Date
1 - 1 of 1
What happened in Falco this week? Jan. 27, 23
Jacque Salinas
Hi everyone! Let's unfold what happened in Falco this week!
You'll see mostly bug fixes nearing the 0.34 release; let's check them!
Libs:
- Finally fully merged new driver unit tests! https://github.com/falcosecurity/libs/pull/832
- Fixed a possible null ptr dereference in libsinsp: https://github.com/falcosecurity/libs/pull/841 -> this is part of libs 0.10.2 tag!
- Small fix in the GRPC_LIBRARIES sorting: https://github.com/falcosecurity/libs/pull/840
- We found out that on arm64, the minimum kver to build the kmod driver is 3.16, not 3.4: https://github.com/falcosecurity/libs/pull/843
- Falco: everything listed here will be part of 0.34 release!
- Removed rules from Falco repo; they live in falcosecurity/rules repository: https://github.com/falcosecurity/falco/pull/2359
- Fix/mitigation for SIGABRTS received during grpc server shutdown: https://github.com/falcosecurity/falco/pull/2350
- Modern-bpf will be able to assign more than one CPU to a single ring buffer! https://github.com/falcosecurity/falco/pull/2363
- Embed falcoctl inside Falco and updated Falco systemd units: https://github.com/falcosecurity/falco/pull/2345
- Mitigation for frequent CI timeout failures: https://github.com/falcosecurity/falco/pull/2375
- Bumped libs version to 0.10.2!
- Support cron-like strings for artifact follow command: https://github.com/falcosecurity/falcoctl/pull/222
- Correctly handle context cancelation in follower: https://github.com/falcosecurity/falcoctl/pull/225
- Correctly set Falcoctl version at build time: https://github.com/falcosecurity/falcoctl/pull/237
- Fixed error handling with no artifacts: https://github.com/falcosecurity/falcoctl/pull/235
- Ensure extracted files are put inside the dest dir: https://github.com/falcosecurity/falcoctl/pull/228
- Pusher will automatically add latest tag only if no other tag was specified: https://github.com/falcosecurity/falcoctl/pull/230
- Plus lots of refactorings!
- Controller annotations will be exposed: https://github.com/falcosecurity/charts/pull/456
- Users can now set env variables: https://github.com/falcosecurity/charts/pull/437
- Improved driver behavior doc: https://github.com/falcosecurity/charts/pull/433
- Only print daemonset info if set to daemonset: https://github.com/falcosecurity/charts/pull/449
- Quote integer redis.ttl value: https://github.com/falcosecurity/charts/pull/455
- Fix prometheus extralabels configuration in falcosidekick: https://github.com/falcosecurity/charts/pull/452
- Rules inventory was updated: https://github.com/falcosecurity/rules/pull/17
- Improved doc: https://github.com/falcosecurity/rules/pull/15
- Rules will be now uploaded to download.falco.org too! https://github.com/falcosecurity/rules/pull/16 :aws:
- Moreover, note that 4.0.0+driver are now live on download.falco.org!
- We are quickly heading towards Falco 0.34 release!
Let's see what will possibly happen in the next few weeks!
And that's all for this week! See you next week!
Bye!
-- - Lots of cleanup in libs: https://github.com/falcosecurity/libs/pull/845, https://github.com/falcosecurity/libs/pull/839, https://github.com/falcosecurity/libs/pull/816, https://github.com/falcosecurity/libs/pull/759
- Improved io_uring support, implementing it for modern-bpf, and adding unit tests: https://github.com/falcosecurity/libs/pull/844
- A flag to avoid pushing to userspace failed syscalls, to save bandwidth on the ring buffer and increase perf: https://github.com/falcosecurity/libs/pull/834
- More syscalls to modern bpf! https://github.com/falcosecurity/libs/pull/800, https://github.com/falcosecurity/libs/pull/806
- s390x support for old bpf probe: https://github.com/falcosecurity/libs/pull/809, https://github.com/falcosecurity/libs/pull/811 (NOTE: Falco does not support s390x officially, but libs do)
- Some possible small fixes in falco-driver-loader for some debian kernels (too hard to explain it here, see PR!) : https://github.com/falcosecurity/falco/pull/2377
- Adaptive syscalls given the ruleset support for Falco: https://github.com/falcosecurity/falco/pull/2361
- Proper index generic events, so that they can be used as filters in rules: https://github.com/falcosecurity/falco/pull/2347
- Cleanup the usage on std namespace in headers: https://github.com/falcosecurity/falco/pull/2309
- Support for modern-bpf driver in charts: https://github.com/falcosecurity/charts/pull/459
- Finalize support for Falco 0.34 (and falcoctl) in charts: https://github.com/falcosecurity/charts/pull/453
- How do you deploy Falco in prod? https://github.com/falcosecurity/falco/issues/2376
- Adaptive syscall feature: https://github.com/falcosecurity/falco/issues/2371
- Force a base syscall set for Falco: https://github.com/falcosecurity/falco/issues/2373
- SIGABRT on Falco restart (needs testers! Master branch has a fix/mitigation): https://github.com/falcosecurity/falco/issues/2342
- 0.34 Falco release tracking issue: https://github.com/falcosecurity/falco/issues/2368
And that's all for this week! See you next week!
Bye!
Jacqueline Salinas
Director of Ecosystem
505 479 8080
