Skip to content

Release v0.9.0
Compare
Choose a tag to compare
@github-actions github-actions released this 03 Apr 19:02
· 2764 commits to main since this release
v0.9.0
This tag was signed with the committer’s verified signature.
willfindlay William Findlay
GPG key ID: C7AC2263207CDAFF
Learn about vigilant mode.
13822f9

What's Changed

  • Update README.md by @michi-covalent in #489
  • tetragon: Add --rb-size/--rb-size-total options to setup perf ring buffer size by @olsajiri in #480
  • pkg:sensors: log loading BPF programs by @tixxdz in #474
  • mention LOCAL_CLANG in contributor's dev docs by @dmitris in #503
  • build(deps): bump golang from 1.16 to 1.19.2 by @dependabot in #502
  • program/loader: properly log verifier errors by @willfindlay in #504
  • build(deps): bump actions/download-artifact from 3 to 3.0.1 by @dependabot in #501
  • chore: remove binary accidentally checked in by @willfindlay in #508
  • Fix a deadlock in eventcache by @tpapagian in #510
  • minor README updates by @dmitris in #512
  • correct a sentence in 'Deploy Tetragon' by @dmitris in #509
  • server: drop events if listener channel is full by @kkourt in #511
  • Remove pidMap by @tpapagian in #497
  • build: sign Tetragon container images by @sandipanpanda in #517
  • Chore: registered probe types by @zhiyu0729 in #519
  • chore: sample memfd_create rule by @krol3 in #484
  • tetragon: fix graceful shutdown and exit code by @tixxdz in #520
  • ci/e2e: fix test failure file exports by @willfindlay in #518
  • add kubebuilder validation GetUrl;DnsLookup , it can't get "The Traci… by @sunnoy in #525
  • Update automatically generated files by @kevsecurity in #528
  • tetragon: Add bpf_printk helper from libbpf by @olsajiri in #514
  • vendor: update cilium/ebpf by @willfindlay in #522
  • cli: add field filters to the CLI and tetragon configmap by @willfindlay in #513
  • tetragon: improve how we read process info during startup by @tixxdz in #523
  • tetragon: Switch to clang-14 by @olsajiri in #397
  • various fixes motivated by a failure of the raw syscall test by @kkourt in #531
  • Fix for execve events that come after clone by @tpapagian in #532
  • Make size of event queue configurable by @kevsecurity in #535
  • cgroups: add basic cgroups tracking and make it part of the testing framework by @tixxdz in #471
  • tetragon: Add ReleasedPinnedBPF option to remove any old progs/maps by @jrfastab in #542
  • build(deps): bump docker/build-push-action from 3.1.1 to 3.2.0 by @dependabot in #506
  • tetragon: Add v6.0 bpf objects and related fixes by @olsajiri in #537
  • vmtests/doc: fix by @kkourt in #547
  • build(deps): bump github/codeql-action from 2.1.26 to 2.1.33 by @dependabot in #546
  • Makefile.cli: deal with {g,u}id collision by @kkourt in #557
  • tests:cgroups: add tests to emulate k8s hierarchies by @tixxdz in #536
  • tetragon: fix cobra command line usage by @tixxdz in #565
  • tetragon: Add pprof http support by @anjmao in #551
  • watcher cleanup by @kkourt in #555
  • support for using unix socket for gRPC by @kkourt in #552
  • tetragon: fixup generic tracepoint sensor create by @Y-dc in #568
  • tetragon: fix initialization deadlock by @kkourt in #574
  • build(deps): bump docker/login-action from 2.0.0 to 2.1.0 by @dependabot in #572
  • tetragon: Check and remove not compatible map pin paths on loading by @olsajiri in #543
  • build(deps): bump github/codeql-action from 2.1.33 to 2.1.36 by @dependabot in #583
  • Makefile: Fix potential uid/gid collision by using setpriv by @kkourt in #586
  • dockerfile: remove addgroup hubble by @tixxdz in #588
  • jsonchecker: retry on EOF/UnexpectedEOF in unmarshaller by @willfindlay in #587
  • tetragon: logging improvements for non k8s deployment by @tixxdz in #582
