7.0.0+driver

Driver Testing Matrix amd64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	BPF-PROBE BUILD	BPF-PROBE SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-4.19	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2-5.10	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.4	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2023-6.1	🟢	🟢	🟢	🟢	🟢	🟢
archlinux-6.0	🟢	🟢	🟢	🟢	🟢	🟢
centos-3.10	🟢	🟢	🟢	🟡	🟡	🟡
centos-4.18	🟢	❌	❌	🟢	🟢	🟢
centos-5.14	🟢	🟢	🟢	🟢	🟢	🟢
fedora-5.17	🟢	❌	❌	🟢	🟢	🟢
fedora-5.8	🟢	🟢	🟢	🟢	🟢	🟢
fedora-6.2	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-3.10	🟢	🟢	🟢	🟡	🟡	🟡
oraclelinux-4.14	🟢	🟢	🟢	🟢	🟢	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-5.4	🟢	🟢	🟢	🟢	🟢	🟡
ubuntu-4.15	🟢	🟢	🟢	🟢	🟢	🟡
ubuntu-6.3	🟢	🟢	🟢	🟢	🟢	🟢

Driver Testing Matrix arm64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	BPF-PROBE BUILD	BPF-PROBE SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-5.4	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢	🟢	🟢
fedora-6.2	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-4.14	🟢	🟢	🟢	🟡	🟡	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟢	🟢	🟢
ubuntu-6.3	🟢	🟢	🟢	🟢	🟢	🟢

v7.0.0+driver

Released on 2024-01-08

Major Changes

• new(modern-bpf): support ppc64le architecture. [#1475] - @mdafsanhossain
• feat(driver-kmod): add riscv kernel module support [#1181] - @Xeonacid
• new(driver): implement support for x86 ia32 emulation for bpf drivers [#1196] - @FedeDP

Bug Fixes

• fix(driver): fixed build against linux 6.7 [#1566] - @FedeDP
• fix(driver): fixed build against linux 6.6. [#1415] - @FedeDP
• fix(driver/bpf): fixed fedora-5.8 bpf verifier. [#1407] - @FedeDP

Non user-facing changes

• cleanup(driver): inconsistent int types [#1465] - @ecbadeaux
• new(driver): add ppc64le support to old bpf and kmod plus CI job [#1497] - @mdafsanhossain
• cleanup(driver): params inconsistencies [#1512] - @ecbadeaux
• cleanup(driver): fix flags param [#1469] - @ecbadeaux
• cleanup(driver): use only int_t types [#1480] - @ecbadeaux
• cleanup(driver/bpf): create integer consistencies u32/s32 -> u/int32 [#1446] - @ecbadeaux
• fix(driver): properly support more ia32 syscalls "manual" translation to x86_64 ones [#1417] - @FedeDP
• new(driver): bumped syscalls with latest version of syscalls-bumper [#1411] - @FedeDP
• fix(driver/bpf): fix a verifier issue on debian10(4.19.0-25-amd64) [#1440] - @Andreagit97
• update(driver): handle processes sending open file descriptors via SCM_RIGHTS [#1400] - @loresuso
• cleanup(driver): unlinkat & linkat flags [#1538] - @ecbadeaux
• update(driver): update syscalls tables and driver report. [#1551] - @github-actions[bot]
• fix(driver,test): drop socketcalls called with wrong SYS_ argument in all 3 drivers [#1501] - @FedeDP
• update(driver): manually bumped generic syscalls through syscalls-bumper [#1466] - @FedeDP
• cleanup(driver/ppm_events.c): create consistencies(all integer types) [#1443] - @ecbadeaux
• cleanup(driver/ppm_fillers.c): create consistencies (u16 to uint16_t) [#1437] - @ecbadeaux
• cleanup(driver/ppm_fillers.c): resolve inconsistent integer types [#1445] - [@...

0.14.0

v0.14.0

Released on 2023-12-20

Major Changes

• update(libsinsp)!: k8s fields return a value only when we are in a pod [#1540] - @Andreagit97

• refactor(userspace/libsinsp)!: drop support to protodecoders [#1508] - @jasondellaluce

• refactor!: deprecation of tracers [#1503] - @jasondellaluce

• BREAKING CHANGE: scap_get_proc_table is gone [#1471] - @gnosek

• refactor(userspace/libsinsp)!: remove legacy metadata clients for k8s and mesos [#1478] - @jasondellaluce

• BREAKING CHANGE: sinsp_dumper::open* and scap_dump_open* no longer take a threads_from_sinsp/skip_proc_scan param [#1472] - @gnosek

