cilium/tetragon v0.8.1

on GitHub

What's Changed

• readme: fix minor issues in quickstart by @willfindlay in #20
• Use quay.io/cilium/hubble-export-stdout by @michi-covalent in #22
• workflow: add scripts to make local development with kind easier by @willfindlay in #21
• selectors: fix missing bounds check on int conversion by @willfindlay in #25
• encoder: Update TCP event format by @michi-covalent in #23
• Vagrantfile: install libcap-dev for Makefile by @dmitris in #28
• metrics: add a per-exec-id counter for missing parents by @willfindlay in #24
• DEVELOP.md: list requirements by @kkourt in #27
• codegen: clean up codegen package by @willfindlay in #30
• static-check: Run checkpatch.pl by @michi-covalent in #31
• Fixed README command example by @ekoops in #32
• doc: add first development guide by @tixxdz in #29
• README: Add GKE support by @michi-covalent in #34
• Added note for logging multiple tetragon pods by @MarwanNour in #38
• use CONTAINER_ENGINE variable instead of literal 'docker' by @dmitris in #42
• fix default DOCKER_DEV_ACCOUNT by @dmitris in #43
• kprobe/process: silence verbose warnings + add metrics by @willfindlay in #37
• Remove -static flag by @dmitris in #44
• improved fork handling by @kkourt in #35
• helm: make gRPC and metrics address/port configurable by @willfindlay in #41
• Add LICENSE by @dgkncelik in #48
• README: fix tetragon-cli installation instructions by @tklauser in #49
• Setup CI to build multi-arch images with arm64 support by @chancez in #50
• Revert "Setup CI to build multi-arch images with arm64 support" by @kkourt in #55
• metrics: split metrics into separate packages by @willfindlay in #51
• docs(README): add dark logo option by @raphink in #58
• remove last \ in gcloud container clusters create by @leewalter in #54
• Changed the download URL for tetragon-cli in README.md by @tnorlin in #52
• ci: move checkpatch to its own job and add some exceptions by @willfindlay in #61
• README updates by @tgraf in #62
• Abstract bpf_exit by @kevsecurity in #60
• metrics: export raw metric maps by @willfindlay in #65
• go.mod, vendor: switch back to upstream cilium/ebpf by @tklauser in #63
• .github: add dependabot configuration by @tklauser in #64
• README.md: Install using Helm chart from helm.cilium.io by @michi-covalent in #66
• chore: add CODEOWNERS by @willfindlay in #72
• build(deps): bump github.com/prometheus/client_golang from 1.11.0 to 1.12.2 by @dependabot in #70
• build(deps): bump docker/login-action from 1.10.0 to 2 by @dependabot in #69
• Fix for NotIn operator in matchCapabilities selector by @tpapagian in #77
• Fix for NotIn operator in matchCapabilityChanges selector by @tpapagian in #78
• vendor: Pick up cilium v1.9.16 by @michi-covalent in #83
• makefile: make LOCAL_CLANG=0 the default by @willfindlay in #81
• Add Additional Resources to README by @sharlns in #84
• build(deps): bump actions/download-artifact from 2.0.10 to 3 by @dependabot in #75
• build(deps): bump actions/checkout from 2 to 3.0.2 by @dependabot in #85
• vendor: upgrade yaml.v3 to v3.0.0 by @willfindlay in #86
• Format README: add missing process_kprobe JSON event by @sharlns in #87
• build(deps): bump github.com/fatih/color from 1.7.0 to 1.13.0 by @dependabot in #76
• tests/eventchecker: code generate eventchecker library by @willfindlay in #80
• build(deps): bump github/codeql-action from 2.1.9 to 2.1.11 by @dependabot in #89
• checker fixes by @kkourt in #93
• testing fixes. by @kkourt in #94
• tetragon declutter sensors and decouple spec from core by @jrfastab in #88
• build(deps): bump golangci/golangci-lint-action from 2.5.2 to 3.2.0 by @dependabot in #98
• Fix runtime panic when config file is empty by @Furisto in #99
• tetragon: Remove extra Program and Map structs after split by @olsajiri in #100
• build(deps): bump google.golang.org/grpc from 1.44.0 to 1.46.2 by @dependabot in #97
• build(deps): bump actions/upload-artifact from 2 to 3.1.0 by @dependabot in #107
• bpf: use 'tetragon' as prefix for maps and progs on the bpffs by @tixxdz in #95
