github aquasecurity/tracee v0.8.2
on GitHub

latest releases: v0.22.4, v0.22.3, v0.22.2...
2 years ago

v0.8.2

This release continues the trend of more frequent smaller releases. It contains mostly bug fixes and performance optimizations.

Highlights

Breaking Changes

There should be no breaking changes

Fixes

  • Optimizations to syscall enter/exit hooks (#2080)
  • Optimizations with likely/unlikely macros (#2131)
  • Lowered the threshold to drop CAP_SYS_ADMIN for better consistency on various distributions (#2078)
  • Resolved arm64 compilation problems (#2103)
  • Use /proc/self/exe instead of Go os.Executable to resolve runtime errors (#2103)
  • Add requirement of CAP_SYS_PTRACE to the capture_exec event (#1932)
  • Remove symbols loaded errors that should be warnings (#2129)
  • Added LIBBPFGO_OSRELEASE_FILE to falco sidekick k8s deployment (#2142)
  • Resolved an issue with applying the context from triggering events (#2090)
  • Style fixes (#2112)
  • Updated postee in helm charts (#2111)
  • Resolved an issue where a nil pointer dereference occurred when net interface wasn't specified (#2066)

New Features

  • New ability to bypass dropping of capabilities via --caps allow-failed-drop and --caps cancel-drop` options (#2008)
  • Daily tests workflow and bad (#2064)

Thanks for your valuable contributions @cdelzotti!

Docker images

  • docker pull docker.io/aquasec/tracee:0.8.2 (embedded eBPF CO-RE obj with BTFHUB support)
  • docker pull docker.io/aquasec/tracee:full-0.8.2 (compiles non CO-RE eBPF object on startup)

Full Changelog

1bca152 - docs/tracing: fix typo (#2149) (P1nant0m)
afa6347 - deprecation: adjust deprecation warnings (Rafael David Tinoco)
9001dbc - capabilities: fix usage of kernel version interface (grantseltzer)
fdacd94 - parse_args: fix {get,set}sockopt new parse option (grantseltzer)
eb1fe11 - libbpfgo: update to latest (1.0.0+) (Rafael David Tinoco)
911d01b - libbpf: upgrade to v1.0.0 (grantseltzer)
1c8fef2 - docs/building: fix typo (grantseltzer)
d7ff24e - makefile: remove clang-tidy as checker (Rafael David Tinoco)
49e75bc - makefile: get rid of dist/tracee.bpf bundle (Rafael David Tinoco)
d1c360e - ebpf: add get_task_syscall_id helper (#2134) (Nadav Strahilevitz)
9e39079 - bug: add LIBBPFGO_OSRELEASE_FILE to falcosidekick (#2142) (Jose Donizetti)
8f1b398 - pkg/events/derive: silence symbols loaded errors (#2129) (Alon Zivony)
66ee9a7 - tracee.bpf.c: optimize with unlikely (#2131) (Nadav Strahilevitz)
fef3871 - tracee.bpf.c: optimize sys_enter and sys_exit (#2080) (Nadav Strahilevitz)
a038cc7 - refactor: remove not used return argument (Jose Donizetti)
913c2a7 - uprobes: adjust calling convention for uprobe handlers (Rafael David Tinoco)
2c041f6 - uprobes: open /proc/self/exe instead of os.Executable() (Rafael David Tinoco)
ba22939 - arm64: move comment for better indentation (Rafael David Tinoco)
0aa26f4 - tracee: do not tailcall undefined syscalls (Rafael David Tinoco)
2bc7519 - arm_kprobe: change hook point to satisfy arm64 missing symbol (Rafael David Tinoco)
cbd102b - tracee.bpf.c: fix arm64 compilation problems (Rafael David Tinoco)
509dc06 - events: change addr arguments to type pointer (#2128) (roikol)
b6dcf11 - pkg/ebpf: open files in output dir using FD (Alon Zivony)
da38117 - pkg/events: add missing capabilities to capture exec (Alon Zivony)
997cc37 - cmd/tracee-ebpf: divide capabilities dropping to stages (Alon Zivony)
c2bfd11 - containers/runtime: move autodiscover to package (#2081) (Nadav Strahilevitz)
c20afb4 - refactor: style fixes (#2112) (Jose Donizetti)
c631deb - feat(deps): Bump up Postee Helm chart version. (#2111) (simar7)
2af18f3 - README: remove badge for removed workflow (Rafael David Tinoco)
ea5fcc8 - workflows: remove redundant test being done to each PR (#2106) (Rafael David Tinoco)
5ebdfe7 - k8s: fix tracee version to latest release v0.8.1 (#2099) (Jose Donizetti)
bedba05 - k8s: fix kustomization.yaml (#2101) (Jose Donizetti)
edcaf81 - trigger: fix context apply (#2090) (Nadav Strahilevitz)
d4ad612 - tracee-tester: spin-off tracee-tester related files (#2091) (Rafael David Tinoco)
a2fd2c4 - trigger: move event triggering logic out of derive (#2069) (Nadav Strahilevitz)
5f765aa - enrich: add queue cleaner goroutine (#2084) (Nadav Strahilevitz)
f396d91 - events: add security_inode_rename event (#2045) (Rafael David Tinoco)
7097533 - ebpf: parse events fd arguments to filenames (Geyslan Gregório)
df76fa1 - ebpf: standardize and reorder syscall names (Geyslan Gregório)
eef81b1 - tracee-ebpf: remove bufs_off map (#1866) (Yaniv Agman)
f679919 - Lowering the thresold to drop CAP_SYS_ADMIN (#2078) (cdelzotti)
5a5762e - cmd/tracee-ebpf: add capabilities dropping bypasses (#2008) (Alon Zivony)
3f8f409 - Add daily tests workflow and respective badge (#2064) (G Gregório)
3f78d22 - parse_args: fix cases where arg type didn't change (#2072) (Nadav Strahilevitz)
0cc6166 - fix: capture net filter nil pointer error (#2067) (cdelzotti)
32748d6 - docs/integrating: fix docker run command (#2065) (Calvin Xiao)

Check out latest releases or
releases around aquasecurity/tracee v0.8.2

Don't miss a new tracee release

NewReleases is sending notifications on new releases.

Get notifications