  • tests/e2e: make cilium version configurable by @willfindlay in #591
  • ci: bump golangci-lint to v1.50.1 by @rolinh in #580
  • tetragon: Make sure to read meaningful size data from char_buf args by @Y-dc in #564
  • vendor: bump golang-lru to v2 (requires Go >= v1.18 support for generics) by @rolinh in #579
  • build(deps): bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #592
  • ci: replace deprecated set-output directives by @willfindlay in #598
  • add Code of Conduct by @xmulligan in #600
  • tetragon: Allow full exec path/args retrieval on 4.19 kernels by @olsajiri in #156
  • build(deps): bump ubuntu from 34fea4f to 35fb073 by @dependabot in #507
  • logging: allow users to know more about the overall status by @tixxdz in #590
  • build(deps): bump github/codeql-action from 2.1.36 to 2.1.37 by @dependabot in #596
  • sensor cleanups by @kkourt in #581
  • eventcache: update PodInfoError on pod error by @kkourt in #609
  • build: Generate SBOM during image release by @sandipanpanda in #559
  • helm: use a specific conf.d directory for --config-dir by @tixxdz in #599
  • build(deps): bump golang from 1.19.2 to 1.19.4 by @dependabot in #607
  • build(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 by @dependabot in #610
  • loader: support larger verifier log sizes by @willfindlay in #595
  • cgroups: ensure that cgroup IDs correlate with execve events by @tixxdz in #541
  • tests/e2e: remove GKE auth plugin, it's deprecated by @willfindlay in #606
  • ci: use large github runner by @willfindlay in #615
  • ci/formatting: various improvements by @willfindlay in #617
  • tetragon: Switch exit tracepoint to __put_task_struct kprobe by @olsajiri in #558
  • build(deps): bump library/alpine from 3.16.2 to 3.17.1 by @dependabot in #614
  • bpf:cgroups: error flags improvements by @tixxdz in #594
  • tetragon: Use probe task instead of current in event_exit_send by @olsajiri in #630
  • Fix SBOM image signing and update image siganture verification docs by @sandipanpanda in #618
  • Minor improvements to the README by @mtardy in #632
  • build(deps): bump golang from 1.19.4 to 1.19.5 by @dependabot in #623
  • tetragon: disable gops server by default by @tixxdz in #642
  • bpf_alignchecker.c: avoid unused var error by @dmitris in #637
  • tetragon: Cleanup func_id/id mess in struct msg_generic_kprobe by @olsajiri in #604
  • Add skb_adjust_room helper by @kevsecurity in #648
  • tetragon: better config handling mechanism by @tixxdz in #635
  • tetragon: loader sensor by @olsajiri in #573
  • gettid wrapper by @dmitris in #639
  • Update Makefile test target dependencies and run test as root by @mtardy in #649
  • encoder: pretty print bpf events by @willfindlay in #650
  • e2e-framework: force update when adding helm repo by @willfindlay in #644
  • tetra: Add a GetFilter var in getevents, add documentation and tests by @mtardy in #643
  • CRD examples: Replace invalid TracingPolicy names by @mtardy in #652
  • tetragon: tarball deployment by @tixxdz in #647
  • ci: pin docker buildx version to v0.9.1 by @willfindlay in #659
  • ci: add make tarball check and release by @tixxdz in #665
  • tetra: use field filters when reading via io_reader_client by @mtardy in #668
  • pkg/config: add k8s validation on metadata.name by @mtardy in #661
  • pkg/config: print name in validation error by @mtardy in #670
  • eventchecker: implement checker names by @willfindlay in #662
  • tetragon: Use lru.Cache for data events storage by @olsajiri in #382
  • tetragon: bpf/Makefile fixes by @olsajiri in #602
  • tetragon: log pinned bpf and maps status by @tixxdz in #666
  • tetragon: couple bpf fixes by @olsajiri in #680
  • data: silence annoying debug log messages by @willfindlay in #676