• build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 by @dependabot in #106
• fix: (helm) service template now respects defined port and is only templated if prometheus is enabled by @rafaribe in #101
• codegen: remove invalid generics by @willfindlay in #112
• Update description of CRD parameters by @Furisto in #109
• test improvements, and avoiding retries in event tests by @kkourt in #103
• build(deps): bump docker/build-push-action from 2.5.0 to 3 by @dependabot in #115
• codegen: use new cilium-builder image by @rolinh in #111
• tests: split json checker out of observer by @willfindlay in #105
• tetragon: Pull Default loader out of observer by @jrfastab in #119
• tetragon: extract protobuf from the dns cache by @jrfastab in #120
• tetragon: Add event config map by @olsajiri in #53
• eventchecker: simplify yaml spec for eventchecker by @willfindlay in #123
• Fix typo by @Taction in #125
• Path resolution improvements by @tpapagian in #90
• add test for namespaces and fix bug on 5.4 and below by @willfindlay in #110
• fix(helm): Support command override in exporter container #118 by @mrtc0 in #121
• ci: various improvements by @willfindlay in #122
• build(deps): bump github/codeql-action from 2.1.11 to 2.1.12 by @dependabot in #117
• operator: fix tool name in log output by @tklauser in #128
• dockerignore: fixes + add doc comments by @willfindlay in #131
• build(deps): bump github.com/google/go-cmp from 0.5.6 to 0.5.8 by @dependabot in #114
• chore: remove accidentally checked in file by @willfindlay in #135
• checkpatch: ignore OPEN_ENDED_LINE and PREFER_KERNEL_TYPES by @willfindlay in #134
• build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 by @dependabot in #132
• Don't truncate Ktime to milliseconds by @sharlns in #136
• codegen/helpers: fix name inference for oneof codegen by @willfindlay in #140
• pkg:option: include ReadDirConfig() and remove cilium pkg option import by @tixxdz in #96
• tetragon: Adding support to store full binary path and arguments by @olsajiri in #116
• contrib/localdev: improvements and bug fixes by @willfindlay in #130
• build(deps): bump github.com/spf13/cobra from 1.1.3 to 1.4.0 by @dependabot in #139
• tests/exec: bump longpath version check to 5.16 by @willfindlay in #149
• build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #148
• contrib/verify: touch verify.sh by @willfindlay in #144
• Update Chapter 4 Prevention Policies by @sharlns in #126
• codegen: codegen generic event and response interfaces + usability improvements for helpers.pb.go by @willfindlay in #129
• tetragon: Disable long path/args retrieval for 4.19 kernels by @olsajiri in #150
• tetragon: Fix retkprobe loading on 4.19 by @olsajiri in #151
• btf, kernels: use unix.ByteSliceToString to simplify []byte -> string conversion by @tklauser in #157
• support raw_syscalls tracepoint by @kkourt in #160
• build: use upstream clang instead of forked version for BPF programs by @willfindlay in #146
• Revert "build: use upstream clang instead of forked version for BPF programs" by @willfindlay in #165
• Remove dup() test from TestCopyFd by @tpapagian in #161
• Fix CopyFD test by @tpapagian in #168
• tetragon: cilium ebpf update by @olsajiri in #166
• build(deps): bump github.com/spf13/viper from 1.7.0 to 1.12.0 by @dependabot in #153
• Docs: Use URLs for kubectl apply demo commands instead of relative paths by @dnsmichi in #163
• Fixes to pass VSCode Intellisence checks by @kevsecurity in #175
• chore: fix vendoring by @willfindlay in #176
• build(deps): bump github.com/google/gops from 0.3.14 to 0.3.23 by @dependabot in #173
• add overview diagram to Tetragon README by @xmulligan in #180
• build(deps): bump github/codeql-action from 2.1.12 to 2.1.14 by @dependabot in #186
• codegen misc by @kkourt in #162
• Update Tetragon Clusterrole by @sharlns in #192
• clusterrole: add get and list verbs by @willfindlay in #197
• tetragon: Teach file writer to exit gracefully by @jrfastab in #185
• tetragon: Remove unused variables by @olsajiri in #183
