cilium/tetragon v0.10.0-pre.2

Release refs/tags/v0.10.0-pre.2

on GitHub

Note for maintainers:: Please update the description with the actual release notes (see RELEASE.md for instructions).

What's Changed

• Update README.md by @michi-covalent in #489
• tetragon: Add --rb-size/--rb-size-total options to setup perf ring buffer size by @olsajiri in #480
• pkg:sensors: log loading BPF programs by @tixxdz in #474
• mention LOCAL_CLANG in contributor's dev docs by @dmitris in #503
• build(deps): bump golang from 1.16 to 1.19.2 by @dependabot in #502
• program/loader: properly log verifier errors by @willfindlay in #504
• build(deps): bump actions/download-artifact from 3 to 3.0.1 by @dependabot in #501
• chore: remove binary accidentally checked in by @willfindlay in #508
• Fix a deadlock in eventcache by @tpapagian in #510
• minor README updates by @dmitris in #512
• correct a sentence in 'Deploy Tetragon' by @dmitris in #509
• server: drop events if listener channel is full by @kkourt in #511
• Remove pidMap by @tpapagian in #497
• build: sign Tetragon container images by @sandipanpanda in #517
• Chore: registered probe types by @zhiyu0729 in #519
• chore: sample memfd_create rule by @krol3 in #484
• tetragon: fix graceful shutdown and exit code by @tixxdz in #520
• ci/e2e: fix test failure file exports by @willfindlay in #518
• add kubebuilder validation GetUrl;DnsLookup , it can't get "The Traci… by @sunnoy in #525
• Update automatically generated files by @kevsecurity in #528
• tetragon: Add bpf_printk helper from libbpf by @olsajiri in #514
• vendor: update cilium/ebpf by @willfindlay in #522
• cli: add field filters to the CLI and tetragon configmap by @willfindlay in #513
• tetragon: improve how we read process info during startup by @tixxdz in #523
• tetragon: Switch to clang-14 by @olsajiri in #397
• various fixes motivated by a failure of the raw syscall test by @kkourt in #531
• Fix for execve events that come after clone by @tpapagian in #532
• Make size of event queue configurable by @kevsecurity in #535
• cgroups: add basic cgroups tracking and make it part of the testing framework by @tixxdz in #471
• tetragon: Add ReleasedPinnedBPF option to remove any old progs/maps by @jrfastab in #542
• build(deps): bump docker/build-push-action from 3.1.1 to 3.2.0 by @dependabot in #506
• tetragon: Add v6.0 bpf objects and related fixes by @olsajiri in #537
• vmtests/doc: fix by @kkourt in #547
• build(deps): bump github/codeql-action from 2.1.26 to 2.1.33 by @dependabot in #546
• Makefile.cli: deal with {g,u}id collision by @kkourt in #557
• tests:cgroups: add tests to emulate k8s hierarchies by @tixxdz in #536
• tetragon: fix cobra command line usage by @tixxdz in #565
• tetragon: Add pprof http support by @anjmao in #551
• watcher cleanup by @kkourt in #555
• support for using unix socket for gRPC by @kkourt in #552
• tetragon: fixup generic tracepoint sensor create by @Y-dc in #568
• tetragon: fix initialization deadlock by @kkourt in #574
• build(deps): bump docker/login-action from 2.0.0 to 2.1.0 by @dependabot in #572
• tetragon: Check and remove not compatible map pin paths on loading by @olsajiri in #543
• build(deps): bump github/codeql-action from 2.1.33 to 2.1.36 by @dependabot in #583
• Makefile: Fix potential uid/gid collision by using setpriv by @kkourt in #586
• dockerfile: remove addgroup hubble by @tixxdz in #588
• jsonchecker: retry on EOF/UnexpectedEOF in unmarshaller by @willfindlay in #587
• tetragon: logging improvements for non k8s deployment by @tixxdz in #582
• tests/e2e: make cilium version configurable by @willfindlay in #591
• ci: bump golangci-lint to v1.50.1 by @rolinh in #580
• tetragon: Make sure to read meaningful size data from char_buf args by @Y-dc in #564
• vendor: bump golang-lru to v2 (requires Go >= v1.18 support for generics) by @rolinh in #579
