From 77a2de2b337b9fa502f817ba957b8da8679388d7 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Tue, 24 Jun 2025 16:20:56 +0200 Subject: [PATCH 1/9] Update Falco libs to 0.21.0 The latest version of Falco has a number of changes that are incompatible with collector, biggest ones are: - Removal of the container manager code in favor of a plugin. - Major refactoring of sinsp. In order to make collector compatible again, we had to drop the ContainerEngine that we implemented in favor of a method in the event extractor that will get the container id from the cgroups when it is called. The ContainerMetadata is also essentially dead in the water, since we can't get container metadata without the container plugin. Filtering of events that used to happen in the inspector itself has been moved into collector, since we can't filter events by container id without the container engine. --- collector/lib/ContainerEngine.h | 25 --- collector/lib/ContainerMetadata.cpp | 19 +- collector/lib/NetworkConnection.h | 4 +- collector/lib/NetworkSignalHandler.cpp | 2 +- collector/lib/Process.cpp | 6 +- collector/lib/ProcessSignalFormatter.cpp | 34 ++- collector/lib/Utility.cpp | 9 - collector/lib/Utility.h | 2 - .../lib/system-inspector/EventExtractor.h | 55 ++++- collector/lib/system-inspector/Service.cpp | 15 +- collector/test/ProcessSignalFormatterTest.cpp | 202 +++++++++--------- collector/test/SystemInspectorServiceTest.cpp | 33 +-- falcosecurity-libs | 2 +- 13 files changed, 216 insertions(+), 192 deletions(-) delete mode 100644 collector/lib/ContainerEngine.h diff --git a/collector/lib/ContainerEngine.h b/collector/lib/ContainerEngine.h deleted file mode 100644 index 63978528c9..0000000000 --- a/collector/lib/ContainerEngine.h +++ /dev/null @@ -1,25 +0,0 @@ -#pragma once - -#include "container_engine/container_cache_interface.h" -#include "container_engine/container_engine_base.h" -#include "threadinfo.h" - -namespace collector { -class ContainerEngine : public libsinsp::container_engine::container_engine_base { - public: - ContainerEngine(libsinsp::container_engine::container_cache_interface& cache) : libsinsp::container_engine::container_engine_base(cache) {} - - bool resolve(sinsp_threadinfo* tinfo, bool query_os_for_missing_info) override { - for (const auto& cgroup : tinfo->cgroups()) { - auto container_id = ExtractContainerIDFromCgroup(cgroup.second); - - if (container_id) { - tinfo->m_container_id = *container_id; - return true; - } - } - - return false; - } -}; -} // namespace collector diff --git a/collector/lib/ContainerMetadata.cpp b/collector/lib/ContainerMetadata.cpp index 343e9c6a5a..f6404581d1 100644 --- a/collector/lib/ContainerMetadata.cpp +++ b/collector/lib/ContainerMetadata.cpp @@ -11,8 +11,7 @@ ContainerMetadata::ContainerMetadata(sinsp* inspector) : event_extractor_(std::m } std::string ContainerMetadata::GetNamespace(sinsp_evt* event) { - const char* ns = event_extractor_->get_k8s_namespace(event); - return ns != nullptr ? ns : ""; + return ""; } std::string ContainerMetadata::GetNamespace(const std::string& container_id) { @@ -20,19 +19,7 @@ std::string ContainerMetadata::GetNamespace(const std::string& container_id) { } std::string ContainerMetadata::GetContainerLabel(const std::string& container_id, const std::string& label) { - auto containers = inspector_->m_container_manager.get_containers(); - const auto& container = containers->find(container_id); - if (container == containers->end()) { - return ""; - } - - const auto& labels = container->second->m_labels; - const auto& label_it = labels.find(label); - if (label_it == labels.end()) { - return ""; - } - - return label_it->second; + return ""; } -} // namespace collector \ No newline at end of file +} // namespace collector diff --git a/collector/lib/NetworkConnection.h b/collector/lib/NetworkConnection.h index 3d458ab33a..8d330fff70 100644 --- a/collector/lib/NetworkConnection.h +++ b/collector/lib/NetworkConnection.h @@ -380,8 +380,8 @@ std::ostream& operator<<(std::ostream& os, const ContainerEndpoint& container_en class Connection { public: Connection() : flags_(0) {} - Connection(std::string container, const Endpoint& local, const Endpoint& remote, L4Proto l4proto, bool is_server) - : container_(std::move(container)), local_(local), remote_(remote), flags_((static_cast(l4proto) << 1) | ((is_server) ? 1 : 0)) {} + Connection(std::string_view container, const Endpoint& local, const Endpoint& remote, L4Proto l4proto, bool is_server) + : container_(container), local_(local), remote_(remote), flags_((static_cast(l4proto) << 1) | ((is_server) ? 