Leonardo Di Giovanna
Leonardo Di Giovanna
This is a tracking issue for all tasks related to extending the syscall exit events with the parameter coming from the corresponding syscall enter events. The consensus on this work...
**What type of PR is this?** > Uncomment one (or more) `/kind ` lines: /kind bug > /kind cleanup > /kind design > /kind documentation > /kind failing-test > /kind...
**What type of PR is this?** > Uncomment one (or more) `/kind ` lines: > /kind bug > /kind cleanup > /kind design > /kind documentation > /kind failing-test /kind...
This is a tracking issue for all works aiming to isolate the different libsinsp components from `sinsp`, as concerns raised in https://github.com/falcosecurity/libs/pull/2335 indicate that the work requires a more structured...
**Motivation** Currently, the CI uses a monolithic approach to build all the plugins, installing the dependencies needed by the build process of each plugin in a shared environment, and building...
The `krsi` plugin auxiliary buffer has some dependencies on external components (e.g.: shared_state and bpf helpers) that can be avoided). Moreover, it massively uses unsafe code and has some unsound...
**Describe the bug** `falco --list --markdown` reports `Event Sources: syscall` for fields applicable to any event type. **How to reproduce it** Install the latest Falco release (e.g.: 0.42.0-rc3) and run...
**What type of PR is this?** > Uncomment one (or more) `/kind ` lines: > /kind bug > /kind cleanup > /kind design > /kind documentation > /kind failing-test /kind...
wip: wip
**What type of PR is this?** > Uncomment one (or more) `/kind ` lines: > /kind bug > /kind cleanup > /kind design > /kind documentation > /kind failing-test /kind...
**Describe the bug** The current implementation doesn't support the evaluation of `evt.rawarg.*` filterchecks for parameters having specific underlying types. Specifically, it throws an exception for the followings: - ~~`PT_PID`~~ ->...