• BREAKING CHANGE: all scap_platform_api functions now take a scap_platform* rather than scap_t* [#1458] - @gnosek

• BREAKING CHANGE: scap_open no longer takes a scap_platform* [#1458] - @gnosek

• BREAKING CHANGE: m_h->m_platform is no longer valid inside sinsp, use scap_get_platform() instead [#1458] - @gnosek

• BREAKING CHANGE: ../common/falcosecurity/log.h is now scap_log.h [#1454] - @gnosek

• BREAKING CHANGE: ../common/types.h no longer exists (use stdint.h) [#1454] - @gnosek

• BREAKING CHANGE: ../common/strl.h is now strl.h (within libscap) [#1454] - @gnosek

• BREAKING CHANGE: ../common/common_config.h (used only by strl.h) is now scap_strl_config.h [#1454] - @gnosek

• BREAKING CHANGE: scap_init (and related functions) no longer initialize the platform [#1401] - @gnosek

• BREAKING CHANGE: scap_mode_t and its values are now renamed to sinsp_mode_t and SINSP_MODE_* [#1401] - @gnosek

• BREAKING CHANGE: scap_get_stats() no longer exposes information on suppressed tids/events (sinsp::get_capture_stats() still does) [#1422] - @gnosek

• cleanup!: remove ppm_syscall.h file from drivers [#1356] - @Andreagit97

• new(libsinp): add proc.env[ENV_NAME], proc.aenv, proc.aenv[ENV_NAME] filter and display fields [#1561] - @incertum

Minor Changes

• chore(userspace/libsinsp): don't cache filtercheck extractions or comparisons for fields that can have arguments. [#1559] - @mstemm
• chore(build): using libraries sinsp or scap from a client CMake project does not require to specify any specific include path. The two targets will bring their own include path once they are referenced in the target_link_libraries CMake statement. [#1496] - @federico-sysdig
• feat/fix(cri): send correct k8s.pod.id and introduce k8s.pod.uid, expose full container and pod ids [#1575] - @incertum
• Update(prlimit&setrlimit): Add resource arg for exit event [#1348] - @Rohith-Raju
• update(drivers): add cmd to bpf exit event [#1419] - @Rohith-Raju
• cleanup(libsinsp): consolidation and extension of libsinsp stats / metrics sinsp_stats_v2 [#1433] - @incertum
• update(userspace/libsinsp): add factory method for sinsp_evt from a given scap buffer [#1492] - @jasondellaluce
• update(userspace/libsinsp): fix data race in async event queue and avoid potential extra allocation [#1490] - @jasondellaluce
• cleanup(build): you no longer need to include ../common [#1454] - @gnosek
• cleanup(libsinsp): remove potential undefined behavior in parsers buffer access [#1447] - @LucaGuerra
• update(userspace/libsinsp): support timestamp priority in async event injection [#1427] - @jasondellaluce
• refactor(userspace/libsinsp): remove g_filterlist [#1406] - @jasondellaluce

Bug Fixes

• fix(libsinsp): fix some path handling in fs.path [#1571] - @incertum
• fix(libsinsp): prevent extra characters from being added to fs.path.* fields [#1574] - @LucaGuerra
• fix(cmake): solve win32 linking issues with zlib [#1484] - @jasondellaluce

Non user-facing changes

• fix: potentially uninitialized variables [#1553] - @federico-sysdig
• fix(libscap,libsinsp): always initialize threadinfo on the stack [#1593] - @therealbobo
• fix(libsinsp): fix -Wreorder warning [#1584] - @LucaGuerra
• cleanup(ci): remove ssh debug job for actuated [#1591] - @LucaGuerra
• Fix some issues raised by clang-tidy [#1578] - @deepskyblue86
• cleanup(sinsp): remove some dead code [#1585] - @Andreagit97
• update(cmake): Make sure we install our library on Windows [#1580] - @geraldcombs
• new(ci): added actuated ssh workflow. [#1581] - @FedeDP
• cleanup(sinsp): remove unused file [#1579] - @Andreagit97
• chore(cmake): allow user to override GIT_COMMIT from cmake. [#1576] - @FedeDP
• new(libsinsp/test): Start dedicated container engine unit testsuite w/ mock CRI API response [#1544] - @incertum
• fix(tests): include grpc definitions in container tests [#1573] - @Andreagit97
• new(ci): make use of actuated.dev arm64 nodes for arm64 jobs. [#1555] - @FedeDP
• update(libsinsp,libscap): Make our .pc file paths relative [#1570] - @geraldcombs
• chore(libsinsp): remove redundant semicolon [#1572] - @alacuku
• refactor(libsinsp): use smart pointer for m_resolver in sinsp_dns_manager [#1558] - @incertum
• fix(sinsp): avoid a double free when an exception is thrown [#1569] - @Andreagit97
• fix(container/cri-engine): populate labels field for pod sandbox containers [#1564] - @alacuku
• refactor(libsinsp): rewrite concatenate_paths with std::filesystem [#1533] - @LucaGuerra
• update(tests): improve libscap modern bpf tests and CI checks [#1568] - @Andreagit97
• fix(CI): partially revert 404e649 [#1567] - @Andreagit97
  ...

