chore(deps): Bump submodules/falcosecurity-rules

Bumps [submodules/falcosecurity-rules](https://github.com/falcosecurity/rules) from `e63b765` to `77d3237`. - [Release notes](https://github.com/falcosecurity/rules/releases) - [Commits](e63b765e23...77d3237058) --- updated-dependencies: - dependency-name: submodules/falcosecurity-rules dependency-version: 77d3237058d8ed37ef4e3f9127993fabb633d91b dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
ci: restore minimum set of required permissions
2026-04-02 18:12:15 +00:00 · 2026-04-02 16:03:37 +00:00 · 2026-04-01 11:28:39 +02:00 · 2026-04-01 09:42:39 +02:00
11 changed files with 40 additions and 10 deletions
--- a/.github/workflows/master.yaml
+++ b/.github/workflows/master.yaml
@@ -56,6 +56,9 @@ jobs:

  publish-dev-packages:
    needs: [fetch-version, test-dev-packages, test-dev-packages-arm64]
+    permissions:
+      id-token: write
+      contents: read
    uses: ./.github/workflows/reusable_publish_packages.yaml
    with:
      bucket_suffix: '-dev'
@@ -84,6 +87,10 @@ jobs:
    
  publish-dev-docker:
    needs: [fetch-version, build-dev-docker, build-dev-docker-arm64]
+    permissions:
+      attestations: write
+      id-token: write
+      contents: read
    uses: ./.github/workflows/reusable_publish_docker.yaml
    with:
      tag: master
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -96,6 +96,9 @@ jobs:

  publish-packages:
    needs: [release-settings, test-packages, test-packages-arm64]
+    permissions:
+      id-token: write
+      contents: read
    uses: ./.github/workflows/reusable_publish_packages.yaml
    with:
      bucket_suffix: ${{ needs.release-settings.outputs.bucket_suffix }}
@@ -125,6 +128,10 @@ jobs:

  publish-docker:
    needs: [release-settings, build-docker, build-docker-arm64]
+    permissions:
+      attestations: write
+      id-token: write
+      contents: read
    uses: ./.github/workflows/reusable_publish_docker.yaml
    secrets: inherit
    with:
--- a/cmake/modules/driver.cmake
+++ b/cmake/modules/driver.cmake
@@ -35,9 +35,9 @@ else()
 	# FALCOSECURITY_LIBS_VERSION. In case you want to test against another driver version (or
 	# branch, or commit) just pass the variable - ie., `cmake -DDRIVER_VERSION=dev ..`
 	if(NOT DRIVER_VERSION)
-		set(DRIVER_VERSION "7b08f8a0a12b56d59eab73052e637ca123623f61")
+		set(DRIVER_VERSION "ed3ac8a370d5a3d946ed735df40c85fc7395052e")
 		set(DRIVER_CHECKSUM
-			"SHA256=43c72a98e48d04177c8223ccdfe88de6f09958f2330b6b9ee26882f1a77e369f"
+			"SHA256=ef21c3e15038aa2ba2be5841e7cde0d6675ecffb6e2840468fe81418d97ec95f"
 		)
 	endif()

--- a/cmake/modules/falcosecurity-libs.cmake
+++ b/cmake/modules/falcosecurity-libs.cmake
@@ -42,9 +42,9 @@ else()
 	# version (or branch, or commit) just pass the variable - ie., `cmake
 	# -DFALCOSECURITY_LIBS_VERSION=dev ..`
 	if(NOT FALCOSECURITY_LIBS_VERSION)
-		set(FALCOSECURITY_LIBS_VERSION "7b08f8a0a12b56d59eab73052e637ca123623f61")
+		set(FALCOSECURITY_LIBS_VERSION "ed3ac8a370d5a3d946ed735df40c85fc7395052e")
 		set(FALCOSECURITY_LIBS_CHECKSUM
-			"SHA256=43c72a98e48d04177c8223ccdfe88de6f09958f2330b6b9ee26882f1a77e369f"
+			"SHA256=ef21c3e15038aa2ba2be5841e7cde0d6675ecffb6e2840468fe81418d97ec95f"
 		)
 	endif()

--- a/falco.yaml
+++ b/falco.yaml
@@ -1180,7 +1180,7 @@ metrics:
  # (a.k.a. the threadtable).
  state_counters_enabled: true
  # -- Add kernel side event and drop counters to metrics output.
-  # This isan alternative to `syscall_event_drops`, but with some differences.
+  # This is an alternative to `syscall_event_drops`, but with some differences.
  # These counters reflect monotonic values since Falco's start and are exported at a
  # constant stats interval.
  kernel_event_counters_enabled: true
@@ -1200,6 +1200,10 @@ metrics:
  # Please note that if the respective plugin has no metrics implemented,
  # there will be no metrics available.
  plugins_metrics_enabled: true
+  # -- Add kernel side iterator event and drop counters to metrics output.
+  # These counters reflect monotonic values since Falco's start and are exported at a
+  # constant stats interval.
+  kernel_iter_event_counters_enabled: true
  # -- Add jemalloc stats to metrics output.
  # This option requires that Falco is built with jemalloc support, otherwise
  # it will have no effect.
--- a/submodules/falcosecurity-rules
+++ b/submodules/falcosecurity-rules
--- a/userspace/engine/falco_engine_version.h
+++ b/userspace/engine/falco_engine_version.h
@@ -20,7 +20,7 @@ limitations under the License.