1 : 0)) {} const std::string& container() const { return container_; } const Endpoint& local() const { return local_; } diff --git a/collector/lib/NetworkSignalHandler.cpp b/collector/lib/NetworkSignalHandler.cpp index df457d5ef5..6899db6d67 100644 --- a/collector/lib/NetworkSignalHandler.cpp +++ b/collector/lib/NetworkSignalHandler.cpp @@ -133,7 +133,7 @@ std::optional NetworkSignalHandler::GetConnection(sinsp_evt* evt) { const Endpoint* local = is_server ? &server : &client; const Endpoint* remote = is_server ? &client : &server; - const std::string* container_id = event_extractor_->get_container_id(evt); + auto container_id = event_extractor_->get_container_id(evt); if (!container_id) { return std::nullopt; } diff --git a/collector/lib/Process.cpp b/collector/lib/Process.cpp index 632d824a03..8d1d580594 100644 --- a/collector/lib/Process.cpp +++ b/collector/lib/Process.cpp @@ -5,6 +5,7 @@ #include #include "CollectorStats.h" +#include "system-inspector/EventExtractor.h" #include "system-inspector/Service.h" namespace collector { @@ -32,7 +33,10 @@ std::string Process::container_id() const { WaitForProcessInfo(); if (system_inspector_threadinfo_) { - return system_inspector_threadinfo_->m_container_id; + auto container_id = system_inspector::EventExtractor::get_container_id(system_inspector_threadinfo_.get()); + if (container_id) { + return std::string{*container_id}; + } } return NOT_AVAILABLE; diff --git a/collector/lib/ProcessSignalFormatter.cpp b/collector/lib/ProcessSignalFormatter.cpp index a588d75bd6..9e3c0e3f1f 100644 --- a/collector/lib/ProcessSignalFormatter.cpp +++ b/collector/lib/ProcessSignalFormatter.cpp @@ -22,6 +22,8 @@ using LineageInfo = ProcessSignalFormatter::LineageInfo; using Timestamp = google::protobuf::Timestamp; using TimeUtil = google::protobuf::util::TimeUtil; +using EventExtractor = system_inspector::EventExtractor; + namespace { enum ProcessSignalType { @@ -59,7 +61,7 @@ std::string extract_proc_args(sinsp_threadinfo* tinfo) { ProcessSignalFormatter::ProcessSignalFormatter( sinsp* inspector, const CollectorConfig& config) : event_names_(EventNames::GetInstance()), - event_extractor_(std::make_unique()), + event_extractor_(std::make_unique()), container_metadata_(inspector), config_(config) { event_extractor_->Init(inspector); @@ -163,10 +165,10 @@ ProcessSignal* ProcessSignalFormatter::CreateProcessSignal(sinsp_evt* event) { } // set user and group id credentials - if (const uint32_t* uid = event_extractor_->get_uid(event)) { + if (auto uid = EventExtractor::get_uid(event)) { signal->set_uid(*uid); } - if (const uint32_t* gid = event_extractor_->get_gid(event)) { + if (auto gid = EventExtractor::get_gid(event)) { signal->set_gid(*gid); } @@ -176,7 +178,7 @@ ProcessSignal* ProcessSignalFormatter::CreateProcessSignal(sinsp_evt* event) { signal->set_allocated_time(timestamp); // set container_id - if (const std::string* container_id = event_extractor_->get_container_id(event)) { + if (auto container_id = EventExtractor::get_container_id(event)) { signal->set_container_id(*container_id); } @@ -232,8 +234,14 @@ ProcessSignal* ProcessSignalFormatter::CreateProcessSignal(sinsp_threadinfo* tin signal->set_pid(tinfo->m_pid); // set user and group id credentials - signal->set_uid(tinfo->m_user.uid()); - signal->set_gid(tinfo->m_group.gid()); + auto uid = EventExtractor::get_uid(tinfo); + if (uid) { + signal->set_uid(*uid); + } + auto gid = EventExtractor::get_gid(tinfo); + if (gid) { + signal->set_gid(*gid); + } // set time auto timestamp = Allocate(); @@ -241,7 +249,10 @@ ProcessSignal* ProcessSignalFormatter::CreateProcessSignal(sinsp_threadinfo* tin signal->set_allocated_time(timestamp); // set container_id - signal->set_container_id(tinfo->m_container_id); + auto container_id = EventExtractor::get_container_id(tinfo); + if (container_id) { + signal->set_container_id(*container_id); + } // set process lineage std::vector lineage; @@ -265,7 +276,7 @@ std::string ProcessSignalFormatter::ProcessDetails(sinsp_evt* event) { std::stringstream ss; const std::string* path = event_extractor_->get_exepath(event); const std::string* name = event_extractor_->get_comm(event); - const std::string* container_id = event_extractor_->get_container_id(event); + auto container_id = EventExtractor::get_container_id(event); const char* args = event_extractor_->get_proc_args(event); const int64_t* pid = event_extractor_->get_pid(event); @@ -347,7 +358,7 @@ void ProcessSignalFormatter::GetProcessLineage(sinsp_threadinfo* tinfo, // all platforms. // if (pt->m_vpid == 0) { - if (pt->m_container_id.empty()) { + if (!EventExtractor::get_container_id(pt)) { return false; } } else if (pt->m_pid == pt->m_vpid) { @@ -361,7 +372,10 @@ void ProcessSignalFormatter::GetProcessLineage(sinsp_threadinfo* tinfo, // Collapse parent child processes that have the same path if (lineage.empty() || (lineage.back().parent_exec_file_path() != pt->m_exepath)) { LineageInfo info; - info.set_parent_uid(pt->m_user.uid()); + auto uid = EventExtractor::get_uid(pt); + if (uid) { + info.set_parent_uid(*uid); + } info.set_parent_exec_file_path(pt->m_exepath); lineage.push_back(info); } diff --git a/collector/lib/Utility.cpp b/collector/lib/Utility.cpp index 26832eada8..a4712e6a70 100644 --- a/collector/lib/Utility.cpp +++ b/collector/lib/Utility.cpp @@ -57,15 +57,6 @@ const char* SignalName(int signum) { } } -std::ostream& operator<<(std::ostream& os, const sinsp_threadinfo* t) { - if (t) { - os << "Container: \"" << t->m_container_id << "\", Name: " << t->m_comm << ", PID: " << t->m_pid << ", Args: " << t->m_exe; - } else { - os << "NULL\n"; - } - return os; -} - const char* UUIDStr() { uuid_t uuid; constexpr int kUuidStringLength = 36; // uuid_unparse manpage says so. diff --git a/collector/lib/Utility.h b/collector/lib/Utility.h index 04be8cd480..5cdff7ac7c 100644 --- a/collector/lib/Utility.h +++ b/collector/lib/Utility.h @@ -63,8 +63,6 @@ std::string Str(Args&&... args) { return