Skip to content

Tags: falcosecurity/libs

Tags

0.25.4

Toggle 0.25.4's commit message 
perf(userspace/libpman): don't try to collect iter stats if disabled

If the support for BPF iterators is disabled, don't try to collect
corresponding stats. Moreover, rename `disable_iterators` to
`iterators_disabled`.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

0.25.3

Toggle 0.25.3's commit message 
test(drivers): account for fifth parameter in `socketcall_socketX`

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

0.25.2

Toggle 0.25.2's commit message 
fix(userspace/libsinsp): fix op modifiers semantic and impl logic

The current operator modifiers implementation has some inconsistencies
related to the `oneof` modifier and the `!=` operator coupled with
`anyof`. The new implementation patches these inconsistency and makes
modifiers logic clear. `oneof`, `anyof` and `allof` has to be intended
as syntactic sugars. With the help of the expression
`field <op> <mod> (e0, e1, e2)`, the logic applied for these modifiers
can be described as follows
- `oneof` - matches iff exactly one among the set of expressions
  `field <op> e0`, `field <op> e1` and `field <op> e2` matches
- `anyof` matches iff the expression `field <op> e0 or field <op> e1
  or field <op> e2` matches; this means that will return true if there
  is at least 1 match among all sub-expressions.
- `allof` matches iff the expression `field <op> e0 and field <op> e1
  and field <op> e2` matches; this means that will return true iff all
  sub-expressions match.

Notice that the previous implementation applied the custom logic "not
in the list" for `!= anyof`: this is wrong and inconsistent with the
previous model, as sub-expressions must be ORed, not ANDed.

The current patch also adds a runtime check regarding the number of
values that are produced at runtime by a LHS filtercheck that claims
not to produce a list: it can only return 1 value. This makes all
tests using the `c.multi` filtercheck wrong, because this ones is
declared as a non-`EPS_IS_LIST` filtercheck that can produce multiple
values.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

10.2.0+driver

Toggle 10.2.0+driver's commit message 
fix(driver): export euid, egid and loginuid from init user ns

The kernel module currently exports euids, egids and loginuids as seen
from the task's user namespace: this is inconsistent with the
(expected) behaviour implemented by the modern eBPF probe, that
exports the ones seen from the init user namespace. Make the kernel
module consistent by fixing its code to export the ones seen from the
init user namespace.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

0.25.1

Toggle 0.25.1's commit message 
fix(driver): export euid, egid and loginuid from init user ns

The kernel module currently exports euids, egids and loginuids as seen
from the task's user namespace: this is inconsistent with the
(expected) behaviour implemented by the modern eBPF probe, that
exports the ones seen from the init user namespace. Make the kernel
module consistent by fixing its code to export the ones seen from the
init user namespace.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

10.1.0+driver

Toggle 10.1.0+driver's commit message 
fix(driver): hoist `flags` declaration to the top of `f_sys_accept4_x`

This prevents some build failures if the compilation toolchain uses
pedantic flags.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

10.1.0-rc2+driver

Toggle 10.1.0-rc2+driver's commit message 
fix(driver): hoist `flags` declaration to the top of `f_sys_accept4_x`

This prevents some build failures if the compilation toolchain uses
pedantic flags.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

0.25.0

Toggle 0.25.0's commit message 
fix(userspace/libpman): avoid redefining `_GNU_SOURCE`

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

0.25.0-rc2

Toggle 0.25.0-rc2's commit message 
fix(userspace/libpman): avoid redefining `_GNU_SOURCE`

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

10.1.0-rc1+driver

Toggle 10.1.0-rc1+driver's commit message 
feat: add keyctl syscall support

Co-Authored-By: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(driver): uniform keyctl arg5

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(driver): unify keyctl params push funcs

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(test): rename keyctl assert funcs

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(test): properly fix keyctl arg asserts

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

cleanup(test): collapse assert_keyctl_arg funcs

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

chore(driver): bump schema version to 4.5.0

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

refactor(driver): simplify keyctl probes

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

fix(driver): use appropriate printk func

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>