• build(deps): bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #592
• ci: replace deprecated set-output directives by @willfindlay in #598
• add Code of Conduct by @xmulligan in #600
• tetragon: Allow full exec path/args retrieval on 4.19 kernels by @olsajiri in #156
• build(deps): bump ubuntu from 34fea4f to 35fb073 by @dependabot in #507
• logging: allow users to know more about the overall status by @tixxdz in #590
• build(deps): bump github/codeql-action from 2.1.36 to 2.1.37 by @dependabot in #596
• sensor cleanups by @kkourt in #581
• eventcache: update PodInfoError on pod error by @kkourt in #609
• build: Generate SBOM during image release by @sandipanpanda in #559
• helm: use a specific conf.d directory for --config-dir by @tixxdz in #599
• build(deps): bump golang from 1.19.2 to 1.19.4 by @dependabot in #607
• build(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 by @dependabot in #610
• loader: support larger verifier log sizes by @willfindlay in #595
• cgroups: ensure that cgroup IDs correlate with execve events by @tixxdz in #541
• tests/e2e: remove GKE auth plugin, it's deprecated by @willfindlay in #606
• ci: use large github runner by @willfindlay in #615
• ci/formatting: various improvements by @willfindlay in #617
• tetragon: Switch exit tracepoint to __put_task_struct kprobe by @olsajiri in #558
• build(deps): bump library/alpine from 3.16.2 to 3.17.1 by @dependabot in #614
• bpf:cgroups: error flags improvements by @tixxdz in #594
• tetragon: Use probe task instead of current in event_exit_send by @olsajiri in #630
• Fix SBOM image signing and update image siganture verification docs by @sandipanpanda in #618
• Minor improvements to the README by @mtardy in #632
• build(deps): bump golang from 1.19.4 to 1.19.5 by @dependabot in #623
• tetragon: disable gops server by default by @tixxdz in #642
• bpf_alignchecker.c: avoid unused var error by @dmitris in #637
• tetragon: Cleanup func_id/id mess in struct msg_generic_kprobe by @olsajiri in #604
• Add skb_adjust_room helper by @kevsecurity in #648
• tetragon: better config handling mechanism by @tixxdz in #635
• tetragon: loader sensor by @olsajiri in #573
• gettid wrapper by @dmitris in #639
• Update Makefile test target dependencies and run test as root by @mtardy in #649
• encoder: pretty print bpf events by @willfindlay in #650
• e2e-framework: force update when adding helm repo by @willfindlay in #644
• tetra: Add a GetFilter var in getevents, add documentation and tests by @mtardy in #643
• CRD examples: Replace invalid TracingPolicy names by @mtardy in #652
• tetragon: tarball deployment by @tixxdz in #647
• ci: pin docker buildx version to v0.9.1 by @willfindlay in #659
• ci: add make tarball check and release by @tixxdz in #665
• tetra: use field filters when reading via io_reader_client by @mtardy in #668
• pkg/config: add k8s validation on metadata.name by @mtardy in #661
• pkg/config: print name in validation error by @mtardy in #670
• eventchecker: implement checker names by @willfindlay in #662
• tetragon: Use lru.Cache for data events storage by @olsajiri in #382
• tetragon: bpf/Makefile fixes by @olsajiri in #602
• tetragon: log pinned bpf and maps status by @tixxdz in #666
• tetragon: couple bpf fixes by @olsajiri in #680
• data: silence annoying debug log messages by @willfindlay in #676
• fix the URL for the "first good issue" list by @dmitris in #685
• make:trivial: do sha256sum inside directory by @tixxdz in #687
• deployment: minor tarball uninstall fixes by @tixxdz in #684
• tetragon: set default value of release-pinned-bpf to true by @willfindlay in #689
• Changing bpf prog load, map create event names to be more descriptive by @sharlns in #667
• build(deps): bump github.com/emicklei/go-restful from 2.9.5+incompatible to 2.16.0+incompatible by @dependabot in #691