0.13.4

What's Changed

• sync: release 0.13.4 by @FedeDP in #1450

Full Changelog: 0.13.3...0.13.4

0.13.3

What's Changed

• sync: release0.13.x by @FedeDP in #1438

Full Changelog: 0.13.2...0.13.3

0.13.2

What's Changed

• sync: release 0.13.2 by @Andreagit97 in #1412
• sync: release 0.13.2 by @Andreagit97 in #1413

Full Changelog: 0.13.1...0.13.2

0.13.2-rc1

What's Changed

• sync: release 0.13.2 by @Andreagit97 in #1412
• sync: release 0.13.2 by @Andreagit97 in #1413

Full Changelog: 0.13.1...0.13.2-rc1

0.13.1

What's Changed

• sync: release 0.13.x by @Andreagit97 in #1366

Full Changelog: 0.13.0...0.13.1

0.13.1-rc1

test(scap): add unit tests for scap_cgroup_prefix_path

Signed-off-by: Mauro Ezequiel Moltrasio <[email protected]>
Co-authored-by: Andrea Terzolo <[email protected]>

0.13.0

What's Changed

• update(ci): bump kernel-testing to v.2.2 by @alacuku in #1234
• update(readme): update readme, link to the falco website by @LucaGuerra in #1237
• new(ci): add a release-body CI for drivers releases. by @FedeDP in #1238
• fix(ci): fixed release-body workflow to avoid using ed. by @FedeDP in #1239
• fix(ci): fixed release-body matrixes path. by @FedeDP in #1240
• fix(ci): force tag_name in release-body workflow. by @FedeDP in #1241
• fix(ci): match release branches in release-body by @FedeDP in #1243
• fix(userspace/libsinsp): make sinsp struct size independent from compilation flags by @jasondellaluce in #1245
• fix(userspace/libsinsp): solve ambiguous move casting by @jasondellaluce in #1246
• update(ci): bumped kernel_tests to v0.2.3 by @FedeDP in #1247
• fix(libscap): off-by-one bug in cgroup v1 parser by @mattnite in #1252
• fix(scap): remove unnecessary and harmful strchr(=) by @gnosek in #1262
• fix(ci): fixed release-body CI trigger. by @FedeDP in #1264
• new(build): upgrade to OpenSSL 3.1.1 by @LucaGuerra in #1258
• update(cmake/modules): bump luajit by @therealbobo in #1268
• fix: ignore whitespace only cpuset.cpus entries by @greyhame-s in #1272
• cleanup(libsinsp): swap check order in is_in_pid_namespace() by @incertum in #1274
• cleanup: re-audit some critical code paths to avoid nullptr dereference by @Andreagit97 in #1251
• chore: realign drivers license by @Andreagit97 in #1275
• cleanup(cmake,userspace): moved tinydir and jsoncpp from third-party folder to full cmake modules by @FedeDP in #1271
• cleanup(scap,sinsp): assorted cleanups by @gnosek in #1254
• fix(userspace): obtain a reliable process lineage from thread info by @Andreagit97 in #1182
• fix(driver, userspace): fix loginuid, euid and tty types to uint32_t by @incertum in #1192
• docs: enforce bumping driver api and schema versions at every change by @jasondellaluce in #1273
• fix(.github): read right file for schema version checks by @jasondellaluce in #1277
• chore(userspace/libsinsp/test): skip scap file download if already present by @jasondellaluce in #1278
• update: support build for wasm by @Rohith-Raju in #1156
• new: introduce a new sinsp binary to improve scap-file debugging by @Andreagit97 in #1279
• chore: use uthash tag 1.9.8 + some minor patches on top of it by @Andreagit97 in #1281
• fix(cmake/modules/openssl): fix compilation on aarch64 by @therealbobo in #1282
• fix(sinsp): correctly manage runc process in old scap-files by @Andreagit97 in #1284
• cleanup(libsinsp): add libs g_logger to sinsp-example by @incertum in #1288
• cleanup(libsinsp): improve evt.hostname docs by @incertum in #1287
• cleanup(test/vm): remove py matplotlib by @incertum in #1286
• cleanup: remove requirements.txt file by @Andreagit97 in #1289
• fix: solve issues with emscripten build by @jasondellaluce in #1290
• fix(userspace/libsinsp): solve cmake link typo by @jasondellaluce in #1291
• Scoped target_link_libraries() commands for libsinsp by @mprzybylski in #1280
• fix(libsinsp): typo in source_idx_by_plugin_id iterator by @therealbobo in #1295
• docs(README.VERSION.md): clarify when internal version must not be bumped and general improvements by @leogr in #1296
• refactor: versioning with cmake by @leogr in #1294
• fix(cmake/modules): make GetVersionFromGit when no git info by @leogr in #1297
• fix(scap): initialize cgroup interface during platform init. by @wigol in #1301
• cleanup(docs): update readme + include more verbose testing instructions by @incertum in #1302
• cleanup(test/libscap): ensure each libscap test suite is activated, deprecate old userspace/libscap/test by @incertum in #1305
• new(libsinsp,driver): add evt.is_open_create syscall event field by @mrgian in #1299
• cleanup(build): update REPLACE cmd in modern_bpf CMakeLists by @incertum in #1306
• Update:(libsinsp/parsers): extend parseres to support pidfd. by @Rohith-Raju in #1257
• fix(userspace/libsinsp): set a timeout on the curl handle when retrieving docker info by @FedeDP in #1308
• cleanup(docs): edit libs page content for technical clarity by @incertum in #1307
• fix(scap): turn on cgroup namespace detection. by @wigol in #1313
• cleanup: use header only b64 library by @Andreagit97 in #1316
• fix(userspace/libscap): avoid possible double free while loading users and groups by @FedeDP in #1317
• chore: enforce b64 include at every cmake build by @Andreagit97 in #1319
• fix(libsinsp): race condition in async event by @therealbobo in #1310
• fix(sinsp): Improve podman container detection on Alpine Linux and when running in a container by @gnosek in #1320
• ci: unit tests on other platforms by @therealbobo in #1311

New Contributors

• @mprzybylski made their first contribution in #1280
• @mrgian made their first contribution in #1299

Full Changelog: 0.12.0...0.13.0

6.0.1+driver

What's Changed

• fix(driver): fixed build against 6.6 rc kernel in #1349
• fix(kmod): safer ppm_get_mm_exe_file in #1341

Full Changelog: 6.0.0+driver...6.0.1+driver

Driver Testing Matrix amd64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	BPF-PROBE BUILD	BPF-PROBE SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-4.19	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2-5.10	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2-5.4	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢	🟢	🟢
amazonlinux2023-6.1	🟢	🟢	🟢	🟢	🟢	🟢
archlinux-6.0	🟢	🟢	🟢	🟢	🟢	🟢
centos-3.10	🟢	🟢	🟢	🟡	🟡	🟡
centos-4.18	🟢	❌	❌	🟢	🟢	🟢
centos-5.14	🟢	🟢	🟢	🟢	🟢	🟢
fedora-5.17	🟢	❌	❌	🟢	🟢	🟢
fedora-5.8	🟢	🟢	🟢	🟢	❌	🟢
fedora-6.2	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-3.10	🟢	🟢	🟢	🟡	🟡	🟡
oraclelinux-4.14	🟢	🟢	🟢	🟢	🟢	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-5.4	🟢	🟢	🟢	🟢	🟢	🟡
ubuntu-4.15	🟢	🟢	🟢	🟢	🟢	🟡
ubuntu-6.3	🟢	🟢	🟢	🟢	🟢	🟢

Driver Testing Matrix arm64

KERNEL	CMAKE-CONFIGURE	KMOD BUILD	KMOD SCAP-OPEN	BPF-PROBE BUILD	BPF-PROBE SCAP-OPEN	MODERN-BPF SCAP-OPEN
amazonlinux2-5.4	🟢	🟢	🟢	🟢	🟢	🟡
amazonlinux2022-5.15	🟢	🟢	🟢	🟢	🟢	🟢
fedora-6.2	🟢	🟢	🟢	🟢	🟢	🟢
oraclelinux-4.14	🟢	🟢	🟢	🟡	🟡	🟡
oraclelinux-5.15	🟢	🟢	🟢	🟢	🟢	🟢
ubuntu-6.3	🟢	🟢	🟢	🟢	🟢	🟢