 // The version of this Falco engine
 #define FALCO_ENGINE_VERSION_MAJOR 0
-#define FALCO_ENGINE_VERSION_MINOR 60
+#define FALCO_ENGINE_VERSION_MINOR 61
 #define FALCO_ENGINE_VERSION_PATCH 0

 #define FALCO_ENGINE_VERSION                                                               \
@@ -36,4 +36,4 @@ limitations under the License.
 // It represents the fields supported by this version of Falco,
 // the event types, and the underlying driverevent schema. It's used to
 // detetect changes in engine version in our CI jobs.
-#define FALCO_ENGINE_CHECKSUM "17c1ac99576c032a58895a10f7091cf777008a1059b7f1bff3c78a6451b17fdf"
+#define FALCO_ENGINE_CHECKSUM "cff88efbc5ebf54d4a0763342ac480da48880d9c6edf9f65c65cda5c1b1fdc7c"
--- a/userspace/falco/config_json_schema.h
+++ b/userspace/falco/config_json_schema.h
@@ -569,6 +569,9 @@ const char config_schema_string[] = LONG_STRING_CONST(
                "plugins_metrics_enabled": {
                    "type": "boolean"
                },
+            	"kernel_iter_event_counters_enabled": {
+					"type": "boolean"
+				},
                "convert_memory_to_mb": {
                    "type": "boolean"
                },
--- a/userspace/falco/configuration.cpp
+++ b/userspace/falco/configuration.cpp
@@ -590,6 +590,9 @@ void falco_configuration::load_yaml(const std::string &config_name) {
 	if(m_config.get_scalar<bool>("metrics.plugins_metrics_enabled", true)) {
 		m_metrics_flags |= METRICS_V2_PLUGINS;
 	}
+	if(m_config.get_scalar<bool>("metrics.kernel_iter_event_counters_enabled", true)) {
+		m_metrics_flags |= METRICS_V2_KERNEL_ITER_COUNTERS;
+	}
 	if(m_config.get_scalar<bool>("metrics.jemalloc_stats_enabled", true)) {
 		m_metrics_flags |= METRICS_V2_JEMALLOC_STATS;
 	}
--- a/userspace/falco/falco_metrics.cpp
+++ b/userspace/falco/falco_metrics.cpp
@@ -59,6 +59,8 @@ namespace fs = std::filesystem;
    - `libbpf_stats_enabled` -> Resides in libs; must be retrieved by the syscalls inspector;
      not available for other inspectors.
    - `plugins_metrics_enabled` -> Must be retrieved for each inspector.
+    - `kernel_iter_event_counters_enabled` -> Resides in libs; must be retrieved by the syscalls
+      inspector; not available for other inspectors.
    - `jemalloc_stats_enabled` -> Agnostic; resides in falco; inspector is irrelevant;
      only performed once.
 */
@@ -308,6 +310,7 @@ std::string falco_metrics::sources_to_text_prometheus(
 		// kernel_event_counters_enabled
 		// kernel_event_counters_per_cpu_enabled
 		// libbpf_stats_enabled
+		// kernel_iter_event_counters_enabled
 		auto metrics_collector =
 		        libs::metrics::libs_metrics_collector(source_inspector.get(),
 		                                              state.config->m_metrics_flags);
--- a/userspace/falco/stats_writer.cpp
+++ b/userspace/falco/stats_writer.cpp
@@ -485,6 +485,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
 		// state_counters_enabled
 		// kernel_event_counters_enabled
 		// libbpf_stats_enabled
+		// kernel_iter_event_counters_enabled

 		// Refresh / New snapshot
 		auto& libs_metrics_collector = m_writer->m_libs_metrics_collectors[src];
@@ -508,7 +509,8 @@ void stats_writer::collector::get_metrics_output_fields_additional(
 			char metric_name[METRIC_NAME_MAX] = "falco.";
 			if((metric.flags & METRICS_V2_LIBBPF_STATS) ||
 			   (metric.flags & METRICS_V2_KERNEL_COUNTERS) ||
-			   (metric.flags & METRICS_V2_KERNEL_COUNTERS_PER_CPU)) {
+			   (metric.flags & METRICS_V2_KERNEL_COUNTERS_PER_CPU) ||
+			   (metric.flags & METRICS_V2_KERNEL_ITER_COUNTERS)) {
 				strlcpy(metric_name, "scap.", sizeof(metric_name));
 			}
 			if(metric.flags & METRICS_V2_PLUGINS) {
@@ -624,7 +626,8 @@ void stats_writer::collector::collect(const std::shared_ptr<sinsp>& inspector,
 			// Note: src is static for live captures
 			if(src != falco_common::syscall_source) {
 				flags &= ~(METRICS_V2_KERNEL_COUNTERS | METRICS_V2_KERNEL_COUNTERS_PER_CPU |
-				           METRICS_V2_STATE_COUNTERS | METRICS_V2_LIBBPF_STATS);
+				           METRICS_V2_STATE_COUNTERS | METRICS_V2_LIBBPF_STATS |
+				           METRICS_V2_KERNEL_ITER_COUNTERS);
 			}
 			m_writer->m_libs_metrics_collectors[src] =
 			        std::make_unique<libs::metrics::libs_metrics_collector>(inspector.get(), flags);