string_stream.str(); } -std::ostream& operator<<(std::ostream& os, const sinsp_threadinfo* t); - // UUIDStr returns UUID in string format. const char* UUIDStr(); diff --git a/collector/lib/system-inspector/EventExtractor.h b/collector/lib/system-inspector/EventExtractor.h index 94d129befc..867de9ce45 100644 --- a/collector/lib/system-inspector/EventExtractor.h +++ b/collector/lib/system-inspector/EventExtractor.h @@ -7,6 +7,8 @@ #include "libsinsp/sinsp.h" #include "Logging.h" +#include "Utility.h" +#include "threadinfo.h" namespace collector::system_inspector { @@ -129,16 +131,11 @@ class EventExtractor { // // ADD ANY NEW FIELDS BELOW THIS LINE - // Container related fields - TINFO_FIELD(container_id); - // Process related fields TINFO_FIELD(comm); TINFO_FIELD(exe); TINFO_FIELD(exepath); TINFO_FIELD(pid); - TINFO_FIELD_RAW_GETTER(uid, m_user.uid, uint32_t); - TINFO_FIELD_RAW_GETTER(gid, m_group.gid, uint32_t); FIELD_CSTR(proc_args, "proc.args"); // General event information @@ -148,15 +145,57 @@ class EventExtractor { FIELD_RAW_SAFE(client_port, "fd.cport", uint16_t); FIELD_RAW_SAFE(server_port, "fd.sport", uint16_t); - // k8s metadata - FIELD_CSTR(k8s_namespace, "k8s.ns.name"); - #undef TINFO_FIELD #undef FIELD_RAW #undef FIELD_CSTR #undef EVT_ARG #undef EVT_ARG_RAW #undef DECLARE_FILTER_CHECK + + public: + static std::optional get_container_id(const sinsp_threadinfo* tinfo) { + for (const auto& [_, cgroup] : tinfo->cgroups()) { + auto container_id = ExtractContainerIDFromCgroup(cgroup); + if (container_id) { + return container_id; + } + } + + return {}; + } + + static std::optional get_container_id(const sinsp_evt* evt) { + const auto* tinfo = evt->get_tinfo(); + if (tinfo == nullptr) { + return {}; + } + + return get_container_id(tinfo); + } + + static std::optional get_uid(sinsp_threadinfo* tinfo) { + return tinfo->m_uid; + } + + static std::optional get_uid(sinsp_evt* evt) { + auto* tinfo = evt->get_tinfo(); + if (tinfo == nullptr) { + return {}; + } + return get_uid(tinfo); + } + + static std::optional get_gid(sinsp_threadinfo* tinfo) { + return tinfo->m_gid; + } + + static std::optional get_gid(sinsp_evt* evt) { + auto* tinfo = evt->get_tinfo(); + if (tinfo == nullptr) { + return {}; + } + return get_gid(tinfo); + } }; } // namespace collector::system_inspector diff --git a/collector/lib/system-inspector/Service.cpp b/collector/lib/system-inspector/Service.cpp index 95c0394416..aee1aca6de 100644 --- a/collector/lib/system-inspector/Service.cpp +++ b/collector/lib/system-inspector/Service.cpp @@ -6,7 +6,6 @@ #include -#include "libsinsp/container_engine/sinsp_container_type.h" #include "libsinsp/parsers.h" #include "libsinsp/sinsp.h" @@ -15,7 +14,6 @@ #include "CollectionMethod.h" #include "CollectorException.h" #include "CollectorStats.h" -#include "ContainerEngine.h" #include "ContainerMetadata.h" #include "EventExtractor.h" #include "EventNames.h" @@ -50,7 +48,7 @@ Service::Service(const CollectorConfig& config) inspector_->disable_log_timestamps(); inspector_->set_log_callback(logging::InspectorLogCallback); - inspector_->set_import_users(config.ImportUsers(), false); + inspector_->set_import_users(config.ImportUsers()); inspector_->set_thread_timeout_s(30); inspector_->set_auto_threads_purging_interval_s(60); inspector_->m_thread_manager->set_max_thread_table_size(config.GetSinspThreadCacheSize()); @@ -62,6 +60,7 @@ Service::Service(const CollectorConfig& config) inspector_->get_parser()->set_track_connection_status(true); } + /* if (config.EnableRuntimeConfig()) { uint64_t mask = 1 << CT_CRI | 1 << CT_CRIO | @@ -87,6 +86,7 @@ Service::Service(const CollectorConfig& config) } inspector_->set_filter("container.id != 'host'"); + */ // The self-check handlers should only operate during start up, // so they are added to the handler list first, so they have access @@ -160,6 +160,12 @@ sinsp_evt* Service::GetNext() { return nullptr; } + // If there is no container id, this is an event from the host. + // We ignore these for now. + if (!EventExtractor::get_container_id(event)) { + return nullptr; + } + userspace_stats_.event_parse_micros[event->get_type()] += (NowMicros() - parse_start); ++userspace_stats_.nUserspaceEvents[event->get_type()]; @@ -296,7 +302,8 @@ bool Service::SendExistingProcesses(SignalHandler* handler) { } return threads->loop([&](sinsp_threadinfo& tinfo) { - if (!tinfo.m_container_id.empty() && tinfo.is_main_thread()) { + auto container_id = EventExtractor::get_container_id(&tinfo); + if (container_id && tinfo.is_main_thread()) { auto result = handler->HandleExistingProcess(&tinfo); if (result == SignalHandler::ERROR || result == SignalHandler::NEEDS_REFRESH) { CLOG(WARNING) << "Failed to write existing process signal: " << &tinfo; diff --git a/collector/test/ProcessSignalFormatterTest.cpp b/collector/test/ProcessSignalFormatterTest.cpp index 68e1fcb9c7..e8caf1f5a4 100644 --- a/collector/test/ProcessSignalFormatterTest.cpp +++ b/collector/test/ProcessSignalFormatterTest.cpp @@ -1,5 +1,6 @@ // clang-format off #include +#include #include "libsinsp/sinsp.h" // clang-format on @@ -54,15 +55,15 @@ TEST(ProcessSignalFormatterTest, ProcessWithoutParentTest) { ProcessSignalFormatter processSignalFormatter(inspector.get(), config); - auto tinfo = inspector->build_threadinfo(); + auto tinfo = inspector->get_threadinfo_factory().create(); tinfo->m_pid = 0; tinfo->m_tid = 0; tinfo->m_ptid = -1; tinfo->m_vpid = 2; - tinfo->m_user.set_uid(7); + tinfo->m_uid = 7; tinfo->m_exepath = "qwerty"; - inspector->add_thread(std::move(tinfo)); + inspector->m_thread_manager->add_thread(std::move(tinfo), false); std::vector lineage; processSignalFormatter.GetProcessLineage(inspector->get_thread_ref(0).get(), lineage); @@ -89,22 +90,23 @@ TEST(ProcessSignalFormatterTest, ProcessWithParentTest) { ProcessSignalFormatter processSignalFormatter(inspector.get(), config); - auto tinfo = inspector->build_threadinfo(); + auto threadinfo_factory = inspector->get_threadinfo_factory(); + auto tinfo = threadinfo_factory.create(); tinfo->m_pid = 3; tinfo->m_tid = 3; tinfo->m_ptid = -1; tinfo->m_vpid = 1; - tinfo->m_user.set_uid(42); + tinfo->m_uid = 42; tinfo->m_exepath = "asdf"; - auto tinfo2 = inspector->build_threadinfo(); + auto tinfo2 = threadinfo_factory.create(); tinfo2->m_pid = 1; tinfo2->m_tid = 1; tinfo2->m_ptid = 3; tinfo2->m_vpid = 2; - tinfo2->m_user.set_uid(7); + tinfo2->m_uid = 7; tinfo2->m_exepath = "qwerty"; - inspector->add_thread(std::move(tinfo)); - inspector->add_thread(std::move(tinfo2)); + inspector->m_thread_manager->add_thread(std::move(tinfo), false); + inspector->m_thread_manager->add_thread(std::move(tinfo2), false); std::vector lineage; processSignalFormatter.GetProcessLineage(inspector->get_thread_ref(1).get(), lineage); @@ -134,20 +136,21 @@ TEST(ProcessSignalFormatterTest, ProcessWithParentWithPid0Test) { ProcessSignalFormatter processSignalFormatter(inspector.get(), config); - auto tinfo = inspector->build_threadinfo(); + auto threadinfo_factory = inspector->get_threadinfo_factory(); + auto tinfo = threadinfo_factory.create(); tinfo->m_pid = 0; tinfo->m_tid = 0; tinfo->m_ptid = -1; tinfo->m_vpid = 1; tinfo->m_exepath = "asdf"; - auto tinfo2 = inspector->build_threadinfo(); + auto tinfo2 = threadinfo_factory.create(); tinfo2->m_pid = 1; tinfo2->m_tid = 1; tinfo2->m_ptid = 0; tinfo2->m_vpid = 2; tinfo2->m_exepath = "qwerty"; - inspector->add_thread(std::move(tinfo)); - inspector->add_thread(std::move(tinfo2)); + inspector->m_thread_manager->add_thread(std::move(tinfo), false); + inspector->m_thread_manager->add_thread(std::move(tinfo2), false); std::vector lineage; processSignalFormatter.GetProcessLineage(inspector->get_thread_ref(1).get(), lineage); @@ -174,22 +177,23 @@ TEST(ProcessSignalFormatterTest, ProcessWithParentWithSameNameTest) { ProcessSignalFormatter processSignalFormatter(inspector.get(), config); - auto tinfo = inspector->build_threadinfo(); + auto threadinfo_factory = inspector->get_threadinfo_factory(); + auto tinfo = threadinfo_factory.create(); tinfo->m_pid = 3; tinfo->m_tid = 3; tinfo->m_ptid = -1; tinfo->m_vpid = 1; - tinfo->m_user.set_uid(43); + tinfo->m_uid = 43; tinfo->m_exepath = "asdf"; - auto tinfo2 = inspector->build_threadinfo(); + auto tinfo2 = threadinfo_factory.create(); tinfo2->m_pid = 1; tinfo2->m_tid = 1; tinfo2->m_ptid = 3; tinfo2->m_vpid = 2; - tinfo2->m_user.set_uid(42); + tinfo2->m_uid = 42; tinfo2->m_exepath = "asdf"; - inspector->add_thread(std::move(tinfo)); - inspector->add_thread(std::move(tinfo2)); + inspector->m_thread_manager->add_thread(std::move(tinfo), false); + inspector->m_thread_manager->add_thread(std::move(tinfo2), false); std::vector lineage; processSignalFormatter.GetProcessLineage(inspector->get_thread_ref(1).get(), lineage); @@ -219,33 +223,34 @@ TEST(ProcessSignalFormatterTest, ProcessWithTwoParentsTest) { ProcessSignalFormatter processSignalFormatter(inspector.get(), config); - auto tinfo = inspector->build_threadinfo(); + auto threadinfo_factory = inspector->get_threadinfo_factory(); + auto tinfo = threadinfo_factory.create(); tinfo->m_pid = 3; tinfo->m_tid = 3; tinfo->m_ptid = -1; tinfo->m_vpid = 1; - tinfo->m_user.set_uid(42); + tinfo->m_uid = 42; tinfo->m_exepath = "asdf"; - auto tinfo2 = inspector->build_threadinfo(); + auto tinfo2 = threadinfo_factory.create(); tinfo2->m_pid = 1; tinfo2->m_tid = 1; tinfo2->m_ptid = 3; tinfo2->m_vpid = 2; - tinfo2->m_user.set_uid(7); + tinfo2->m_uid = 7; tinfo2->m_exepath = "qwerty"; - auto tinfo3 = inspector->build_threadinfo(); + auto tinfo3 = threadinfo_factory.create(); tinfo3->m_pid = 4; tinfo3->m_tid = 4; tinfo3->m_ptid = 1; tinfo3->m_vpid = 9; - tinfo3->m_user.set_uid(8); + tinfo3->m_uid = 8; tinfo3->m_exepath = "uiop"; - inspector->add_thread(std::move(tinfo)); - inspector->add_thread(std::move(tinfo2)); - inspector->add_thread(std::move(tinfo3)); + inspector->m_thread_manager->add_thread(std::move(tinfo), false); + inspector->m_thread_manager->add_thread(std::move(tinfo2), false); + inspector->m_thread_manager->add_thread(std::move(tinfo3), false); std::vector lineage; processSignalFormatter.GetProcessLineage(inspector->get_thread_ref(4).get(), lineage); @@ -278,33 +283,34 @@ TEST(ProcessSignalFormatterTest, ProcessWithTwoParentsWithTheSameNameTest) { ProcessSignalFormatter processSignalFormatter(inspector.get(), config); - auto tinfo = inspector->build_threadinfo(); + auto threadinfo_factory = inspector->get_threadinfo_factory(); + auto tinfo = threadinfo_factory.create(); tinfo->m_pid = 3; tinfo->m_tid = 3; tinfo->m_ptid = -1; tinfo->m_vpid = 1; - tinfo->m_user.set_uid(42); + tinfo->m_uid = 42; tinfo->m_exepath = "asdf"; - auto tinfo2 = inspector->build_threadinfo(); + auto tinfo2 = threadinfo_factory.create(); tinfo2->m_pid = 1; tinfo2->m_tid = 1; tinfo2->m_ptid = 3; tinfo2->m_vpid = 2; - tinfo2->m_user.set_uid(7); + tinfo2->m_uid = 7; tinfo2->m_exepath = "asdf"; - auto tinfo3 = inspector->build_threadinfo(); + auto tinfo3 = threadinfo_factory.create(); tinfo3->m_pid = 4; tinfo3->m_tid = 4; tinfo3->m_ptid = 1; tinfo3->m_vpid = 9; - tinfo3->m_user.set_uid(8); + tinfo3->m_uid = 8; tinfo3->m_exepath = "asdf"; - inspector->add_thread(std::move(tinfo)); - inspector->add_thread(std::move(tinfo2)); - inspector->add_thread(std::move(tinfo3)); + inspector->m_thread_manager->add_thread(std::move(tinfo), false); + inspector->m_thread_manager->add_thread(std::move(tinfo2), false); + inspector->m_thread_manager->add_thread(std::move(tinfo3), false); std::vector lineage; processSignalFormatter.GetProcessLineage(inspector->get_thread_ref(4).get(), lineage); @@ -334,42 +340,43 @@ TEST(ProcessSignalFormatterTest, ProcessCollapseParentChildWithSameNameTest) { ProcessSignalFormatter processSignalFormatter(inspector.get(), config); - auto tinfo = inspector->build_threadinfo(); + auto threadinfo_factory = inspector->get_threadinfo_factory(); + auto tinfo = threadinfo_factory.create(); tinfo->m_pid = 3; tinfo->m_tid = 3; tinfo->m_ptid = -1; tinfo->m_vpid = 1; - tinfo->m_user.set_uid(42); + tinfo->m_uid = 42; tinfo->m_exepath = "asdf"; - auto tinfo2 = inspector->build_threadinfo(); + auto tinfo2 = threadinfo_factory.create(); tinfo2->m_pid = 1; tinfo2->m_tid = 1; tinfo2->m_ptid = 3; tinfo2->m_vpid = 2; - tinfo2->m_user.set_uid(7); + tinfo2->m_uid = 7; tinfo2->m_exepath = "asdf"; - auto tinfo3 = inspector->build_threadinfo(); + auto tinfo3 = threadinfo_factory.create(); tinfo3->m_pid = 4; tinfo3->m_tid = 4; tinfo3->m_ptid = 1; tinfo3->m_vpid = 9; - tinfo3->m_user.set_uid(8); + tinfo3->m_uid = 8; tinfo3->m_exepath = "asdf"; - auto tinfo4 = inspector->build_threadinfo(); + auto tinfo4 = threadinfo_factory.create(); tinfo4->m_pid = 5; tinfo4->m_tid = 5; tinfo4->m_ptid = 4; tinfo4->m_vpid = 10; - tinfo4->m_user.set_uid(9); + tinfo4->m_uid = 9; tinfo4->m_exepath = "qwerty"; - inspector->add_thread(std::move(tinfo)); - inspector->add_thread(std::move(tinfo2)); - inspector->add_thread(std::move(tinfo3)); - inspector->add_thread(std::move(tinfo4)); + inspector->m_thread_manager->add_thread(std::move(tinfo), false); + inspector->m_thread_manager->add_thread(std::move(tinfo2), false); + inspector->m_thread_manager->add_thread(std::move(tinfo3), false); + inspector->m_thread_manager->add_thread(std::move(tinfo4), false); std::vector lineage; processSignalFormatter.GetProcessLineage(inspector->get_thread_ref(5).get(), lineage); @@ -399,42 +406,43 @@ TEST(ProcessSignalFormatterTest, ProcessCollapseParentChildWithSameName2Test) { ProcessSignalFormatter processSignalFormatter(inspector.get(), config); - auto tinfo = inspector->build_threadinfo(); + auto threadinfo_factory = inspector->get_threadinfo_factory(); + auto tinfo = threadinfo_factory.create(); tinfo->m_pid = 3; tinfo->m_tid = 3; tinfo->m_ptid = -1; tinfo->m_vpid = 1; - tinfo->m_user.set_uid(42); + tinfo->m_uid = 42; tinfo->m_exepath = "qwerty"; - auto tinfo2 = inspector->build_threadinfo(); + auto tinfo2 = threadinfo_factory.create(); tinfo2->m_pid = 1; tinfo2->m_tid = 1; tinfo2->m_ptid = 3; tinfo2->m_vpid = 2; - tinfo2->m_user.set_uid(7); + tinfo2->m_uid = 7; tinfo2->m_exepath = "asdf"; - auto tinfo3 = inspector->build_threadinfo(); + auto tinfo3 = threadinfo_factory.create(); tinfo3->m_pid = 4; tinfo3->m_tid = 4; tinfo3->m_ptid = 1; tinfo3->m_vpid = 9; - tinfo3->m_user.set_uid(8); + tinfo3->m_uid = 8; tinfo3->m_exepath = "asdf"; - auto tinfo4 = inspector->build_threadinfo(); + auto tinfo4 = threadinfo_factory.create(); tinfo4->m_pid = 5; tinfo4->m_tid = 5; tinfo4->m_ptid = 4; tinfo4->m_vpid = 10; - tinfo4->m_user.set_uid(9); + tinfo4->m_uid = 9; tinfo4->m_exepath = "asdf"; - inspector->add_thread(std::move(tinfo)); - inspector->add_thread(std::move(tinfo2)); - inspector->add_thread(std::move(tinfo3)); - inspector->add_thread(std::move(tinfo4)); + inspector->m_thread_manager->add_thread(std::move(tinfo), false); + inspector->m_thread_manager->add_thread(std::move(tinfo2), false); + inspector->m_thread_manager->add_thread(std::move(tinfo3), false); + inspector->m_thread_manager->add_thread(std::move(tinfo4), false); std::vector lineage; processSignalFormatter.GetProcessLineage(inspector->get_thread_ref(5).get(), lineage); @@ -467,42 +475,43 @@ TEST(ProcessSignalFormatterTest, ProcessWithUnrelatedProcessTest) { ProcessSignalFormatter processSignalFormatter(inspector.get(), config); - auto tinfo = inspector->build_threadinfo(); + auto threadinfo_factory = inspector->get_threadinfo_factory(); + auto tinfo = threadinfo_factory.create(); tinfo->m_pid = 3; tinfo->m_tid = 3; tinfo->m_ptid = -1; tinfo->m_vpid = 1; - tinfo->m_user.set_uid(42); + tinfo->m_uid = 42; tinfo->m_exepath = "qwerty"; - auto tinfo2 = inspector->build_threadinfo(); + auto tinfo2 = threadinfo_factory.create(); tinfo2->m_pid = 1; tinfo2->m_tid = 1; tinfo2->m_ptid = 3; tinfo2->m_vpid = 