zer0-1s
``` sudo fsprobe /tmp EVT TS PID TID UID GID CMD INODE MOUNTID RET MODE FLAG PATH ERROR[2023-03-02T17:49:54Z] couldn't start probe "rename": couldn't enable kprobe kprobe/vfs_rename: cannot write "p:pvfs_rename vfs_rename\n"...
 中文乱码
同问
Linux内核版本 ``` cat /proc/version Linux version 5.15.0-124-generic (buildd@lcy02-amd64-092) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.2) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #134~20.04.1-Ubuntu SMP Tue Oct 1 15:27:33 UTC 2024 ```
the same issue: 5.15.0-131-generic
修改pidhide.bpf.c ``` const volatile char pid_to_hide[MAX_PID_LEN] = ""; ``` 参考patch可以修改,完成编译操作
My idea is to test whether falco can detect container escape vulnerabilities. To quickly reproduce vulnerabilities, [metarget ](https://github.com/Metarget/metarget/tree/master)is used. And metarget has the best support for Ubuntu 18.04.
https://github.com/falcosecurity/falco/issues/1325 Refer to the discussion above,try to make on branch 0.24.0 of falco ``` git clone https://github.com/falcosecurity/falco.git cd falco mkdir -p build cd build cmake -DUSE_BUNDLED_DEPS=ON .. ``` still error...
dataset download link failed too
``` vagrant@master:~$ cat values.yaml | grep "ancestors" # -- Tetragon puts processes in an LRU cache. The cache is used to find ancestors # -- Comma-separated list of process event...