• build(deps): bump github.com/emicklei/go-restful from 2.9.5+incompatible to 2.16.0+incompatible in /pkg/k8s by @dependabot in #692
• tests/e2e: handle procRoot correctly in KinD clusters by @willfindlay in #688
• tests/e2e: add ability to reset checker limits and retry demo app installation by @willfindlay in #674
• tetragon: Minor include headers changes in loader by @olsajiri in #690
• tetragon: Fix bpf_printk for single string argument by @olsajiri in #693
• tetragon: Get proper exex cwd in case of no arguments by @olsajiri in #683
• Add start time to event cache object by @kevsecurity in #698
• runtime hooks support for tetragon by @kkourt in #695
• Improve README and document tracing policies by @mtardy in #673
• use go 1.19.6 by @kkourt in #715
• tetragon: introduce Cgroup ID Tracker by @tixxdz in #677
• update go modules (manually) by @kkourt in #717
• build(deps): bump actions/checkout from 3.2.0 to 3.3.0 by @dependabot in #611
• build(deps): bump fedora from 36 to 37 by @dependabot in #646
• tetragon: Fix action offset masking by @olsajiri in #720
• tetragon: cleanup grpc unix socket by @tixxdz in #716
• matchArgs: do not match on empty file by @tpapagian in #718
• logging: log observer status only once 24h and for non k8s by @tixxdz in #721
• tracing policies cleanups by @kkourt in #700
• Handle multiple URL and DNS selectors correctly by @kevsecurity in #719
• matchBinaries improvements by @tpapagian in #686
• Fix multiple file match bugs by @kevsecurity in #724
• tetra CLI: Fix rthook/create-container command arguments by @olsajiri in #710
• Unpin buildx version in CI by @mtardy in #735
• build(deps): bump docker/build-push-action from 3.2.0 to 4.0.0 by @dependabot in #732
• introduce policyfilter mechanism by @kkourt in #723
• build(deps): bump github.com/spf13/viper from 1.12.0 to 1.15.0 by @dependabot in #745
• Make functions in pkg/selectors/kernel.go public by @tpapagian in #742
• clang image: add support for arm64 and detect arch for BPF compilation by @mtardy in #743
• development Quality-of-Life updates by @kkourt in #748
• matchBinaries: Add NotIn in tracing policy by @tpapagian in #754
• Create MAINTAINERS.md by @xmulligan in #760
• build(deps): bump docker/setup-buildx-action from 2.2.1 to 2.4.1 by @dependabot in #741
• tetragon: Get rid of generic_process_event* functions by @olsajiri in #740
• build(deps): bump github.com/vishvananda/netlink from 1.1.1-0.20220125195016-0639e7e787ba to 1.2.1-beta.2 by @dependabot in #762
• kprobe: detect and add missing syscall arch prefix by @mtardy in #752
• build(deps): bump go.uber.org/multierr from 1.8.0 to 1.9.0 by @dependabot in #767
• build(deps): bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 by @dependabot in #768
• build(deps): bump golangci/golangci-lint from v1.50.1 to v1.51.2 by @dependabot in #769
• Export selector ops from pkg/selectors/kernel.go by @tpapagian in #763
• build(deps): bump library/alpine from 3.17.1 to 3.17.2 by @dependabot in #773
• build(deps): bump github.com/prometheus/client_golang from 1.12.2 to 1.14.0 by @dependabot in #772
• contrib: script for dependabot PRs that failed by @kkourt in #765
• pkg/cilium: retry if socket does not exist by @kkourt in #759
• trivial:doc: add code documentation for nspid when getting Pod info by @tixxdz in #775
• clang image: rework workflow to dry run on PR by @mtardy in #777
• fix char buff matchargs by @kkourt in #770
• Fix clang image build workflow SBOM step by @mtardy in #782
• Fixing the build clang image build workflow by @mtardy in #783
• Add a Tetragon documentation website and rename base folder crds into examples by @mtardy in #778
• Fix workflow to build docs from ./docs folder by @mtardy in #787
• Deploy docs if we manually trigger the workflow by @mtardy in #788
• Add support for arm64 for building, running and testing by @mtardy in #734
