content/en/blog/falco-week-50-2023/index.md
Let's go through the major changes that happened in various repositories under the falcosecurity organization.
The anticipated 0.14.0 libs tag (and its driver counterpart) are going to be tagged soon, by the end of next week.
A xmas present for you all! :christmas_tree:
Mostly fixes were merged during this week:
fs.path: https://github.com/falcosecurity/libs/pull/1571concatenate_paths function leveraging modern c++17 std::filesystem: https://github.com/falcosecurity/libs/pull/1533m_resolver in sinsp_dns_manager to avoid leaks: https://github.com/falcosecurity/libs/pull/1558Also, thanks to actuated.dev for offering us arm64 github action runners, CI has been fully ported to github actions, except for a single CircleCI job! https://github.com/falcosecurity/libs/pull/1555
Rumors have it coming next:
k8s.pod.uid, k8s.pod.sandbox_id and mark k8s.pod.id as legacy: https://github.com/falcosecurity/libs/pull/1575Falco has seen some big new features this week!
engine.ebpf.probe path now defaults to ${HOME}/.falco/falco-bpf.o: https://github.com/falcosecurity/falco/pull/2971Finally, the new falcoctl based driver-loader was finally merged in Falco: https://github.com/falcosecurity/falco/pull/2905.
If you can, please make sure to give it a spin and let us know any feedback, it is very valuable for us!
To try it out:
docker pull falcosecurity/falco-driver-loader:master
docker run --rm -i -t \
--privileged \
-v /root/.falco:/root/.falco \
-v /proc:/host/proc:ro \
-v /boot:/host/boot:ro \
-v /lib/modules:/host/lib/modules \
-v /usr:/host/usr:ro \
-v /etc:/host/etc:ro \
falcosecurity/falco-driver-loader:master
Some fixes on top of the new driver-loader happened:
Cleanup method: https://github.com/falcosecurity/falcoctl/pull/371FixupKernel when building drivers: https://github.com/falcosecurity/falcoctl/pull/373Moreover, we finally merged the new asset artifact type PR! https://github.com/falcosecurity/falcoctl/pull/309
Falcoctl is quite ready for v0.7.0 release; we only need more driver-loader testing!
Driverkit has seen a small bug fix release this week: https://github.com/falcosecurity/driverkit/releases/tag/v0.16.2.
It contains a fix to docker go package multiplexed output support: https://github.com/falcosecurity/driverkit/pull/310.
Moreover, we merged a PR that opens up the possibility for Driverkit to directly use cmake to configure and then build our drivers: https://github.com/falcosecurity/driverkit/pull/309.
What's next?
The cmake PR is opened and works super good; build times are as good as before, so no penalty! https://github.com/falcosecurity/driverkit/pull/302.
Moreover, we are going to make use of actuated.dev arm64 runners in driverkit too, porting its CI to github actions: https://github.com/falcosecurity/driverkit/pull/311.
We meet every week in our community calls, if you want to know the latest and the greatest you should join us there!
If you have any questions
Thanks to all the amazing contributors!
Cheers 🎊
Aldo, Andrea, Federico