-
**Motivation**
We are missing logs for what a user is performing in a container. We have alerts if one does "dangerous" commands like `nc` but I want to use falco to generate a history of logs for …
-
**What to document**
We are happy to answer questions related to Falco + eBPF you may have.
The purpose of this issue is to answer questions about the underlying kernel driver technology maintai…
-
我执行```bpftool prog```命令看到了这些bpf程序,想要请教 """61: perf_event name bpf_perf_event tag 42b497adb6d498f9 gpl"""这个程序是怎么挂载的呢?作用是什么?因为最近碰到一个perf event ringbuf 内存访问错误的问题
```bash
# bpftool prog
4: kprobe …
-
Hello,
What is a purpose of invertion of result_status in _nss_exec_getpwent_r_locked ?
NSS_STATUS_SUCCESS is 1.
From the _nss_exec_getpwent_r_locked return will be NSS_STATUS_SUCCESS even if i…
-
[The `Write below binary dir` rule of Falco](https://github.com/falcosecurity/falco/blob/0.17.0/rules/falco_rules.yaml#L918) can't detect writes from containers (with bind-mounts), because `fd.directo…
-
Currently, `sysdig/userspace/libscap/scap_savefile.h` has:
// Major version of the file format supported by this library.
// Must be increased only when if the new version of the software
…
-
**Describe the bug**
Run [deepflow](https://github.com/deepflowio/deepflow) and falco ebpf mode
- If you start deepflow first, and then start falco, falco will report the following logs
```…
-
When I last forked off usptream (libs 0.15.x) the eBPF driver (legacy and modern_ebpf) continued to work wonderfully as they did did for almost 1.5 years.
However, now there seem to be serious iss…
-
**Motivation**
We used to depend on the generic way the libs used for attaching tracepoints in order to load our own directly to the syscalls we cared about. PR #1001 changed this behavior in favor…
-
```
21:04:17.936567615: Warning (evt_type=page_fault name= pid=-1 tid=32024 user_loginuid=-1 process= proc_exepath= parent= command= terminal=0 exe_flags=)
21:04:17.936566121: Warning (evt_type=pp…