draios/sysdig 0.29.0

on GitHub

New features

• Full Plugins support! With colored output formatting, because we know you love it!
• Podman support
• Introduced a versioning between libscap and kernel drivers, that will allow in the future to properly tag libs release and avoid rebuilding kernel drivers when their version is not changed.
• Integrated back ~4months worth of work on libs, on par with Falco 0.31.1 release
• New syscalls: mprotect, execveat, copy_file_range, clone3

Bug Fixes

• eBPF fixes
• Security fixes
• Fixed cgroups v2 support in libscap, a bug that prevented pre-existing containers (prior to running sysdig) to be matched with their processes
• Fixed some container events related issues

Plugins info

• Same plugins that are used for Falco can be used for sysdig
• cmd line options, examples:
• • Register any found plugin from supported system folders and use dummy as input source passing to it open params:

$ sysdig -I dummy:'{"start":1,"maxEvents":10}'

• • Load and register dummy source plugin passing to it init config and open params:

sysdig -H dummy:'{"jitter":50}' -I dummy:'{"start":1,"maxEvents":10}'

• Moreover, you can also load plugins using a Falco plugin configuration file, by passing the --plugin-config-file cmdline option ()
• The --help usage text was updated with new informations.

I hope you will enjoy this new Sysdig release as much as we loved bringing it to you!