2; - tinfo2->m_user.set_uid(7); + tinfo2->m_uid = 7; tinfo2->m_exepath = "asdf"; - auto tinfo3 = inspector->build_threadinfo(); + auto tinfo3 = threadinfo_factory.create(); tinfo3->m_pid = 4; tinfo3->m_tid = 4; tinfo3->m_ptid = 1; tinfo3->m_vpid = 9; - tinfo3->m_user.set_uid(8); + tinfo3->m_uid = 8; tinfo3->m_exepath = "uiop"; - auto tinfo4 = inspector->build_threadinfo(); + auto tinfo4 = threadinfo_factory.create(); tinfo4->m_pid = 5; tinfo4->m_tid = 5; tinfo4->m_ptid = 555; tinfo4->m_vpid = 10; - tinfo4->m_user.set_uid(9); + tinfo4->m_uid = 9; tinfo4->m_exepath = "jkl;"; - inspector->add_thread(std::move(tinfo)); - inspector->add_thread(std::move(tinfo2)); - inspector->add_thread(std::move(tinfo3)); - inspector->add_thread(std::move(tinfo4)); + inspector->m_thread_manager->add_thread(std::move(tinfo), false); + inspector->m_thread_manager->add_thread(std::move(tinfo2), false); + inspector->m_thread_manager->add_thread(std::move(tinfo3), false); + inspector->m_thread_manager->add_thread(std::move(tinfo4), false); std::vector lineage; processSignalFormatter.GetProcessLineage(inspector->get_thread_ref(4).get(), lineage); @@ -535,28 +544,29 @@ TEST(ProcessSignalFormatterTest, CountTwoCounterCallsTest) { ProcessSignalFormatter processSignalFormatter(inspector.get(), config); - auto tinfo = inspector->build_threadinfo(); + auto threadinfo_factory = inspector->get_threadinfo_factory(); + auto tinfo = threadinfo_factory.create(); tinfo->m_pid = 1; tinfo->m_tid = 1; tinfo->m_ptid = 555; tinfo->m_vpid = 10; - tinfo->m_user.set_uid(9); + tinfo->m_uid = 9; tinfo->m_exepath = "jkl;"; - inspector->add_thread(std::move(tinfo)); + inspector->m_thread_manager->add_thread(std::move(tinfo), false); std::vector lineage; processSignalFormatter.GetProcessLineage(inspector->get_thread_ref(1).get(), lineage); - auto tinfo2 = inspector->build_threadinfo(); + auto tinfo2 = threadinfo_factory.create(); tinfo2->m_pid = 2; tinfo2->m_tid = 2; tinfo2->m_ptid = 555; tinfo2->m_vpid = 10; - tinfo2->m_user.set_uid(9); + tinfo2->m_uid = 9; tinfo2->m_exepath = "jkl;"; - inspector->add_thread(std::move(tinfo2)); + inspector->m_thread_manager->add_thread(std::move(tinfo2), false); std::vector lineage2; processSignalFormatter.GetProcessLineage(inspector->get_thread_ref(2).get(), lineage2); @@ -583,36 +593,36 @@ TEST(ProcessSignalFormatterTest, Rox3377ProcessLineageWithNoVPidTest) { ProcessSignalFormatter processSignalFormatter(inspector.get(), config); - auto tinfo = inspector->build_threadinfo(); + auto threadinfo_factory = inspector->get_threadinfo_factory(); + auto tinfo = threadinfo_factory.create(); tinfo->m_pid = 3; tinfo->m_tid = 3; tinfo->m_ptid = -1; tinfo->m_vpid = 0; - tinfo->m_user.set_uid(42); - tinfo->m_container_id = ""; + tinfo->m_uid = 42; tinfo->m_exepath = "qwerty"; - auto tinfo2 = inspector->build_threadinfo(); + auto tinfo2 = threadinfo_factory.create(); tinfo2->m_pid = 1; tinfo2->m_tid = 1; tinfo2->m_ptid = 3; tinfo2->m_vpid = 0; - tinfo2->m_user.set_uid(7); - tinfo2->m_container_id = "id"; + tinfo2->m_uid = 7; + tinfo2->set_cgroups(sinsp_threadinfo::cgroups_t{{"mock", "/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"}}); tinfo2->m_exepath = "asdf"; - auto tinfo3 = inspector->build_threadinfo(); + auto tinfo3 = threadinfo_factory.create(); tinfo3->m_pid = 4; tinfo3->m_tid = 4; tinfo3->m_ptid = 1; tinfo3->m_vpid = 0; - tinfo3->m_user.set_uid(8); - tinfo3->m_container_id = "id"; + tinfo3->m_uid = 8; + tinfo3->set_cgroups(sinsp_threadinfo::cgroups_t{{"mock", "/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"}}); tinfo3->m_exepath = "uiop"; - inspector->add_thread(std::move(tinfo)); - inspector->add_thread(std::move(tinfo2)); - inspector->add_thread(std::move(tinfo3)); + inspector->m_thread_manager->add_thread(std::move(tinfo), false); + inspector->m_thread_manager->add_thread(std::move(tinfo2), false); + inspector->m_thread_manager->add_thread(std::move(tinfo3), false); std::vector lineage; processSignalFormatter.GetProcessLineage(inspector->get_thread_ref(4).get(), lineage); @@ -641,13 +651,12 @@ TEST(ProcessSignalFormatterTest, ProcessArguments) { ProcessSignalFormatter processSignalFormatter(inspector.get(), config); - auto tinfo = inspector->build_threadinfo(); + auto tinfo = inspector->get_threadinfo_factory().create(); tinfo->m_pid = 3; tinfo->m_tid = 3; tinfo->m_ptid = -1; tinfo->m_vpid = 0; - tinfo->m_user.set_uid(42); - tinfo->m_container_id = ""; + tinfo->m_uid = 42; tinfo->m_exepath = "qwerty"; std::vector args = {std::string("args")}; @@ -671,13 +680,12 @@ TEST(ProcessSignalFormatterTest, NoProcessArguments) { config.SetDisableProcessArguments(true); ProcessSignalFormatter processSignalFormatter(inspector.get(), config); - auto tinfo = inspector->build_threadinfo(); + auto tinfo = inspector->get_threadinfo_factory().create(); tinfo->m_pid = 3; tinfo->m_tid = 3; tinfo->m_ptid = -1; tinfo->m_vpid = 0; - tinfo->m_user.set_uid(42); - tinfo->m_container_id = ""; + tinfo->m_uid = 42; tinfo->m_exepath = "qwerty"; std::vector args = {std::string("args")}; diff --git a/collector/test/SystemInspectorServiceTest.cpp b/collector/test/SystemInspectorServiceTest.cpp index a6ed01e2e1..4d256d51b1 100644 --- a/collector/test/SystemInspectorServiceTest.cpp +++ b/collector/test/SystemInspectorServiceTest.cpp @@ -8,31 +8,32 @@ namespace collector::system_inspector { TEST(SystemInspectorServiceTest, FilterEvent) { std::unique_ptr inspector(new sinsp()); - sinsp_threadinfo regular_process(inspector.get()); - regular_process.m_exepath = "/bin/busybox"; - regular_process.m_comm = "sleep"; + auto factory = inspector->get_threadinfo_factory(); + auto regular_process = factory.create(); + regular_process->m_exepath = "/bin/busybox"; + regular_process->m_comm = "sleep"; - sinsp_threadinfo runc_process(inspector.get()); - runc_process.m_exepath = "runc"; - runc_process.m_comm = "6"; + auto runc_process = factory.create(); + runc_process->m_exepath = "runc"; + runc_process->m_comm = "6"; - sinsp_threadinfo proc_self_process(inspector.get()); - proc_self_process.m_exepath = "/proc/self/exe"; - proc_self_process.m_comm = "6"; + auto proc_self_process = factory.create(); + proc_self_process->m_exepath = "/proc/self/exe"; + proc_self_process->m_comm = "6"; - sinsp_threadinfo memfd_process(inspector.get()); - memfd_process.m_exepath = "memfd:runc_cloned:/proc/self/exe"; - memfd_process.m_comm = "6"; + auto memfd_process = factory.create(); + memfd_process->m_exepath = "memfd:runc_cloned:/proc/self/exe"; + memfd_process->m_comm = "6"; struct test_t { const sinsp_threadinfo* tinfo; bool expected; }; std::vector tests{ - {®ular_process, true}, - {&runc_process, false}, - {&proc_self_process, false}, - {&memfd_process, false}, + {regular_process.get(), true}, + {runc_process.get(), false}, + {proc_self_process.get(), false}, + {memfd_process.get(), false}, }; for (const auto& t : tests) { diff --git a/falcosecurity-libs b/falcosecurity-libs index 8681c918e3..c12dd2d7dd 160000 --- a/falcosecurity-libs +++ b/falcosecurity-libs @@ -1 +1 @@ -Subproject commit 8681c918e3b2c3510475e5f6331cc594f32e89f6 +Subproject commit c12dd2d7ddfb119d7431316cc9b1c7b1808a8e81 From 0a6986226576692cd3d5624d3a740dd659562029 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 27 Jun 2025 12:33:29 +0200 Subject: [PATCH 2/9] Fix TestUdpNetworkFlow --- falcosecurity-libs | 2 +- integration-tests/suites/udp_networkflow.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/falcosecurity-libs b/falcosecurity-libs index c12dd2d7dd..6f7a24a9cc 160000 --- a/falcosecurity-libs +++ b/falcosecurity-libs @@ -1 +1 @@ -Subproject commit c12dd2d7ddfb119d7431316cc9b1c7b1808a8e81 +Subproject commit 6f7a24a9cc6ba8af3046c3591ae790f0d54efca9 diff --git a/integration-tests/suites/udp_networkflow.go b/integration-tests/suites/udp_networkflow.go index adfd664d62..1bd8a71096 100644 --- a/integration-tests/suites/udp_networkflow.go +++ b/integration-tests/suites/udp_networkflow.go @@ -164,11 +164,11 @@ func (s *UdpNetworkFlow) TestMultipleDestinations() { // We give a big period here to ensure the syscall happens just once // Due to an implementation restriction, the total number of messages - // sent must be less than 32. + // sent must be less than 16. client := s.runClient(config.ContainerStartConfig{ Name: UDP_CLIENT, Image: image, - Command: newClientCmd("sendmmsg", "300", "8", servers...), + Command: newClientCmd("sendmmsg", "300", "4", servers...), Entrypoint: []string{"udp-client"}, }) log.Info("Client: %s\n", client.String()) From 59a3a70eef5b77624325405891f5cbed8f7ccc29 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 27 Jun 2025 15:00:30 +0200 Subject: [PATCH 3/9] Skip k8s namespace tests --- integration-tests/k8s_test.go | 1 + integration-tests/suites/k8s/namespace.go | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/integration-tests/k8s_test.go b/integration-tests/k8s_test.go index d9972e07ed..9d5d60f104 100644 --- a/integration-tests/k8s_test.go +++ b/integration-tests/k8s_test.go @@ -12,6 +12,7 @@ import ( ) func TestK8sNamespace(t *testing.T) { + t.Skip("Skipping test") if testing.Short() { t.Skip("Not running k8s in short mode") } diff --git a/integration-tests/suites/k8s/namespace.go b/integration-tests/suites/k8s/namespace.go index 5b94df3a5e..655f17aef3 100644 --- a/integration-tests/suites/k8s/namespace.go +++ b/integration-tests/suites/k8s/namespace.go @@ -14,7 +14,7 @@ import ( type NamespaceTest struct { containerID string - expectecNamespace string + expectedNamespace string } type K8sNamespaceTestSuite struct { @@ -47,7 +47,7 @@ func (k *K8sNamespaceTestSuite) SetupSuite() { k.tests = append(k.tests, NamespaceTest{ containerID: k.Collector().ContainerID(), - expectecNamespace: collector.TEST_NAMESPACE, + expectedNamespace: collector.TEST_NAMESPACE, }) k.createTargetNamespace() @@ -55,7 +55,7 @@ func (k *K8sNamespaceTestSuite) SetupSuite() { k.Require().Len(nginxID, 12) k.tests = append(k.tests, NamespaceTest{ containerID: nginxID, - expectecNamespace: NAMESPACE, + expectedNamespace: NAMESPACE, }) } @@ -81,7 +81,7 @@ func (k *K8sNamespaceTestSuite) TestK8sNamespace() { k.Require().True(ok) namespace, ok := namespaceInterface.