Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backports:v1.0: clone ns fixes #2700

Merged
merged 3 commits into from
Jul 19, 2024
Merged

backports:v1.0: clone ns fixes #2700

merged 3 commits into from
Jul 19, 2024

Conversation

tixxdz
Copy link
Member

@tixxdz tixxdz commented Jul 19, 2024 

store thread leader namespaces at fork and reduce false positives

tixxdz added 3 commits July 19, 2024 11:46
@tixxdz
bpf: store thread leader namespaces/caps at fork and reduce false pos…
350d8e6 
…itives

[ Upstream main 67e436b ]

Store the thread leader namespaces during fork so we can check later
if they changed, as right now they are only stored late during execv
which will point to a new exec_id entry anyway.

Right now during fork they are zeroed in the execve_map which make it
unreliable to detect if they changed between the fork and the final
execve, they will always be reported as if they changed which could be
a false positive report.

While we are it improve how we fetch and store capabilities.

Signed-off-by: Djalal Harouni <[email protected]>
@tixxdz
test:clone: more namespace checks
e87fb7e 
[ Upstream main 87ec91c ]

Signed-off-by: Djalal Harouni <[email protected]>
@tixxdz
tests:process_exec: more tests for get caps and ns
2aaf287 
[Upstream main 11a8cb0 ]

Signed-off-by: Djalal Harouni <[email protected]>
@tixxdz tixxdz added the release-note/minor This PR introduces a minor user-visible change label Jul 19, 2024
@tixxdz tixxdz requested a review from a team as a code owner July 19, 2024 11:08
@tixxdz tixxdz requested review from kevsecurity, tpapagian and olsajiri and removed request for a team July 19, 2024 11:08
@tixxdz tixxdz merged commit 90e9e1b into v1.0 Jul 19, 2024
31 checks passed
@tixxdz tixxdz deleted the pr/tixxdz/backports-clone-ns-fixes-v1.0 branch July 19, 2024 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tpapagian tpapagian tpapagian approved these changes

@kevsecurity kevsecurity Awaiting requested review from kevsecurity kevsecurity is a code owner automatically assigned from cilium/tetragon

@olsajiri olsajiri Awaiting requested review from olsajiri

Assignees
No one assigned
Labels
release-note/minor This PR introduces a minor user-visible change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tixxdz @tpapagian