• build(deps): bump golang from 1.19.5 to 1.20.2 by @dependabot in #792
• Doc: temporary hugo baseURL fix to serve website by @mtardy in #798
• docs: use tetragon.cilium.io domain for website by @mtardy in #800
• namespaced tracing policies: core implementation by @kkourt in #749
• build(deps): bump library/alpine from 69665d0 to ff6bdca by @dependabot in #801
• tetragon: Export podInformer by @tpapagian in #799
• docs: improve namespace and caps changes filter doc by @tixxdz in #804
• Documentation: add a links checker to the CI by @mtardy in #805
• docs: missing space indent by @cjtim in #809
• Docs: add netlify config file to ignore non-docs related PRs by @mtardy in #814
• Workflow: fix netlify deploy preview by @mtardy in #815
• Cross-compile arm64 container images by @mtardy in #816
• Workflow: fix syntax of build image CI by @mtardy in #819
• tetragon: Add generic uprobe sensor by @olsajiri in #603
• tetragon: Fix multi kprobe attach data by @olsajiri in #832
• dependaboit-fail: check app/dependabot login by @kkourt in #803
• Makefile: add targets to build the docs via Docker by @mtardy in #839
• Add conditional Dockerfile stage to build or download bpftool by @mtardy in #837
• bugfix: matchBinaries in multiple selectors by @tpapagian in #774
• eventchecker: output checker names in event mismatches by @willfindlay in #840
• ignore .idea by @zhy76 in #829
• docs: add link to kubernetes style guide by @kkourt in #847
• build(deps): bump cilium/clang from aeaada5 to aeaada5 by @dependabot in #818
• build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 by @zhy76 in #849
• kprobes: add a prevalidate kprobe semantics phase by @tixxdz in #830
• build(deps): bump library/alpine from 3.17.2 to 3.17.3 by @dependabot in #855
• tetragon: move all cli flags to options.Config by @YTGhost in #858
• Helm chart: bump quay.io/cilium/hubble-export-stdout to v1.0.3 by @mtardy in #856
• build(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 by @dependabot in #771
• tetragon: Add --force-large-progs option to force large bpf programs by @olsajiri in #795
• Revert "build(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1" by @kkourt in #861
• Fix Netlify ignore command to trigger build previews only on docs PR by @mtardy in #846
• README: remove redundancy (trivial) by @kkourt in #863
• tetragon: Bench script and multi kprobe fixes by @olsajiri in #796
• ci: fixes for release automation by @willfindlay in #865
• build(deps): bump golangci/golangci-lint from v1.51.2 to v1.52.2 by @dependabot in #866
• build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.30.0 by @YTGhost in #842
• support for namespaced policies by @kkourt in #694
• selectors: Export newKernelSelectorState function by @tpapagian in #870
• Fix tests to run on arm64 by @mtardy in #871
• tetragon: load tracing policy provided by command line via sensor manager by @YTGhost in #857
• Makefile: set GOARCH to TARGET_ARCH only if GOARCH is unset by @mtardy in #880
• tetragon: use latest cilium module (v1.13.1) by @kkourt in #882
• Various Dockerfile cleanups by @mtardy in #843
• tetragon: post action parsing fix by @olsajiri in #879
• TracingPolicy examples: use portable symbols for syscalls by @mtardy in #886
• Docs: update the TracingPolicy reference for arm64 by @mtardy in #884
• fix: injecting Git version into tetragon-operator binary fails by @YTGhost in #890
• tetragon: Move matchBinaries filter to be executed earlier by @olsajiri in #833
• Tetra: split commands set between OS for portability by @mtardy in #883
• helm: recreate daemonset pod when configmap changes by @cjtim in #812
• use binary search to optimize performance by @Lan-ce-lot in #820
• test for retrieving exit code by @zhy76 in #852
• ci: update setup-go@v3 to v4 by @Lan-ce-lot in #864
• fixup server address when port is not present by @willfindlay in #896
