Falco Weekly 3 - 2024
What happened in Falco this week?
Let's go through the major changes that happened in various repositories under the falcosecurity organization.
Libs
Libs tag 0.14.1 is out! Try it!
It fixes the following things:
- fix(gvisor): gVisor engine crashes with non-hex container IDs: https://github.com/falcosecurity/libs/issues/1602
- fix(gvisor): handle arbitrary sandbox IDs: https://github.com/falcosecurity/libs/pull/1612
- fix(libsinsp): modify switch case: https://github.com/falcosecurity/libs/pull/1620
- fix(libsinsp): Add new cgroup layout for podman: https://github.com/falcosecurity/libs/pull/1613
- fix(libsinsp): consistent thread info filtering while dumping: https://github.com/falcosecurity/libs/pull/1606
- fix(libsinsp): do not suppress zero ptids: https://github.com/falcosecurity/libs/pull/1598
- fix(libsinsp): fix resolved PT_FSPATH and PT_FSRELPATH evt params: https://github.com/falcosecurity/libs/pull/1597
You can find a detailed summary on the release page.
Falco
Falco tag 0.37.0-rc1 is out! Try it!
Some final cleanup before the final tag:
- cleanup(falco.yaml): rename
noneinnodriver: https://github.com/falcosecurity/falco/pull/3012 - update(config): graduate
outputs_queueto stable: https://github.com/falcosecurity/falco/pull/3016
We are in the testing phase so any feedback would be appreciated!
Moreover, we crafted a dedicated helm chart to test the new k8smeta plugin and the k8s-metacollector, you can read more about it here. Please note these 2 new components will be officially released with Falco 0.37.0 as EXPERIMENTAL features.
As a final reminder, please take a look at our polls if you have some spare seconds.
Falcoctl
Falcoctl 0.7.0 is out! Try it!
These are some of the most relevant changes:
- update(output): complete rework of the output system: https://github.com/falcosecurity/falcoctl/pull/335
- update(cmd): remove redundant configuration for error handling: https://github.com/falcosecurity/falcoctl/pull/337
- new(cmd): add artifact config command: https://github.com/falcosecurity/falcoctl/pull/340
- feat(artifact/config): fetch config layer for a specific platform: https://github.com/falcosecurity/falcoctl/pull/349
- new(artifact/manifest): add manifest command: https://github.com/falcosecurity/falcoctl/pull/351
- new: driver command: https://github.com/falcosecurity/falcoctl/pull/343
- new(pkg/driver): fixed some kernel version related issues: https://github.com/falcosecurity/falcoctl/pull/364
- cleanup(cmd,internal,pkg): move driver config options to be common to all driver commands: https://github.com/falcosecurity/falcoctl/pull/365
- fix(pkg/driver): do not call FixupKernel when building drivers: https://github.com/falcosecurity/falcoctl/pull/373
- new: introduce asset artifact type: https://github.com/falcosecurity/falcoctl/pull/309
You can find a detailed summary on the release page.
Join relevant discussions
- Our new discussion section: https://github.com/falcosecurity/falco/discussions
- Breaking changes in Falco 0.37.0: https://github.com/falcosecurity/falco/issues/2763
- Breaking changes in Falco 0.38.0: https://github.com/falcosecurity/falco/issues/2840
Let's meet 🤝
We meet every week in our community calls, if you want to know the latest and the greatest you should join us there!
If you have any questions
- Join the #falco channel on the Kubernetes Slack
- Join the Falco mailing list
- Open a discussion in our discussion section
Thanks to all the amazing contributors!
Cheers 🎊
Aldo, Andrea, Federico