• tetragon: Replace cgo loader with cilium/ebpf library by @olsajiri in #141
• Update typo in README by @ChaosInTheCRD in #196
• Document better path resolution code introduced in PR #90 by @tpapagian in #188
• helm/rbac: split crd create permissions by @willfindlay in #201
• build/docs: simplify build process and add documentation by @willfindlay in #177
• Update the current clusterrole by @sharlns in #195
• chore: add event_config alignment check by @Forsworns in #200
• fix: misalignment in execve_map by @Forsworns in #206
• [docs] Correct name to Tetragon by @lizrice in #212
• tetragon: Check the returned data length for exec arguments by @olsajiri in #211
• create symlinks for libbpf.so for podman by @dmitris in #217
• doc: remove invalid whitespaces in proto file by @Forsworns in #210
• Call go test only for directories that contain at least one test by @tpapagian in #215
• Run alignchecker as part of unit tests by @tpapagian in #216
• map: expose inner map by @willfindlay in #222
• tetragon: Force libbpf link creation by @olsajiri in #224
• Export HandleData from pkg/data/data.go by @tpapagian in #227
• Vagrantfile: bump Go version to 1.17 by @mtardy in #228
• tetragon: improve protobuf usage to remove monolithic proto definitions by @jrfastab in #213
• Tetra: fix a typo in tracingpolicy command short description by @mtardy in #232
• build(deps): bump github/codeql-action from 2.1.14 to 2.1.16 by @dependabot in #234
• tetragon: create api go module for tooling by @jrfastab in #231
• tetragon: Process Manager args cleanup by @jrfastab in #236
• updated command and args override for stdout-export by @michaelhyatt in #155
• tetragon: Add Get() execCache and allow only single cache by @jrfastab in #241
• tetragon: avoid segfault of eventcache is disabled by @jrfastab in #243
• tetragon: Avoid passing dir options around and add them to option by @jrfastab in #242
• tetragon: Add K8s API go.mod for tooling by @jrfastab in #248
• sensors tests improvements by @kkourt in #237
• eventchecker: fix broken codegen for map checker by @michi-covalent in #257
• eventchecker: fix type mismatch bug in argument checkers by @willfindlay in #240
• kprobes: matchArgs improvements (for fd/file) by @tpapagian in #235
• README: Remove --release-channel GKE flag by @michi-covalent in #251
• filters: Add arguments_regex filter by @michi-covalent in #249
• ci/checkpatch: remove SPDX warning by @willfindlay in #258
• tetragon: libbpf removal by @olsajiri in #199
• Implement pod label filter by @michi-covalent in #254
• eventchecker: add support for checking map[string]string by @willfindlay in #260
• chore: fix vendor target and run make vendor by @willfindlay in #263
• exec: fix cache for pod info by @willfindlay in #264
• pkg:sensors: simplify GetRunningProcs() when we read running processes by @tixxdz in #233
• bpf: replace arch-specific pt_regs assumptions with bpf co-re macros by @Forsworns in #209
• tests: introduce end-to-end test framework by @willfindlay in #226
• tests/e2e: add an end-to-end tests for pod labels by @willfindlay in #265
• tests/e2e: only install cilium if it is missing by @willfindlay in #269
• Create temp directories for all tests in kprobes by @tpapagian in #255
• tests/kprobe: remove unused const by @willfindlay in #271
• filters: implement pod regex filter + misc fixes by @willfindlay in #270
• Fix for verifier issue in 5.4 with clang-13 by @tpapagian in #221
• tetragon: unify eventcache and execcache by @willfindlay in #266
• tetragon: Add -cpuprofile option by @olsajiri in #267
• tetragon: Rename entry point of retkprobe function by @olsajiri in #268
• tests: use T.TempDir to create temporary test directory by @Juneezee in #272
• add support for bpf_attr type by @jrfastab in #275
• Add tests for pkg/grpc/exec by @tpapagian in #218
• Remove 'packed' attribute where possible by @kevsecurity in #279
• Make relax_verifier() into one instruction by @kevsecurity in #280
• tetragon: Update eventcache on New() call and cleanup old state by @jrfastab in #282
