Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[8.13](backport #39361) [Auditbeat/FIM/kprobes]: allow extra syscalls by auditbeat required in FIM with kprobes #39365

Merged
merged 1 commit into from
May 2, 2024
Merged

[8.13](backport #39361) [Auditbeat/FIM/kprobes]: allow extra syscalls by auditbeat required in FIM with kprobes #39365

merged 1 commit into from
May 2, 2024

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented May 2, 2024
edited by zube bot
Loading

Proposed commit message

This PR allows extra necessary syscalls in the applied seccomp/apparmor policy invoked during the verification stage of FIM kprobes. Also it removes the wrong check of event[process.executable] for ebpf backend in the integrations tests. Such a coupling of commits is ok as both of them need to be back-ported at 8.14 and 8.13

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

N/A

How to test this PR locally

Already tested here

Related issues

Use cases

N/A

Screenshots

N/A

Logs

N/A

This is an automatic backport of pull request #39361 done by Mergify.

@pkoutsovasilis @mergify
[Auditbeat/FIM/kprobes]: allow extra syscalls by auditbeat required i…
695ddee 
…n FIM with kprobes (#39361)

* fix(auditbeat/fim/kprobes): allow appropriate syscalls for seccomp/apparmor policies

* fix(auditbeat/fim/kprobes): check correctly the "fsnotify_nameremove" symbol

* fix(auditbeat/fim/tests): remove check on absent key of the event for ebpf

* doc: update CHANGELOG.next.asciidoc

(cherry picked from commit ab54de6)
@mergify mergify bot requested a review from a team as a code owner May 2, 2024 13:05
@mergify mergify bot added the backport label May 2, 2024
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 2, 2024
@botelastic
Copy link

botelastic bot commented May 2, 2024

This pull request doesn't have a Team:<team> label.

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Duration: 45 min 34 sec

❕ Flaky test report

No test was executed to be analysed.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@pkoutsovasilis pkoutsovasilis merged commit 5ed492f into 8.13 May 2, 2024
33 checks passed
@pkoutsovasilis pkoutsovasilis deleted the mergify/bp/8.13/pr-39361 branch May 2, 2024 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pkoutsovasilis pkoutsovasilis pkoutsovasilis approved these changes

Assignees

@pkoutsovasilis pkoutsovasilis

Labels
backport needs_team Indicates that the issue/PR needs a Team:* label
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@elasticmachine @pkoutsovasilis