  • fix the URL for the "first good issue" list by @dmitris in #685
  • make:trivial: do sha256sum inside directory by @tixxdz in #687
  • deployment: minor tarball uninstall fixes by @tixxdz in #684
  • tetragon: set default value of release-pinned-bpf to true by @willfindlay in #689
  • Changing bpf prog load, map create event names to be more descriptive by @sharlns in #667
  • build(deps): bump github.com/emicklei/go-restful from 2.9.5+incompatible to 2.16.0+incompatible by @dependabot in #691
  • build(deps): bump github.com/emicklei/go-restful from 2.9.5+incompatible to 2.16.0+incompatible in /pkg/k8s by @dependabot in #692
  • tests/e2e: handle procRoot correctly in KinD clusters by @willfindlay in #688
  • tests/e2e: add ability to reset checker limits and retry demo app installation by @willfindlay in #674
  • tetragon: Minor include headers changes in loader by @olsajiri in #690
  • tetragon: Fix bpf_printk for single string argument by @olsajiri in #693
  • tetragon: Get proper exex cwd in case of no arguments by @olsajiri in #683
  • Add start time to event cache object by @kevsecurity in #698
  • runtime hooks support for tetragon by @kkourt in #695
  • Improve README and document tracing policies by @mtardy in #673
  • use go 1.19.6 by @kkourt in #715
  • tetragon: introduce Cgroup ID Tracker by @tixxdz in #677
  • update go modules (manually) by @kkourt in #717
  • build(deps): bump actions/checkout from 3.2.0 to 3.3.0 by @dependabot in #611
  • build(deps): bump fedora from 36 to 37 by @dependabot in #646
  • tetragon: Fix action offset masking by @olsajiri in #720
  • tetragon: cleanup grpc unix socket by @tixxdz in #716
  • matchArgs: do not match on empty file by @tpapagian in #718
  • logging: log observer status only once 24h and for non k8s by @tixxdz in #721
  • tracing policies cleanups by @kkourt in #700
  • Handle multiple URL and DNS selectors correctly by @kevsecurity in #719
  • matchBinaries improvements by @tpapagian in #686
  • Fix multiple file match bugs by @kevsecurity in #724
  • tetra CLI: Fix rthook/create-container command arguments by @olsajiri in #710
  • Unpin buildx version in CI by @mtardy in #735
  • build(deps): bump docker/build-push-action from 3.2.0 to 4.0.0 by @dependabot in #732
  • introduce policyfilter mechanism by @kkourt in #723
  • build(deps): bump github.com/spf13/viper from 1.12.0 to 1.15.0 by @dependabot in #745
  • Make functions in pkg/selectors/kernel.go public by @tpapagian in #742
  • clang image: add support for arm64 and detect arch for BPF compilation by @mtardy in #743
  • development Quality-of-Life updates by @kkourt in #748
  • matchBinaries: Add NotIn in tracing policy by @tpapagian in #754
  • Create MAINTAINERS.md by @xmulligan in #760
  • build(deps): bump docker/setup-buildx-action from 2.2.1 to 2.4.1 by @dependabot in #741
  • tetragon: Get rid of generic_process_event* functions by @olsajiri in #740
  • build(deps): bump github.com/vishvananda/netlink from 1.1.1-0.20220125195016-0639e7e787ba to 1.2.1-beta.2 by @dependabot in #762
  • kprobe: detect and add missing syscall arch prefix by @mtardy in #752
  • build(deps): bump go.uber.org/multierr from 1.8.0 to 1.9.0 by @dependabot in #767
  • build(deps): bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 by @dependabot in #768
  • build(deps): bump golangci/golangci-lint from v1.50.1 to v1.51.2 by @dependabot in #769
  • Export selector ops from pkg/selectors/kernel.go by @tpapagian in #763
  • build(deps): bump library/alpine from 3.17.1 to 3.17.2 by @dependabot in #773
  • build(deps): bump github.com/prometheus/client_golang from 1.12.2 to 1.14.0 by @dependabot in #772
  • contrib: script for dependabot PRs that failed by @kkourt in #765