• e2e-framework: fix panic and bump event limit on demo app test by @willfindlay in #284
• Fix bugtool upload by @tpapagian in #289
• refactor: eliminate variables by BPF_CORE_READ_INTO by @Forsworns in #214
• make: add makefile targets to .PHONY targets by @tixxdz in #294
• Add a unit test for missing exec event in the eventcache by @tpapagian in #283
• metrics: add watcher metrics by @willfindlay in #287
• contrib: introduce mapdups.sh by @willfindlay in #290
• Cleanup path resolution code by @tpapagian in #293
• Add unit-tests for clone events by @tpapagian in #295
• eventcachemetrics: fix eventcache and add error metrics by @willfindlay in #291
• Add test for tracing bpf_check by @sarahfujimori in #281
• eventcache: remove event.internal nil check for exec events by @willfindlay in #297
• build: use clang-13 to build bpf programs by @willfindlay in #171
• Add unit-test for parent and child process refcounts by @tpapagian in #298
• tetragon: Fix cache usage of logger by @jrfastab in #300
• tetragon: Update development docs about tools by @olsajiri in #302
• Add unit-tests for missing pod info events by @tpapagian in #299
• use go 1.18 by @kkourt in #301
• VM multi-kernel testing using little-vm-helper by @kkourt in #256
• ci/vmtest: add concurrency groups by @willfindlay in #308
• Dockerfille(s): use cilium-builder with go 1.18 by @kkourt in #305
• chore: use proper sha256 values for go images by @kkourt in #312
• tetragon: refactor eventCache retry logic by @jrfastab in #310
• devel README.md: add podman instructions by @dmitris in #306
• vmtests: increase groups to 5 by @kkourt in #307
• add volume mounting ':Z' label by @dmitris in #309
• Add more unit-tests with OOO events and missing pod info by @tpapagian in #313
• ci/vmtest: disable fail-fast on test matrix by @willfindlay in #316
• vmtests: address RCU stalls by @kkourt in #317
• chore: fix capitalization TETRAGON -> Tetragon by @willfindlay in #320
• vmtests fixes and improvements by @kkourt in #323
• Make events with missing parents go through eventcache by @tpapagian in #318
• tetragon: before parsing environment vars replace "-" with "_" by @tixxdz in #319
• btf: improve logging around BTF files lookup by @tixxdz in #314
• exec: log results of docker or container ID lookup during execve events by @tixxdz in #321
• build(deps): bump docker/build-push-action from 3.0.0 to 3.1.1 by @dependabot in #292
• api/codegen: code generate tetragon_ext types and helpers by @willfindlay in #326
• tetragon: Add bpf program loader tests by @olsajiri in #244
• tests/e2e: dump extra checker info by @willfindlay in #315
• build(deps): bump github/codeql-action from 2.1.16 to 2.1.18 by @dependabot in #327
• Dockerfile: incude tetragon version in the image by @kkourt in #329
• tetragon: handling clone events and exec events more correctly by @jrfastab in #325
• tetragon: Do not fail because of the empty map ids by @olsajiri in #330
• tests/e2e: dump checker type along with event body by @willfindlay in #333
• change Vagrant image to ubuntu/jammy64 by @dmitris in #331
• tetra cli: add more filters and a timestamps flag by @willfindlay in #336
• encoder: improve api to make it more generic by @willfindlay in #337
• gitignore .vagrant directory by @dmitris in #338
• Podman-friendly CONTAINER_ENGINE setting by @dmitris in #341
• chore: move multiplexer into its own package by @willfindlay in #335
• ci/codeql: change runner version by @willfindlay in #346
• Add UnloadHook to Sensors by @kevsecurity in #332
• color: make ProcessInfo public by @willfindlay in #347
• tetragon: cgroup rework preparation by @tixxdz in #343
• dependabot: Monitor Dockerfiles by @michi-covalent in #351
• tetragon: Add memprofile option by @olsajiri in #349
• remove time.After calls in for loops by @willfindlay in #358
• tests/e2e: more debug info on dumps by @willfindlay in #357
• Do not increase open file descriptors limit by @tpapagian in #354
• trace perf event alloc by @sarahfujimori in #350
• Re-enable copyfd test in vmtests by @tpapagian in #355
