Support container event to denote container starts (#550)

* Add support for container metaevent to detect container spawning Create a new macro "container_started" to check both the old and the new check. Also, only look for execve exit events with vpid=1. * Use TBB_INCLUDE_DIR for consistency w sysdig,agent Previously it was a mix of TBB_INCLUDE and TBB_INCLUDE_DIR. * Build using matching sysdig branch, if exists
2025-09-12 21:16:33 +00:00 · 2019-03-08 13:23:10 -08:00
parent 3edd39e625
commit 5740186280
5 changed files with 19 additions and 12 deletions
--- a/userspace/engine/CMakeLists.txt
+++ b/userspace/engine/CMakeLists.txt
@@ -22,6 +22,7 @@ include_directories("${PROJECT_BINARY_DIR}/userspace/engine")
 include_directories("${LUAJIT_INCLUDE}")
 include_directories("${NJSON_INCLUDE}")
 include_directories("${CURL_INCLUDE_DIR}")
+include_directories("${TBB_INCLUDE_DIR}")

 add_library(falco_engine STATIC
 	rules.cpp