• matchArgs improvements by @jrfastab in #901
• build(deps): bump ubuntu from 27cb6e6 to 67211c1 by @dependabot in #877
• build(deps): bump github/codeql-action from 2.1.37 to 2.2.11 by @dependabot in #897
• build(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.1 to 2.0.2 by @dependabot in #908
• Dockerfiles: use ENTRYPOINT instead of CMD by @mtardy in #887
• build(deps): bump google.golang.org/grpc from 1.53.0 to 1.54.0 by @zhy76 in #860
• pkg/encoder: make customized syscalls printers portable and add open/openat by @mtardy in #900
• pkg:observer: during stats printing check if total events is not zero by @tixxdz in #914
• build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 by @dependabot in #915
• Dependabot: update config for alpine-curl dep and new label name by @mtardy in #916
• build(deps): bump actions/upload-pages-artifact from 1.0.7 to 1.0.8 by @dependabot in #918
• pks/metrics: add syscall metrics by @kkourt in #924
• pkg/metrics: add event for tracing policy metrics by @kkourt in #927
• build(deps): bump golang from 1.20.2 to 1.20.3 by @dependabot in #923
• build(deps): bump actions/checkout from 3.3.0 to 3.5.2 by @dependabot in #926
• Add Flags To Raw Attach by @kevsecurity in #937
• tetragon: deal with duplicated tcpmon_map issue by @kkourt in #938
• tetragon: Add new NoPost and Signal actions by @olsajiri in #885
• Improvements in bugtool and metrics by @kkourt in #929
• tests: fail test when tracingpolicy parsing fails by @willfindlay in #947
• tetragon: Add documentation for Signal and NoPost actions by @olsajiri in #948
• bug-report-template: add an issue template for bug report by @YTGhost in #898
• tetragon: Add fail path for data events get_current_pid_tgid call by @olsajiri in #950
• tetragon: Allow to use data events for char_buf data by @olsajiri in #789
• Docs: add a try Tetragon on Linux getting-started tutorial and FAQ about running Tetragon on Mac by @mtardy in #899
• tetragon: handle process threads in clone and process_{exec|exit} events by @tixxdz in #941
• policyfilter: pod label filter support for tracing policies. by @kkourt in #945
• build(deps): bump peter-evans/close-issue from 2.2.0 to 3.0.1 by @dependabot in #943
• tetragon: we only need to find the BTF file skip creating it by @jrfastab in #961
• tetragon: release memory used for loading programs by @jrfastab in #962
• build(deps): bump github.com/containerd/containerd from 1.6.10 to 1.7.0 by @zhy76 in #904
• dependabot: fix a tag issue with alpine-curl image by @mtardy in #956
• e2e-framework: minor refactors to improve image dumps by @willfindlay in #963
• build(deps): bump golang from 1.20.3 to 1.20.4 by @dependabot in #966
• tetragon: Add support for and filter operation by @olsajiri in #940
• policyfilter: only deal with running containers by @kkourt in #968
• build(deps): bump docker/setup-buildx-action from 2.4.1 to 2.5.0 by @dependabot in #960
• Add documentation in the CRD for maxData and returnCopy flags and update doc by @mtardy in #965
• Add support to load LSM and Tracing programs by @tpapagian in #953
• tetragon: Add support for LT/GT operators for matchReturnArgs by @olsajiri in #949
• build(deps): bump ubuntu from 67211c1 to dfd64a3 by @dependabot in #969
• tetra: transparently handle unix or tcp gRPC socket by @tixxdz in #967
• github: add feature request issue template by @mtardy in #972
• build(deps): bump github.com/prometheus/client_model from 0.3.0 to 0.4.0 by @dependabot in #978
• Cleanup: update golangci-lint and fix new linters alerts by @mtardy in #976
• build(deps): bump library/alpine from 3.17.3 to 3.18.0 by @dependabot in #986
• Revert: tetragon: Switch exit tracepoint to __put_task_struct kprobe by @tpapagian in #987
• docs: add FAQ entry about CGO related issues in pkg/bpf by @mtardy in #981