• tetragon: Debug output fixes by @olsajiri in #334
• chore: fix image-clang build issues by @willfindlay in #363
• Remove pkg.grpc.exec from vmtests by @tpapagian in #356
• tetragon: Allow retry logic for clone events by @olsajiri in #362
• tetragon: execve map related fixes by @olsajiri in #370
• tetragon: make gops address configurable by @willfindlay in #371
• metrics: add missing process info error metric by @willfindlay in #372
• Dockerfile.golangci-lint: remove hubble-libbpf use by @kkourt in #366
• build(deps): bump library/alpine from 3.15.4 to 3.16.2 by @dependabot in #373
• Remove hubble-libbpf repository by @michi-covalent in #375
• tetragon: execve_map fixes by @olsajiri in #377
• Cleanup in selectors/kernel.go by @tpapagian in #379
• tests/e2e: dump gops information at the end of failed tests by @willfindlay in #380
• build(deps): bump golangci/golangci-lint from v1.45.2 to v1.49.0 by @dependabot in #376
• Add Exec Test For Docker/Container ID by @kevsecurity in #387
• tests/e2e: improvements to testing workflow by @willfindlay in #385
• tests: remove deprecated verbosity-level and add trace flag by @willfindlay in #388
• Push to tetragon-ci:latest on push to main by @michi-covalent in #386
• build-images-ci: Remove comments from tags section by @michi-covalent in #389
• tetragon: Switch to BTF defined maps by @olsajiri in #367
• cgroups: select which cgroup hierarchy and subsystem state to use by @tixxdz in #369
• sensor cleanups by @kkourt in #381
• tetragon: Update cilium/ebpf to 0.9.1 version by @olsajiri in #392
• tetragon: Revert "observer_test_helper: do not pass the base sensor" by @jrfastab in #400
• docs: add pure container and docker deployment steps by @tixxdz in #384
• refactor: move from io/ioutil to io and os packages by @Juneezee in #402
• sandbox: add crds to sandbox unprivileged user namespace by @tixxdz in #399
• logging: slight improvement to observer logging by @willfindlay in #407
• tests:cgroups: tests for cgroups package by @tixxdz in #401
• Make pfilter.h more generic by @tpapagian in #403
• testutils: fix export file when test name contains path separator by @willfindlay in #412
• filters: fix event type filters by @willfindlay in #404
• build(deps): bump docker/build-push-action from 3.0.0 to 3.1.1 by @dependabot in #340
• sensor pinning fixes (and misc updates) by @kkourt in #409
• Add a function to load (but not attach) an eBPF program by @tpapagian in #405
• ci/dependabot: add release blocker label on dependabot PRs by @willfindlay in #390
• tests/e2e: move cilium-e2e packages into Tetragon by @willfindlay in #361
• tetragon: Remove wrong error message by @olsajiri in #416

New Contributors

• @dmitris made their first contribution in #28
• @ekoops made their first contribution in #32
• @tixxdz made their first contribution in #29
• @MarwanNour made their first contribution in #38
• @dgkncelik made their first contribution in #48
• @tklauser made their first contribution in #49
• @chancez made their first contribution in #50
• @raphink made their first contribution in #58
• @leewalter made their first contribution in #54
• @tnorlin made their first contribution in #52
• @tgraf made their first contribution in #62
• @kevsecurity made their first contribution in #60
• @dependabot made their first contribution in #70
• @jrfastab made their first contribution in #88
• @Furisto made their first contribution in #99
• @olsajiri made their first contribution in #100
• @rafaribe made their first contribution in #101
• @rolinh made their first contribution in #111
• @Taction made their first contribution in #125
• @mrtc0 made their first contribution in #121
• @dnsmichi made their first contribution in #163
• @ChaosInTheCRD made their first contribution in #196
• @Forsworns made their first contribution in #200
• @mtardy made their first contribution in #228
• @michaelhyatt made their first contribution in #155
• @Juneezee made their first contribution in #272
• @sarahfujimori made their first contribution in #281

Full Changelog: v0.8.0...v0.8.1