search

falcosecurity / falco

Cloud Native Runtime Security
https://falco.org
Apache License 2.0
7.11k stars 876 forks source link

[QUESTIONS] Ask us anything Falco + eBPF re the underlying driver technology (please file regular bug reports separately) #2869

Open incertum opened 9 months ago

incertum commented 9 months ago

What to document

We are happy to answer questions related to Falco + eBPF you may have.

The purpose of this issue is to answer questions about the underlying kernel driver technology maintained in Falco's libs repository (https://github.com/falcosecurity/libs).

Please file regular bug reports separately. Do not use this issue for bug reports or error message reports.

incertum commented 9 months ago

@guidemetothemoon and @nikimanoledaki We are happy to take any eBPF question here asynchronously that concerns the collaboration with the Green Reviews WG.

CC @Andreagit97 @FedeDP

EdikAndriasyan commented 9 months ago

Edit (@incertum ): @EdikAndriasyan I have updated the issue description to clarify what this issue was created for (my apologies). For regular Falco bugs or issues, let's use separate tickets.

Hey, I am deploying Falco in GKE cluster(v1.24) with helm chart(3.7.1). Using ebpf module and deploying Falco as DaemonSet. I am getting this error in Falco logs.

`-- BEGIN PROG LOAD LOG -- processed 43798 insns (limit 1000000) max_states_per_insn 1 total_states 4061 peak_states 4061 mark_read 1921

-- END PROG LOAD LOG -- Mon Oct 16 09:06:37 2023: An error occurred in an event source, forcing termination... Mon Oct 16 09:06:37 2023: Closing event source 'syscall' Events detected: 0 Rule counts by severity: Triggered rules by rule name: Error: libscap: bpf_load_program() event=raw_tracepoint/filler/sys_procexit_e: Operation not permitted`

Andreagit97 commented 9 months ago

ei @EdikAndriasyan thank you for reporting! this is more a failure than a question, I will answer here https://github.com/falcosecurity/falco/issues/2874

poiana commented 6 months ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

Andreagit97 commented 5 months ago

/remove-lifecycle stale

poiana commented 2 months ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

Andreagit97 commented 2 months ago

/remove-lifecycle stale