github aquasecurity/tracee v0.8.1
on GitHub

latest releases: v0.22.1, v0.22.0, v0.22.0-rc...
2 years ago

v0.8.1

This release is smaller than v0.8.0 which is an intended trend towards more frequent smaller releases.
It contains many fixes and some impactful new features.

Docker images

  • docker pull docker.io/aquasec/tracee:0.8.1 (embedded eBPF CO-RE obj with BTFHUB support)
  • docker pull docker.io/aquasec/tracee:full-0.8.1 (compiles non CO-RE eBPF object on startup)

Highlights

Breaking Changes

  • There should be no breaking changes

Fixes

  • Fixed a lot of errors being surfaced via loading symbols (#2037)
  • Tracee container won't duplicate probing of linux proc capabilities (#2056 thanks @cdelzotti!)
  • Added perf_event_paranoid dependent capability support (#2033 thanks @cdelzotti!)
  • Recomissioned disabled integration tests (#2017)
  • Converted manually run eBPF programs to use uprobes instead of ioctls (#2031)
  • many more... see full changelog

New Features

  • New package for initializing a tracee-ebpf object (#2006)
  • New symbols_loaded event to monitor shared object exported symbols (#2014)
  • Added ELF interpreter ctime to sched_process_exec event (#1977)

Full Changelog

8d6da1b - pkg/events/derive: prevent spam errors with symbols_loaded (#2037) (Alon Zivony)
546aa65 - retain context of triggering event to the triggered event (#2049) (AsafEitani)
57bda50 - fix: fix hooked_seq_ops argument type and register in gob (#2058) (AsafEitani)
5bdaedc - delete minor unreachable code caused by t.FailNow (#2057) (Abirdcfly)
42f5074 - builder: Remove cap probing for trace subcommand (#2056) (cdelzotti)
30f2078 - refactor: add TODO comments for a future refactoring PR (AsafEitani)
a1dcca7 - fix: satisfy verifier on kernel 5.4 (AsafEitani)
1f67247 - events: combine hooked_seq_ops event output to one event (AsafEitani)
4105fe7 - bpf: refactor save_u64_arr_to_buf (AsafEitani)
803b6b4 - probes: create new uprobe hooks for needed uprobe triggers (AsafEitani)
1ad5f60 - docs: fix symbols_loaded event doc (#2054) (Alon Zivony)
67941b6 - derive: fix libs whitelist of symbols_loaded (#2048) (Alon Zivony)
9b31c56 - Add perf_event_paranoid capability support (#2033) (cdelzotti)
362a6f2 - tracee-bench: prometheus.sh to be executed from any origin (Rafael David Tinoco)
8782c17 - tracee-bench: adjust makefile targets (Rafael David Tinoco)
f4a8ec5 - tracee-bench: tool to track performance information (#1985) (Nadav Strahilevitz)
f35e039 - pkg/ebpf: fix container started flag value (#2044) (Alon Zivony)
f4baab6 - pkg/ebpf: add container_started event flag (#2032) (Alon Zivony)
e785ea9 - types: add context flags with container flag to event (#2041) (Alon Zivony)
db8fc2b - fix broken link for prerequest in ReadMe file (#2040) (Mor Weinberger)
c7c717c - recomission integration tests (#2017) (Nadav Strahilevitz)
fcdb1d6 - pkg/ebpf: change authentication symbol for kallsyms (#2035) (Alon Zivony)
fdc4e7f - ebpf: add event to monitor SOs exported symbols (#2014) (Alon Zivony)
09f73af - fix: typo fix in comment (p1nant0m)
cb56c6a - kerneltest: improve error handling and stderr output (Rafael David Tinoco)
db8d7f5 - Revert "pkg/ebpf: add container_started event flag (#1984)" (Rafael David Tinoco)
97b0363 - Revert "types: add context flags with container flag to event (#2007)" (Rafael David Tinoco)
d2d0061 - fix: verifier error on arm due to register reuse (#2024) (AsafEitani)
1371089 - tests: disable fail-fast on pr workflow (#2021) (Nadav Strahilevitz)
d6de9ef - pkg/ebpf: add container_started event flag (#1984) (Alon Zivony)
45d2bad - tests: use kerneltest.sh instead of distro-tester logic (Rafael David Tinoco)
d1a9b99 - tests: remove distro-tester after replaced by kerneltest.sh (Rafael David Tinoco)
2339d3e - types: add context flags with container flag to event (#2007) (Alon Zivony)
82d5f2b - pkg/utils/shared_objects: load dynamic symbols (Alon Zivony)
b02939c - pkg/containers: resolve host absolute container path (Alon Zivony)
d5320ed - tracee-ebpf: export initialization logic (#2006) (Nadav Strahilevitz)
d7552d6 - tests: remove core and non-core tests temporarily (Rafael David Tinoco)
2cdb276 - containers: containers_map set by package initialization (#1998) (Rafael David Tinoco)
cd0db36 - ubuntu: impish is EOL, move things to jammy (LTS) (#2004) (Rafael David Tinoco)
1cd5e6d - events_enrich: do not try to close nil channel (#2000) (Rafael David Tinoco)
9639325 - tracee: split new between new and init (#1997) (Nadav Strahilevitz)
da72927 - pipeline: fix container lifecycle events (Yaniv Agman)
1286f6f - ebpf: don't submit exit events unless required (Yaniv Agman)
0b29052 - filters: package cleanup and streamlining (#1995) (Nadav Strahilevitz)
aaf3bd9 - flags: file renames and add tests (#1993) (Nadav Strahilevitz)
5153bbc - pkg/ebpf: add interpreter ctime (#1977) (Alon Zivony)
dc946f7 - filters: separate into new package (#1992) (Nadav Strahilevitz)
8ee9e0a - ebpf: simplify filters logic (Yaniv Agman)
277d305 - containers: add Close function for cleanup (#1982) (Nadav Strahilevitz)
226d50c - fix: update kallsyms only when hooked events are selected (#1983) (AsafEitani)
35b39b5 - feat(deps): Upgrade Postee Helm chart version (#1924) (simar7)
41077b3 - k8s: fix tracee version to latest release v0.8.0 (#1975) (Rafael David Tinoco)
8f8b515 - ebpf: fix old pid_ns resolution (#1972) (#1973) (Song Chen)

Check out latest releases or
releases around aquasecurity/tracee v0.8.1

Don't miss a new tracee release

NewReleases is sending notifications on new releases.

Get notifications