It appears the mechanism to extract the kernel version from COS kernel releases >= 6.x does not work, and this results in the probes having an incorrect format before they get used by Falco. See, for example the logs 1 which show kernel_version as being empty.
We should have a tested and consistent way to reliably extract the kernel_version from all COS probes.
It appears the mechanism to extract the kernel version from COS kernel releases >= 6.x does not work, and this results in the probes having an incorrect format before they get used by Falco. See, for example the logs 1 which show
kernel_versionas being empty.We should have a tested and consistent way to reliably extract the
kernel_versionfrom all COS probes.