Use --modern-bpf as a fallback when /dev/scap0 does not exist?

draios / sysdig

Linux system exploration and troubleshooting tool with first class support for containers

http://www.sysdig.com/

Other

7.74k stars 729 forks source link

Use --modern-bpf as a fallback when /dev/scap0 does not exist? #2094

Open Apteryks opened 4 months ago

Apteryks commented 4 months ago

Hello,

I've built sysdig with falcosecurity-libs that were built with the eBPF support only (modern BPF). I did not build the kernel driver. I find it strange/inconvenient that I need to remember to use sysdig --modern-bpf every time I use it. Sure, I could define a local alias for it, but that's a boot user experience in my opinion. Perhaps sysdig could automatically detect/use modern-bpf when the probe type was not specified?

Thank you!

github-actions[bot] commented 4 weeks ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Apteryks commented 4 weeks ago

/remove-stale