------------------------------------------------------------------- Fri Sep 13 18:27:13 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 1.2.0: Full changelog see https://github.com/cilium/tetragon/releases/tag/v1.2.0 * Major Changes - feat: Username for process_exec events (#2369) by @anfedotoff - tetragon: Allow persistent enforcement during tetragon restart (#2600) by @olsajiri - LSM sensor (#2566) by @anfedotoff * Bugfixes - bpf: use CORE for execve hook (#2399) by @kkourt - Don't create PodInfo if the pod is being deleted (#2431) by @michi-covalent - tetragon: allow namespaced and non-namespaced policies to have the same name (#2337) by @joshuajorel - operator: Don't start metrics server if Helm value tetragonOperator.prometheus.enabled is set to false. (#2484) by @yukinakanaka - enforcer: fix issue when using multiple calls with fmod_ret (#2524) by @kkourt - Reduce the kernel memory footprint (accounted by the cgroup memory controller) of the stack trace feature when unused. (#2546) by @mtardy - Reduce the kernel memory footprint (accounted by the cgroup memory controller) of the ratelimit feature when unused (around ~10MB per kprobe). (#2551) by @mtardy - Reduce the kernel memory footprint (accounted by the cgroup memory controller) of the fdinstall feature when unused (around ~11MB per kprobe). (#2563) by @mtardy - Do not increase the reference count when we cannot find a parent in kthreads. (#2620) by @tpapagian - Reduce the kernel memory footprint (accounted by the cgroup v2 memory controller) of the override feature when unused (around ~3MB per kprobe). (#2692) by @mtardy - Fix a bug related to the matchBinaries Prefix operator by increasing the buffer size used by our dentry walk. Now the matchBinaries Prefix operator can correctly trigger a match on any path above 255 chars. (#2764) by @mtardy - Fix a bug where the tetra getevents command would timeout even if the connection was successful. (#2765) by @mtardy - Fix missing cases in the compact encoder for tetra. (#2819) by @willfindlay - add support for pod association via cgroup id (#2776) by @kkourt - Allow disabling gRPC either by selecting 'enabled:false' in the helm chart or by passing an empty address to the agent (#2826) by @kkourt - Fix tetragon_process_cache_size metric (#2827) by @lambdanis ------------------------------------------------------------------- Mon Jul 29 18:36:26 UTC 2024 - Johannes Kastl - exclude architectures that fail to build due to 'pkg/syscallinfo/syscallinfo.go:39:34: undefined: syscallNames' errors ------------------------------------------------------------------- Wed Jun 12 16:18:43 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 1.1.2: * Bugfixes: - Don't create PodInfo if the pod is being deleted - [v1.1] backport: bpf: use CORE for execve hook - enforcer: fix issue when using multiple calls with fmod_ret * Minor Changes: - backports:1.1:tests: fix trace module testing - backports:1.1: uid username resolution support - helm: Add tetragon.livenessProbe value - backport:v1.1: btf: take first entry on multiple function matches * Misc Changes: - Prepare for v1.1.0 release - Use gRPC-based liveness probe instead of tetra status. - [v1.1] Introduce upgrade notes - Prepare for v1.1.1 release - [v1.1] Makefile: exclude api tags from version - v1.1: misc updates relating to release process - Prepare for v1.1.2 release ------------------------------------------------------------------- Tue Apr 30 18:11:26 UTC 2024 - Johannes Kastl - new package tetragon: eBPF-based Security Observability and Runtime Enforcement