sets: default set can't have network events v419 #2771
Conversation
|
The focal419 runner is running with clang13 and golang1.18 for these last tests. Will have to update it to clang14 and golang1.19 so this runner is the same as all others (and re-check to see if tests still pass). If tests pass, then we're good for v419 (for the release). |
|
@yanivagman FYIO, Yes, so.. besides this fix, which tests didn't catch because they don't run the default set of events, there is another problem that raised when bumping go to 1.19 and clang to 14: This wan't caught before because the runner, despite having go1.19, was still running tests using go1.18 (due to bad GOHOME env variable). So, the summary is:
ACTION: will have to understand why clang14 and go1.19 brake v4.19. |
This fix is a valid workaround, but for the long term we will need to identify if network events are supported on the environment where we run, and according to that choose which events can be enabled and which can't |
My guess is that clang is causing this, and not go1.19. |
@geyslan can we ? I remember you said you needed 1.19 for your latest changes. |
For sure, |
Alright, I'll give it another hour to see if I can discover what is going on, then if not possible we can try getting a workaround from you (for the release) if you don't mind. Thank you! |
Just don't bother rushing this, since I've pulled #2762 from v0.13. It's not a priority. |
The v419 runner has go1.19 and clang-13 now, I think it will be good. I'm opening an issue for the clang14 + kernel 4.19 issue. |
|
I have opened #2772 for the clang14 + v4.19 issue. Will try to get network events out of the default set when running in a v4.19 kernel (that is not RHEL or similar). |
The default event set includes some net_packet events, but they're not supported in vanilla v4.19 kernels. This patch mitigates this issue by adding all the network related events to an exclusion list during the filter events preparation phase. Fixes: #2771 Note: This mitigation should be removed as soon as tracee has the feature probe mechanism in place.
|
[ERROR] GitHub self host service failed connecting to GitHub. Infrastrcuture team has been updated as wel, please hold until investigation. |
|
@geyslan please merge this once you're okay with e2e tests (at least to consider another merge). |
The default event set includes some net_packet events, but they're not supported in vanilla v4.19 kernels. This patch mitigates this issue by adding all the network related events to an exclusion list during the filter events preparation phase. Fixes: aquasecurity#2771 Note: This mitigation should be removed as soon as 763C tracee has the feature probe mechanism in place.
Description
Commit 0601f09 added network events to the default set but, since the default set is used for all versions, this broke v419 runs, as that version does not support network events.
commit a8a0d37 (HEAD -> v419-fix, rafaeldtinoco/v419-fix)
Author: Rafael David Tinoco rafaeldtinoco@gmail.com
Date: Wed Mar 1 01:59:53 2023
commit e2d52ad
Author: Rafael David Tinoco rafaeldtinoco@gmail.com
Date: Wed Mar 1 02:30:42 2023
commit 03edd7b
Author: Rafael David Tinoco rafaeldtinoco@gmail.com
Date: Wed Mar 1 01:58:30 2023