(string) k.Require().True(ok) - k.Require().Equal(namespace, tt.expectecNamespace) + k.Require().Equal(namespace, tt.expectedNamespace) } } From b06c9156330b6df6e107e38fe81147eabd010e60 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 27 Jun 2025 16:31:00 +0200 Subject: [PATCH 4/9] Bump Falco version --- falcosecurity-libs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/falcosecurity-libs b/falcosecurity-libs index 6f7a24a9cc..36e8700c2c 160000 --- a/falcosecurity-libs +++ b/falcosecurity-libs @@ -1 +1 @@ -Subproject commit 6f7a24a9cc6ba8af3046c3591ae790f0d54efca9 +Subproject commit 36e8700c2cbf282e8cb907f0bfd52545128ccf36 From b2e915f20960984eb6f68ab9af796439875a36b0 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Fri, 27 Jun 2025 16:40:56 +0200 Subject: [PATCH 5/9] Simplify uid and gid handling --- collector/lib/ProcessSignalFormatter.cpp | 19 ++++---------- .../lib/system-inspector/EventExtractor.h | 26 ++----------------- 2 files changed, 7 insertions(+), 38 deletions(-) diff --git a/collector/lib/ProcessSignalFormatter.cpp b/collector/lib/ProcessSignalFormatter.cpp index 9e3c0e3f1f..febb2e8777 100644 --- a/collector/lib/ProcessSignalFormatter.cpp +++ b/collector/lib/ProcessSignalFormatter.cpp @@ -165,10 +165,10 @@ ProcessSignal* ProcessSignalFormatter::CreateProcessSignal(sinsp_evt* event) { } // set user and group id credentials - if (auto uid = EventExtractor::get_uid(event)) { + if (const uint32_t* uid = event_extractor_->get_uid(event)) { signal->set_uid(*uid); } - if (auto gid = EventExtractor::get_gid(event)) { + if (const uint32_t* gid = event_extractor_->get_uid(event)) { signal->set_gid(*gid); } @@ -234,14 +234,8 @@ ProcessSignal* ProcessSignalFormatter::CreateProcessSignal(sinsp_threadinfo* tin signal->set_pid(tinfo->m_pid); // set user and group id credentials - auto uid = EventExtractor::get_uid(tinfo); - if (uid) { - signal->set_uid(*uid); - } - auto gid = EventExtractor::get_gid(tinfo); - if (gid) { - signal->set_gid(*gid); - } + signal->set_uid(tinfo->m_uid); + signal->set_gid(tinfo->m_gid); // set time auto timestamp = Allocate(); @@ -372,10 +366,7 @@ void ProcessSignalFormatter::GetProcessLineage(sinsp_threadinfo* tinfo, // Collapse parent child processes that have the same path if (lineage.empty() || (lineage.back().parent_exec_file_path() != pt->m_exepath)) { LineageInfo info; - auto uid = EventExtractor::get_uid(pt); - if (uid) { - info.set_parent_uid(*uid); - } + info.set_parent_uid(pt->m_uid); info.set_parent_exec_file_path(pt->m_exepath); lineage.push_back(info); } diff --git a/collector/lib/system-inspector/EventExtractor.h b/collector/lib/system-inspector/EventExtractor.h index 867de9ce45..60fecff80f 100644 --- a/collector/lib/system-inspector/EventExtractor.h +++ b/collector/lib/system-inspector/EventExtractor.h @@ -136,6 +136,8 @@ class EventExtractor { TINFO_FIELD(exe); TINFO_FIELD(exepath); TINFO_FIELD(pid); + TINFO_FIELD_RAW(uid, m_uid, uint32_t); + TINFO_FIELD_RAW(gid, m_gid, uint32_t); FIELD_CSTR(proc_args, "proc.args"); // General event information @@ -172,30 +174,6 @@ class EventExtractor { return get_container_id(tinfo); } - - static std::optional get_uid(sinsp_threadinfo* tinfo) { - return tinfo->m_uid; - } - - static std::optional get_uid(sinsp_evt* evt) { - auto* tinfo = evt->get_tinfo(); - if (tinfo == nullptr) { - return {}; - } - return get_uid(tinfo); - } - - static std::optional get_gid(sinsp_threadinfo* tinfo) { - return tinfo->m_gid; - } - - static std::optional get_gid(sinsp_evt* evt) { - auto* tinfo = evt->get_tinfo(); - if (tinfo == nullptr) { - return {}; - } - return get_gid(tinfo); - } }; } // namespace collector::system_inspector From 42343101748c32f14ab31d3e11e84d66caff9114 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Tue, 1 Jul 2025 10:17:24 +0200 Subject: [PATCH 6/9] Bump Falco version --- falcosecurity-libs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/falcosecurity-libs b/falcosecurity-libs index 36e8700c2c..abfb56bac3 160000 --- a/falcosecurity-libs +++ b/falcosecurity-libs @@ -1 +1 @@ -Subproject commit 36e8700c2cbf282e8cb907f0bfd52545128ccf36 +Subproject commit abfb56bac3fd79cc77dc265e029bce1f44f00ec6 From 29e10bc33c2f83f77afdbf55f6f5a5b0b1fdc446 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Tue, 1 Jul 2025 13:23:45 +0200 Subject: [PATCH 7/9] Bump falco version --- falcosecurity-libs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/falcosecurity-libs b/falcosecurity-libs index abfb56bac3..566353b563 160000 --- a/falcosecurity-libs +++ b/falcosecurity-libs @@ -1 +1 @@ -Subproject commit abfb56bac3fd79cc77dc265e029bce1f44f00ec6 +Subproject commit 566353b56321d21b8a0f8c16d7b484c6a707c213 From 21b05f6d45772c65918e61218471a73dd2bcf7ca Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Tue, 1 Jul 2025 13:48:28 +0200 Subject: [PATCH 8/9] Bump falco --- falcosecurity-libs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/falcosecurity-libs b/falcosecurity-libs index 566353b563..b077ac2ba7 160000 --- a/falcosecurity-libs +++ b/falcosecurity-libs @@ -1 +1 @@ -Subproject commit 566353b56321d21b8a0f8c16d7b484c6a707c213 +Subproject commit b077ac2ba71cfdeef61139da5b3a81f0f533abdf From 13dfea9865ec0dafa04056ae35a65fbdb2af9599 Mon Sep 17 00:00:00 2001 From: Mauro Ezequiel Moltrasio Date: Wed, 2 Jul 2025 11:07:49 +0200 Subject: [PATCH 9/9] Bump falco --- falcosecurity-libs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/falcosecurity-libs b/falcosecurity-libs index b077ac2ba7..0e997fff79 160000 --- a/falcosecurity-libs +++ b/falcosecurity-libs @@ -1 +1 @@ -Subproject commit b077ac2ba71cfdeef61139da5b3a81f0f533abdf +Subproject commit 0e997fff79170b8abba47873cc74749903ce495d