• logcapture: use T.Log instead of T.Logf by @willfindlay in #988
• exec: Skip tests not comment them out by @tpapagian in #990
• docs: add last two Tetragon KubeCon EU 2023 prez by @mtardy in #993
• bugtool: skip non-object files from lib directory by @kkourt in #977
• fix[helm]: remove useless 'if' around a 'with' by @Vampouille in #944
• build(deps): bump golang.org/x/time from 0.2.0 to 0.3.0 by @dependabot in #985
• docs: add a "install tetra CLI" guide to getting started by @mtardy in #991
• tetragon: Use execve_map_get_noinit cgroup related code by @olsajiri in #984
• docs: add a script to export the generated API doc to references by @mtardy in #1009
• docs: add an FAQ entry about BTF requirement by @mtardy in #1006
• api: add comments on fields for reference docs by @mtardy in #959
• tetragon: Enable parallel build for bpf objects by @olsajiri in #1010
• tetragon: handle process threads in kprobes and tracepoints by @tixxdz in #946
• cleanup: remove mistakenly committed coverage artifacts by @mtardy in #999
• build(deps): bump actions/setup-go from 3.3.0 to 4.0.1 by @dependabot in #1000
• Deprecate the --config-file flag, replace with --tracing-policy and merge pkg/config with pkg/tracingpolicy by @mtardy in #998
• Docs: update docs design by @yasell in #931
• tests: rewrite pkg/sensors/exec:TestExitCode by @mtardy in #1015
• Add sock and skb matchArgs selectors by @kevsecurity in #1008
• docs: add a "deploy Tetragon on Kubernetes" guide and rework the existing systemd and container guides by @mtardy in #992
• docs: fix sticky header, TOC scrolling and add search bar by @yasell in #1026
• dependabot: remove ignore on tag name by @mtardy in #980
• build(deps): bump github.com/fatih/color from 1.14.1 to 1.15.0 by @dependabot in #1021
• Update cilium-builder image by @ferozsalam in #1013
• metrics: Show the latency needed to handle a msg per op by @tpapagian in #1011
• tetragon: Adding missing tid setup to HandleGenericEvent by @olsajiri in #1027
• tetragon: Factor execve sensor and fix process arguments reading by @olsajiri in #1002
• tetragon: Use do_task_dead probe for exit sensor by @olsajiri in #1012
• policyfilter improvements by @kkourt in #1038
• tests: filter unit tests by PID + fix pidSet bugs by @willfindlay in #997
• bugtool: dump the policyfilter map by @kkourt in #1047
• Tracing: Add optional labels to argument by @kevsecurity in #1051
• deps: add renovate to replace dependabot by @mtardy in #1036
• Add rate limiting to events by @kevsecurity in #1041
• Rename argRateLimit to rateLimit by @kevsecurity in #1057
• chore(deps): pin dependencies by @cilium-renovate in #1064
• fix goroutines leaking in tests by @kkourt in #1042
• logging: change log level dynamically by @tixxdz in #1048
• Tracing: Add socket tracking by @kevsecurity in #1060
• Update cilium-builder image by @ferozsalam in #1056
• tetragon: Remove unused cgo code for reading perf events by @olsajiri in #1061
• tetragon: tty monitoring by @olsajiri in #733
• update_pid_tid_from_sock: add always_inline attr by @kkourt in #1091
• Fix memory corruption bug by @kkourt in #1090

New Contributors

• @sandipanpanda made their first contribution in #517
• @zhiyu0729 made their first contribution in #519
• @krol3 made their first contribution in #484
• @sunnoy made their first contribution in #525
• @anjmao made their first contribution in #551
• @Y-dc made their first contribution in #568
• @cjtim made their first contribution in #809
• @zhy76 made their first contribution in #829
• @YTGhost made their first contribution in #858
• @Lan-ce-lot made their first contribution in #820
• @Vampouille made their first contribution in #944
• @yasell made their first contribution in #931
• @ferozsalam made their first contribution in #1013
• @cilium-renovate made their first contribution in #1064

Full Changelog: v0.8.3...v0.10.0-pre.2