6b7f5934923e6fd2df0249893801af Update readme with build comments
71c97f07d7a340ca7f23dec160900fe8e30da65d Don't make llvm-strip a dependency
13c4d1abd56cb3a7d813bd747e656749e091e548 fix makefile dependency
9e06a2025d31be99ff651cd738f6d0823741f3a9 Fix lint and build errors
935540e5fc907e91487c448686c7767790a26106 Rename bpfwrap to libbpfgo
6cfa83d6e866b378db08141987d0707397a18591 fix docker builds for libbpf
cc7f1eae7d9cacd4d4c3f05f4efc5267fe843290 Organize probe attach code
ffe7b63f49e2c801aac8fca5b6b0b2252908bc53 Disable bpf program autoload if not required
3e7199e9ccc33febaa9174d06c31ce4415a1287c Reorganize initBPF function
6a379a2bb0ee3733da1a8cae2149dabaad8b4ad2 add build-policy flag
8fb3fa541cfc452ef8db57e1c272476fd7ae4286 use different dirs for output and install by default
b06c4811d05790df03efbee5bb1778eec08143a2 use tmp as default install path
fbf395a9041e50780d7e6654cc4d70d5cb18c488 drop capabilities during compilation
3b80e0f189507f864bc51b5849561d91fbe1df0b bundle bpf source for compilation at runtime
6ea6fbf40b44dab5a3b624057aa5e3bf1a8a9ddc compile bpf obj on startup
765d4fac5687f71173ab01b67b8ddc641de2acb8 fix bpf src injection
8c4a1bbdd472893fc4c75dbc74a0044015b59acf refactor bpf obj searching
a074b378854b5554959d7c55472992a0e42f57ee Update libbpf submodule
5109ae1f609f51a3a2e59f8056346fde8b32ef56 improve and organize build (#280)
1208adbc532a232a04db6c85988fecba894f6078 add new module creation from buffer to bpfwrap
b17be813d024b932ee4b5dde75121d6e035fb613 Remove BCC from readme
a2e43591282054955602849b6fc5ca8cf77b6eee Move from gobpf to bpfwrap (libbpf)
172655fa3412a7cec2c0af9d1d82f997844335e9 Add bpfwrap - a thin libbpf wrapper
73d4b7325c8ac42a0efc28f438332f2dcf487d2b Add libbpf submoudle
2cac3ee1ea16f8aba241ad87e2785ab5c4a5b1e1 Fix tests
49dee1eafb648899e5afb2157fb08c3682caccba Fix lint errors
f1f43f80ff84ad9fe647e17955733f837b19440b fix ci trigger
d64607a179873862f1193ac8a7be1d21cf525cb5 Fix bad string size type
7a755e3f12acca3f075d2dbea1af34d86e6519ea update go version to 1.15
d0fe845c21b7d6613216ae1f4ea37d88b54bb155 updated to golang 1.15
4964f5c75c7a2e42362067082822c5b4698fac01 Output formatting via gotemplate (#256)
a3e991f10b771ac98889792c9ed58e853a2debbe feat: Add CI/CD Workflow (#259)
5d49921f900fff50ad0e4bb32204d7fd3b2ddbf7 fix memfd files not shown in vfs_write
bc84eae22d5909c0e95fd4c2d80e76ddde5bebd8 fix sockaddr_in parsing
0bb0dbe09d5281a2e0c32fdb4029e2f95f08e01a fix error printing line break
582a3806a41e7a3376573c4d9dbac6cf7c24b972 Created a new --trace flag to replace and enhance the --pid and --container flags
4f50e28e97a2dcfd7c714877f9f9871bb4d9fe2d Revert "Created a new --trace flag to replace and enhance the --pid and --container flags"
120204f26529bb484c0247a18debcc6ab7ecbc87 Created a new --trace flag to replace and enhance the --pid and --container flags
aec1ef6ea44bb70008347d6cc1a928990cae399f Fix send bin chunk size
d58cd29cba127702f05ddd5e39d7f00eb67e6a0c Fix broken kernel 4.14 support
e753945963f6f811574280d05656a8b76e55df9d Made the typo change as requested
91fcd92d56f93c27f40d7c81edc15c9a6a4edfa3 Typo Corrected in README.md to sound more meaningfull
42cd0b70d39ae8bc0b41cb452fe6702f8d07b005 change readiness file format
751f38ddedea869c3cd4c6d8944484060ad9ccac Various Grammatical and Spelling Changes (#246)
Docker images
docker pull docker.io/aquasec/tracee:latest
docker pull docker.io/aquasec/tracee:0.3
docker pull docker.io/aquasec/tracee:slim
docker pull docker.io/aquasec/tracee:slim-0.3