search

falcosecurity / libs

libsinsp, libscap, the kernel module driver, and the eBPF driver sources
https://falcosecurity.github.io/libs/
Apache License 2.0
227 stars 162 forks source link

[TRACKING] Parse more syscalls args, e.g. `fallocate`, `ftruncate`, `fsopen`, `fsmount`, `kexec_load` etc #1951

Open incertum opened 3 months ago

incertum commented 3 months ago

Motivation

For specialized detections we could benefit from fully supporting and parsing the following syscalls.

They are currently yellow / generic syscalls https://falcosecurity.github.io/libs/report/

incertum commented 3 months ago

/milestone TBD

incertum commented 3 months ago

CC @loresuso @darryk10

incertum commented 2 months ago

CC @ericsage here is a previous PR showing how to add new fillers https://github.com/falcosecurity/libs/pull/1242/files.