  • pkg/cilium: retry if socket does not exist by @kkourt in #759
  • trivial:doc: add code documentation for nspid when getting Pod info by @tixxdz in #775
  • clang image: rework workflow to dry run on PR by @mtardy in #777
  • fix char buff matchargs by @kkourt in #770
  • Fix clang image build workflow SBOM step by @mtardy in #782
  • Fixing the build clang image build workflow by @mtardy in #783
  • Add a Tetragon documentation website and rename base folder crds into examples by @mtardy in #778
  • Fix workflow to build docs from ./docs folder by @mtardy in #787
  • Deploy docs if we manually trigger the workflow by @mtardy in #788
  • Add support for arm64 for building, running and testing by @mtardy in #734
  • build(deps): bump golang from 1.19.5 to 1.20.2 by @dependabot in #792
  • Doc: temporary hugo baseURL fix to serve website by @mtardy in #798
  • docs: use tetragon.cilium.io domain for website by @mtardy in #800
  • namespaced tracing policies: core implementation by @kkourt in #749
  • build(deps): bump library/alpine from 69665d0 to ff6bdca by @dependabot in #801
  • tetragon: Export podInformer by @tpapagian in #799
  • docs: improve namespace and caps changes filter doc by @tixxdz in #804
  • Documentation: add a links checker to the CI by @mtardy in #805
  • docs: missing space indent by @cjtim in #809
  • Docs: add netlify config file to ignore non-docs related PRs by @mtardy in #814
  • Workflow: fix netlify deploy preview by @mtardy in #815
  • Cross-compile arm64 container images by @mtardy in #816
  • Workflow: fix syntax of build image CI by @mtardy in #819
  • tetragon: Add generic uprobe sensor by @olsajiri in #603
  • tetragon: Fix multi kprobe attach data by @olsajiri in #832
  • dependaboit-fail: check app/dependabot login by @kkourt in #803
  • Makefile: add targets to build the docs via Docker by @mtardy in #839
  • Add conditional Dockerfile stage to build or download bpftool by @mtardy in #837
  • bugfix: matchBinaries in multiple selectors by @tpapagian in #774
  • eventchecker: output checker names in event mismatches by @willfindlay in #840
  • ignore .idea by @zhy76 in #829
  • docs: add link to kubernetes style guide by @kkourt in #847
  • build(deps): bump cilium/clang from aeaada5 to aeaada5 by @dependabot in #818
  • build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 by @zhy76 in #849
  • kprobes: add a prevalidate kprobe semantics phase by @tixxdz in #830
  • build(deps): bump library/alpine from 3.17.2 to 3.17.3 by @dependabot in #855
  • tetragon: move all cli flags to options.Config by @YTGhost in #858
  • Helm chart: bump quay.io/cilium/hubble-export-stdout to v1.0.3 by @mtardy in #856
  • build(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 by @dependabot in #771
  • tetragon: Add --force-large-progs option to force large bpf programs by @olsajiri in #795
  • Revert "build(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1" by @kkourt in #861
  • Fix Netlify ignore command to trigger build previews only on docs PR by @mtardy in #846
  • README: remove redundancy (trivial) by @kkourt in #863
  • tetragon: Bench script and multi kprobe fixes by @olsajiri in #796
  • ci: fixes for release automation by @willfindlay in #865
  • build(deps): bump golangci/golangci-lint from v1.51.2 to v1.52.2 by @dependabot in #866
  • build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.30.0 by @YTGhost in #842
  • support for namespaced policies by @kkourt in #694
  • selectors: Export newKernelSelectorState function by @tpapagian in #870
  • Fix tests to run on arm64 by @mtardy in #871
  • Prepare for v0.9.0 release by @willfindlay in #875

New Contributors

Full Changelog: v0.8.3...v0.9.0

Contributors

dmitris, kkourt, and 21 other contributors
Assets 16
Loading