-
bpf core
- stringmap {?}
- bounded loops { DanielB }
- func calls and indirect calls { @4ast }
- C-Type Format : kernel { @iamkafai } bcc { @drzaeus77 }
- lsm hooks { android folks }
- read only…
-
## CVE-2021-3411 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.238
The Linux Kernel
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Fou…
-
Hi there.
how can I use seccomp and prctl syscall vs bcc to interception syscalls?
Is there another way to achieve this goal with bcc ??
-
We've discussed this before, but I'm not sure we wrote anything down anywhere. So I'll create a ticket.
funccount with hundreds of probes takes tens of seconds to detach them. It gets annoying.
…
-
### What reproduces the bug?
```sh
sudo bpftrace -e 'enum foo { BAR }; struct MyStruct { int y[4]; } BEGIN {printf("%d\n", BAR); $s = (struct MyStruct *) 0; $s->y[BAR]; }'
```
Results in
```
st…
sktt updated
10 months ago
-
In some environments (e.g. virtual machine with Kind) require also the CAP_SYS_ADMIN capabilities. We are currently not testing for this capability and in these cases, Beyla may fail after the capabil…
-
Right now, any config with the system/socket module enabled will fail on Fedora 40, kernel 6.9.8, as auditbeat itself will completely hang during startup, sending a sigquit will get you this:
```
sy…
-
While working on #2334, I realized that we'll need to significantly change the way we do probe expansion, so I'm opening an RFC to see what other people opinions are, before I start implementing it.
…
-
## CVE-2021-3411 - Medium Severity Vulnerability
Vulnerable Library - linuxv4.19
Linux kernel source tree
Library home page: https://github.com/torvalds/linux.git
Found in HEAD commit: d80c4f847c91…
-
We have a bunch of libbpf tools require features like `fentry` / `tp_btf` which only available on kernel v5.5+.
Running these tools on old kernels result in EINVAL. Instead of error out, we can fallb…