Open egernst opened 4 years ago
+1 this - we run a lot of gVisor workloads because they're higher risk, and so getting insights into these would be awesome
I think this is something we should discuss during our community call.
Please join us if you want!
Hi, I'm also very interested in this feature request. Any update information?
I'll join a future community call. Thanks @leogr !
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Has there been any discussion or movement on this?
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
I'm also very interested in seeing it happen. Is there a community call every week?
Indeed there is. :)
Every Wed. More details at https://github.com/falcosecurity/community
On Fri, 23 Apr 2021 at 09:17 Peng Tao @.***> wrote:
I'm also very interested in seeing it happen. Is there a community call every week?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/falcosecurity/falco/issues/1413#issuecomment-825448178, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA5J42VFI5EQN2Q6FYO53DTKENJTANCNFSM4RYRVE6A .
-- L.
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Provide feedback via https://github.com/falcosecurity/community. /close
@poiana: Closing this issue.
@lining2020x: You can't reopen an issue/PR unless you authored it or you are a collaborator.
/reopen
@lining2020x: You can't reopen an issue/PR unless you authored it or you are a collaborator.
/reopen
@leogr: Reopened this issue.
/remove-lifecycle rotten
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
cc @LucaGuerra
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale cc @FedeDP
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
/help
@leogr: This request has been marked as needing help from a contributor.
Please ensure the request meets the requirements listed here.
If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help
command.
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
/remove-lifecycle stale /remove-lifecycle rotten
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
Hi, I wanted to ask if this feature is on the roadmap. I would appreciate any feedback you may have.
Feature: It'd be awesome to be able to run either the kernel module or eBPF inside the guest kernel and have this available for Falco on the host. From taking a quick look @ https://sysdig.com/blog/understanding-common-library-implementation/, I'm hopeful that this is feasible, and we could have SCAP <-> sinsp communication occur over vsock between the guest/host.
Hi, I wanted to ask if this feature is on the roadmap. I would appreciate any feedback you may have.
Hey @roshaaaan at the moment we just support Gvisor, we don't have anything planned in the roadmap about this topic but this is for sure something we are interested in!
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
/remove-lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Motivation
Falco is great. I want Falco. But I also want to run the workload using a sandboxed runtime like kata containers. I hate choosing; I want both things.
Feature
It'd be awesome to be able to run either the kernel module or eBPF inside the guest kernel and have this available for Falco on the host. From taking a quick look @ https://sysdig.com/blog/understanding-common-library-implementation/, I'm hopeful that this is feasible, and we could have SCAP <-> sinsp communication occur over vsock between the guest/host.
Alternatives
I have to choose either Falco or sandboxed runtime.
Additional context
I haven't spent a lot of time yet looking through Falco yet, but before investing I am interested in high-level feedback like: