tetragon/tetragon.changes

-------------------------------------------------------------------
Wed Nov 27 11:11:43 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.2.1:
  * Prepare for v1.2.1 release
  * filters: implement parent_arguments_regex
  * chore(deps): update go to v1.22.9
  * chore(deps): update docker.io/library/alpine:3.20.3 docker
    digest to 1e42bbe
  * tetragon: probe_read usage may cause issues with newer kernels
  * e2e tests: skip label test on ARM
  * workflows: use GitHub arm64 runners instead of actuated
  * Add support to exclude valid processes from dump processCache
  * tetra: add max-recv-size to processcache dump cmd
  * tetra: rewrite dump processcache cmd for correct error code
  * tetra: use consistent case in dump cmd and api
  * Add support to dump processLRU
  * [btf] Flush kernel spec (BTF) after loading a sensor
  * [ksyms] Do not cache ksyms to reduce memory consumption
  * fix(deps): update module github.com/cilium/cilium to v1.15.10
    [security]
  * chore(deps): update docker.io/library/golang:1.22.8 docker
    digest to 0ca97f4
  * chore(deps): update docker.io/library/alpine docker tag to
    v3.20.3
  * chore(deps): update go to v1.22.8
  * fix(deps): update module github.com/containers/common to
    v0.60.4 [security]
  * chore(deps): update docker.io/library/golang:1.22.6 docker
    digest to a632201
  * chore: update containers/common
  * Remove const from parameters
  * bpf: allow all operations for syscall64 type
  * watcher: add metrics for deleted pod cache
  * watcher: add a deleted pod cache
  * watcher: add test for "fast" k8s API server
  * watcher: change FindContainer function
  * watcher: add a containerIDKey function
  * watcher: refactor watcher
  * Export EventCache tunables in the Helm Chart
  * Reduce the delay in GRPC gotests
  * Make EventCache configurable
  * helm: Set rthooks.podSecurityContext to empty by default
  * helm: Remove deprecated tetragon.skipCRDCreation value
  * [bugfix] Fix clone event caching due to missing pod info

-------------------------------------------------------------------
Fri Sep 13 18:27:13 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.2.0:
  Full changelog see
  https://github.com/cilium/tetragon/releases/tag/v1.2.0
  * Major Changes
    - feat: Username for process_exec events (#2369) by @anfedotoff
    - tetragon: Allow persistent enforcement during tetragon
      restart (#2600) by @olsajiri
    - LSM sensor (#2566) by @anfedotoff
  * Bugfixes
    - bpf: use CORE for execve hook (#2399) by @kkourt
    - Don't create PodInfo if the pod is being deleted (#2431) by
      @michi-covalent
    - tetragon: allow namespaced and non-namespaced policies to
      have the same name (#2337) by @joshuajorel
    - operator: Don't start metrics server if Helm value
      tetragonOperator.prometheus.enabled is set to false. (#2484)
      by @yukinakanaka
    - enforcer: fix issue when using multiple calls with fmod_ret
      (#2524) by @kkourt
    - Reduce the kernel memory footprint (accounted by the cgroup
      memory controller) of the stack trace feature when unused.
      (#2546) by @mtardy
    - Reduce the kernel memory footprint (accounted by the cgroup
      memory controller) of the ratelimit feature when unused
      (around ~10MB per kprobe). (#2551) by @mtardy
    - Reduce the kernel memory footprint (accounted by the cgroup
      memory controller) of the fdinstall feature when unused
      (around ~11MB per kprobe). (#2563) by @mtardy
    - Do not increase the reference count when we cannot find a
      parent in kthreads. (#2620) by @tpapagian
    - Reduce the kernel memory footprint (accounted by the cgroup
      v2 memory controller) of the override feature when unused
      (around ~3MB per kprobe). (#2692) by @mtardy
    - Fix a bug related to the matchBinaries Prefix operator by
      increasing the buffer size used by our dentry walk. Now the
      matchBinaries Prefix operator can correctly trigger a match
      on any path above 255 chars. (#2764) by @mtardy
    - Fix a bug where the tetra getevents command would timeout
      even if the connection was successful. (#2765) by @mtardy
    - Fix missing cases in the compact encoder for tetra. (#2819)
      by @willfindlay
    - add support for pod association via cgroup id (#2776) by
      @kkourt
    - Allow disabling gRPC either by selecting 'enabled:false' in
      the helm chart or by passing an empty address to the agent
      (#2826) by @kkourt
    - Fix tetragon_process_cache_size metric (#2827) by @lambdanis

-------------------------------------------------------------------
Mon Jul 29 18:36:26 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>

- exclude architectures that fail to build due to
  'pkg/syscallinfo/syscallinfo.go:39:34: undefined: syscallNames'
  errors

-------------------------------------------------------------------
Wed Jun 12 16:18:43 UTC 2024 - opensuse_buildservice@ojkastl.de

- Update to version 1.1.2:
  * Bugfixes:
    - Don't create PodInfo if the pod is being deleted
    - [v1.1] backport: bpf: use CORE for execve hook
    - enforcer: fix issue when using multiple calls with fmod_ret
  * Minor Changes:
    - backports:1.1:tests: fix trace module testing
    - backports:1.1: uid username resolution support
    - helm: Add tetragon.livenessProbe value
    - backport:v1.1: btf: take first entry on multiple function
      matches
  * Misc Changes:
    - Prepare for v1.1.0 release
    - Use gRPC-based liveness probe instead of tetra status.
    - [v1.1] Introduce upgrade notes
    - Prepare for v1.1.1 release
    - [v1.1] Makefile: exclude api tags from version
    - v1.1: misc updates relating to release process
    - Prepare for v1.1.2 release

-------------------------------------------------------------------
Tue Apr 30 18:11:26 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>

- new package tetragon: eBPF-based Security Observability and
  Runtime Enforcement
update to 1.2.1 OBS-URL: https://build.opensuse.org/package/show/server:monitoring/tetragon?expand=0&rev=7 2024-11-27 12:33:20 +01:00			`-------------------------------------------------------------------`
			`Wed Nov 27 11:11:43 UTC 2024 - opensuse_buildservice@ojkastl.de`

			`- Update to version 1.2.1:`
			`* Prepare for v1.2.1 release`
			`* filters: implement parent_arguments_regex`
			`* chore(deps): update go to v1.22.9`
			`* chore(deps): update docker.io/library/alpine:3.20.3 docker`
			`digest to 1e42bbe`
			`* tetragon: probe_read usage may cause issues with newer kernels`
			`* e2e tests: skip label test on ARM`
			`* workflows: use GitHub arm64 runners instead of actuated`
			`* Add support to exclude valid processes from dump processCache`
			`* tetra: add max-recv-size to processcache dump cmd`
			`* tetra: rewrite dump processcache cmd for correct error code`
			`* tetra: use consistent case in dump cmd and api`
			`* Add support to dump processLRU`
			`* [btf] Flush kernel spec (BTF) after loading a sensor`
			`* [ksyms] Do not cache ksyms to reduce memory consumption`
			`* fix(deps): update module github.com/cilium/cilium to v1.15.10`
			`[security]`
			`* chore(deps): update docker.io/library/golang:1.22.8 docker`
			`digest to 0ca97f4`
			`* chore(deps): update docker.io/library/alpine docker tag to`
			`v3.20.3`
			`* chore(deps): update go to v1.22.8`
			`* fix(deps): update module github.com/containers/common to`
			`v0.60.4 [security]`
			`* chore(deps): update docker.io/library/golang:1.22.6 docker`
			`digest to a632201`
			`* chore: update containers/common`
			`* Remove const from parameters`
			`* bpf: allow all operations for syscall64 type`
			`* watcher: add metrics for deleted pod cache`
			`* watcher: add a deleted pod cache`
			`* watcher: add test for "fast" k8s API server`
			`* watcher: change FindContainer function`
			`* watcher: add a containerIDKey function`
			`* watcher: refactor watcher`
			`* Export EventCache tunables in the Helm Chart`
			`* Reduce the delay in GRPC gotests`
			`* Make EventCache configurable`
			`* helm: Set rthooks.podSecurityContext to empty by default`
			`* helm: Remove deprecated tetragon.skipCRDCreation value`
			`* [bugfix] Fix clone event caching due to missing pod info`

			`-------------------------------------------------------------------`
			`Fri Sep 13 18:27:13 UTC 2024 - opensuse_buildservice@ojkastl.de`

			`- Update to version 1.2.0:`
			`Full changelog see`
			`https://github.com/cilium/tetragon/releases/tag/v1.2.0`
			`* Major Changes`
			`- feat: Username for process_exec events (#2369) by @anfedotoff`
			`- tetragon: Allow persistent enforcement during tetragon`
			`restart (#2600) by @olsajiri`
			`- LSM sensor (#2566) by @anfedotoff`
			`* Bugfixes`
			`- bpf: use CORE for execve hook (#2399) by @kkourt`
			`- Don't create PodInfo if the pod is being deleted (#2431) by`
			`@michi-covalent`
			`- tetragon: allow namespaced and non-namespaced policies to`
			`have the same name (#2337) by @joshuajorel`
			`- operator: Don't start metrics server if Helm value`
			`tetragonOperator.prometheus.enabled is set to false. (#2484)`
			`by @yukinakanaka`
			`- enforcer: fix issue when using multiple calls with fmod_ret`
			`(#2524) by @kkourt`
			`- Reduce the kernel memory footprint (accounted by the cgroup`
			`memory controller) of the stack trace feature when unused.`
			`(#2546) by @mtardy`
			`- Reduce the kernel memory footprint (accounted by the cgroup`
			`memory controller) of the ratelimit feature when unused`
			`(around ~10MB per kprobe). (#2551) by @mtardy`
			`- Reduce the kernel memory footprint (accounted by the cgroup`
			`memory controller) of the fdinstall feature when unused`
			`(around ~11MB per kprobe). (#2563) by @mtardy`
			`- Do not increase the reference count when we cannot find a`
			`parent in kthreads. (#2620) by @tpapagian`
			`- Reduce the kernel memory footprint (accounted by the cgroup`
			`v2 memory controller) of the override feature when unused`
			`(around ~3MB per kprobe). (#2692) by @mtardy`
			`- Fix a bug related to the matchBinaries Prefix operator by`
			`increasing the buffer size used by our dentry walk. Now the`
			`matchBinaries Prefix operator can correctly trigger a match`
			`on any path above 255 chars. (#2764) by @mtardy`
			`- Fix a bug where the tetra getevents command would timeout`
			`even if the connection was successful. (#2765) by @mtardy`
			`- Fix missing cases in the compact encoder for tetra. (#2819)`
			`by @willfindlay`
			`- add support for pod association via cgroup id (#2776) by`
			`@kkourt`
			`- Allow disabling gRPC either by selecting 'enabled:false' in`
			`the helm chart or by passing an empty address to the agent`
			`(#2826) by @kkourt`
			`- Fix tetragon_process_cache_size metric (#2827) by @lambdanis`

			`-------------------------------------------------------------------`
			`Mon Jul 29 18:36:26 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>`

			`- exclude architectures that fail to build due to`
			`'pkg/syscallinfo/syscallinfo.go:39:34: undefined: syscallNames'`
			`errors`

			`-------------------------------------------------------------------`
			`Wed Jun 12 16:18:43 UTC 2024 - opensuse_buildservice@ojkastl.de`

			`- Update to version 1.1.2:`
			`* Bugfixes:`
			`- Don't create PodInfo if the pod is being deleted`
			`- [v1.1] backport: bpf: use CORE for execve hook`
			`- enforcer: fix issue when using multiple calls with fmod_ret`
			`* Minor Changes:`
			`- backports:1.1:tests: fix trace module testing`
			`- backports:1.1: uid username resolution support`
			`- helm: Add tetragon.livenessProbe value`
			`- backport:v1.1: btf: take first entry on multiple function`
			`matches`
			`* Misc Changes:`
			`- Prepare for v1.1.0 release`
			`- Use gRPC-based liveness probe instead of tetra status.`
			`- [v1.1] Introduce upgrade notes`
			`- Prepare for v1.1.1 release`
			`- [v1.1] Makefile: exclude api tags from version`
			`- v1.1: misc updates relating to release process`
			`- Prepare for v1.1.2 release`

			`-------------------------------------------------------------------`
			`Tue Apr 30 18:11:26 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>`

			`- new package tetragon: eBPF-based Security Observability and`
			`Runtime Enforcement`