falco

mirror of https://github.com/falcosecurity/falco.git synced 2025-08-31 06:10:45 +00:00

Author	SHA1	Message	Date
Jason Dellaluce	5f2bc6a2d3	fix(userspace/falco): properly handle termination at source opening failures Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	88c7202fdc	fix(userspace/falco): check conditions in right order Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	a98a1b2c4c	fix(userspace/falco/falco): allow output reopening to happen multiple times Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	77857a7236	fix(userspace/falco): solve warning Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	e011b3b5e5	chore(userspace/falco): fix typo Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	fd4d521a5f	fix(userspace/falco): make multi-source termination condition more stable Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	3f3386cfe0	fix(userspace/falco): make signal handlers safe with multi-threading Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 19:23:17 +02:00
Jason Dellaluce	11160f8463	fix(userspace): safely check string bounded access Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-11 11:23:15 +02:00
Stanley Chan	79d875c28f	cleanup(scripts): cleanup systemd unit in RPM installer Signed-off-by: Stanley Chan <pocketgamer5000@gmail.com>	2022-10-07 14:47:00 +02:00
Stanley Chan	7610ee53e5	cleanup(scripts): cleanup systemd unit in DEB installer Signed-off-by: Stanley Chan <pocketgamer5000@gmail.com>	2022-10-07 14:47:00 +02:00
Jason Dellaluce	3c02b40a21	chore(userspace/falco): make log message termination consistent Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 21:27:06 +02:00
Jason Dellaluce	e85a8c914f	chore(userspace/falco): move enabled sources list printout when capture is opened Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 21:27:06 +02:00
Jason Dellaluce	21c2b1f472	update(userspace/falco): use unordered_set where possible for faster lookups Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 21:27:06 +02:00
Jason Dellaluce	909f6d0961	chore(userspace/falco): make log messages formatting more consistent Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 21:27:06 +02:00
Jason Dellaluce	83a83a5853	update(userspace): pass string as const refs when possible Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 21:27:06 +02:00
Jason Dellaluce	b4ea2f4da2	fix(userspace/falco): stabilize termination signal handler Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 18:21:05 +02:00
Jason Dellaluce	59ba2f9aab	fix(userspace/falco): properly terminate threads Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 18:21:05 +02:00
Jason Dellaluce	32ec3240b4	fix(rules): add falco no-driver images to k8s_containers macro Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-06 15:44:10 +02:00
Andrea Terzolo	fbac2a9570	tests: fix broken tests Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-10-05 19:38:21 +02:00
Andrea Terzolo	805f0cdd78	chore: bump libs to latest release branch commit Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-10-05 19:38:21 +02:00
Federico Di Pierro	e68151eb07	chore(test,userspace/falco): fixed tests after libs bump. Moreover, try to create grpc socket folder path only if grpc is actually enabled. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>	2022-10-05 19:38:21 +02:00
Andrea Terzolo	ec7ddbbaf8	chore: bump libs/driver to pre-release tag Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-10-05 19:38:21 +02:00
Jason Dellaluce	663c1d073a	fix(userspace/falco): check plugin requirements when validating rule files Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-05 13:21:20 +02:00
Jason Dellaluce	bbb821fb8e	refactor(userspace/falco): move rules plugin requirements check in an internal funcion Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-05 13:21:20 +02:00
Jason Dellaluce	5781c53ddc	fix(userspace): add explicit constructors and initializations Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-10-03 13:04:15 +02:00
Andrea Terzolo	545b58ee14	update(open_inspector): use variable buffer dim in modern bpf Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-09-28 18:55:06 +02:00
Andrea Terzolo	cf83ff5447	chore: bump libs to latest master Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-09-28 18:55:06 +02:00
Andrea Terzolo	8d8e7622e1	update(cmd_line): put modern bpf to `false` Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-09-28 18:55:06 +02:00
Andrea Terzolo	fd097e94d7	new(cmdline): add support for modern BPF probe Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-09-28 18:55:06 +02:00
Luca Guerra	6634c896b7	fix(falco): print container info and gvisor info in the same way Signed-off-by: Luca Guerra <luca@guerra.sh>	2022-09-28 12:45:04 +02:00
spyder-kyle	38c823533c	Add PIDs to falco_rules.yaml rules Signed-off-by: Kyle Smith Hanna <kyle.smithhanna@spyderbat.com>	2022-09-27 10:51:00 +02:00
Andrea Terzolo	3aa9267b48	fix(syscall_buffer): set dimension if page size not available Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-09-27 10:47:59 +02:00
Andrea Terzolo	725714726d	update(configuration): define `m_syscall_buf_size_preset` as `uint16_t` improve also some logs for `m_syscall_buf_size_preset` configuration errors Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it> Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:47:59 +02:00
Andrea Terzolo	c9fa585801	update: address some review comments Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it> Co-authored-by: Leonardo Grasso <me@leonardograsso.com> Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>	2022-09-27 10:47:59 +02:00
Andrea Terzolo	90e4634a79	update(syscall_buffer_size): don't crash in case of `getpagesize` error Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it> Co-authored-by: Federico Di Pierro <nierro92@gmail.com>	2022-09-27 10:47:59 +02:00
Andrea Terzolo	b0b2f05eb5	new: configure syscall buffer dimension from Falco Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-09-27 10:47:59 +02:00
Jason Dellaluce	8aea0935c9	chore(userspace/engine): remove unused var Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00
Jason Dellaluce	9c240198a0	refactor(userspace/engine): refactor falco_engine with new loader defs Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00
Jason Dellaluce	f6f763fe84	refactor(userspace/engine): clean up rule collector Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00
Jason Dellaluce	9b5f3ee99e	refactor(userspace/engine): clean up rule compiler Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00
Jason Dellaluce	89e8f70de0	refactor(userspace/engine): clean up and rename rule reader Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00
Jason Dellaluce	b0f0105116	refactor(userspace/engine): clean up rule loader Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00
Jason Dellaluce	5f2267f716	update(userspace/engine): add new loader files to CMakeLists Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00
Jason Dellaluce	b65157af5e	refactor(userspace/engine): split rule loader git history (5) Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00
Jason Dellaluce	b2b1feb1f2	refactor(userspace/engine): split rule loader git history (4) Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00
Jason Dellaluce	b900e46dfe	refactor(userspace/engine): split rule loader git history (3) Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00
Jason Dellaluce	a98c9cdd20	refactor(userspace/engine): split rule loader git history (2) Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00
Jason Dellaluce	2a427925a0	refactor(userspace/engine): split rule loader git history (1) Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>	2022-09-27 10:42:59 +02:00
Andrea Terzolo	c0c37d87f5	fix(process_events): check the return value of `open_live_inspector` Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>	2022-09-20 18:07:30 +02:00
Andrea Terzolo	f57c67cc96	docs(falco.yaml): fix a typo Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it> Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com> Co-authored-by: Leonardo Grasso <me@leonardograsso.com>	2022-09-20 11:35:28 +02:00

1 2 3 4 5 ...

3249 Commits