Release highlights and discussion: #441
Changelog
da6a281 fix release workflow for github actions
c22b855 release with github action
60f353e remove redundant go setup steps
4f289b5 update readme
16f1688 refactor output flag
afa9b2d improve --capture help
7d2ce34 Add return value filter
3098430 Make '--capture clear-dir' safer
ee2d9bb Handle capture output dir in capture flag
534d012 Decouple and remove filter-file-write flag
062947d Add prefix operator to argument filters
b47bbc5 Remove trace flag and add new filters
1993577 Remove vfs_write(v) and ioctl from default set
d38fbef Added --stack-addresses flag to log stack addresses to JSON output
487d1e4 added 'DeleteKey' and 'GetValue' to 'libbpfgo'
409f21e Move pidns trace mode to filter flag
b486a25 Use filters instead of modes in bpf code
6b4fe81 Move follow trace mode to filter flag
4b3d318 Add EventID postfix to new syscall events to fit convention
3ac6a21 Add support for filtering an event by its argument
f44eb20 Supporting new syscalls from kernel version 5.7 - Resolves #372
7ce92f6 Fix bad param renaming
3c622e0 Fix comm and uts filters
e36e880 fix libbpf import
96ed00e Issue-398 add arguments to events
d387056 Add indexing of written files
b4f0a0a Support using filter prefix for common filters
1edeff8 Move event flags into filter flag
1bd03a9 Change trace modes and add container filter
f1968a7 refactor Event and params
ff0cb90 fix compat detection for older kernels
54d324f Add support for arm64 32bit compatibility mode
af0ea08 Fix ptrace request argument print
0536237 remove redundant var
ad3cb5d Fix event listing
21720af Simplify filters logic
ea5dca1 Move pid filter to filter flag
c3d5c4d signal end of transmission for gob output
84180be Support ARM64 architecture
bfcabb2 Set TRACEE_BPF_FILE to point to file instead of dir
68d6c71 Fix execve pointer errors
8ed6772 Fix pidns filter erroneously set to mntns
f32c50b Add process follow mode
22ffc4e rename master to main
5702252 Merge filters and set bit size
ef665e3 Rearrange bpf filtering code
11b251f Add UTS and COMM filters
88f5d6b Add mnt ns and pid ns filters
64a084a Simplify uid filtering code
Docker images
docker pull docker.io/aquasec/tracee:latestdocker pull docker.io/aquasec/tracee:0.4.0docker pull docker.io/aquasec/tracee:slimdocker pull docker.io/aquasec/tracee:slim-0.4.0