VJftw
commented
3 years ago Real nice, felt my IQ rising just reading through this 🤓
Without having too much additional context/exp with falco probes, it definitely took me a while to understand how this stuff all actually works/fits together. This is a pretty esoteric topic, so more prose/detail couldn't hurt, especially about why the proposed design is superior to alternatives. Comments in the scripts were great though 💯
I've added a bit more detail in from your inline comments, do you feel this is enough? I'm happy to add a new section - maybe called "Why a new Falco probe building project?".
Have you thought much about verification of the probes? Might be a future maturity thing, and I'm not sure about what part of this process could break to produce incompatible/broken probes (or maybe just a failed compilation?), but would be interesting to know if we can spot that before pushing probes to the repo.
Oooh, that's an awesome idea :ok_hand: I think it can be a maturity thing too as Falco Security themselves seem pretty comfortable without the verification step too. I imagine we're currently expecting kernel sources to be correct but yes, it'll definitely be good to provide assurance that the probes we build actually work 💯 I'll add this into the future work. I think that section may graduate into GitHub issues as this project matures too.
sHesl
vync
This includes: