Docker tag: 1.12.2-29034
Added
New telemetry type for
memfd_createsyscalls. This is currently only emitted if using eBPF as the telemetry source.Includes
memfd_name(prefixedmemfdname) andmemfd_flagsas passed to the syscallProcess image digest have previously worked and will continue to work for processes started with
memfd, as long as the process remains live by the time the sensor gets theexeceventSupport for running natively in Alpine machines
Changed
On machines lower than kernel 4.18, when using eBPF, we will truncate script paths to 256 characters. This was done to fix a bug where script path may not be fully detected under heavy
execve(at)load.Added eBPF support on newer kernels (6.18+)
Fixed
Improved support for detecting executables using custom ELF loaders
Fixed issue where paths of scripts may not be detected under heavy exec load using eBPF
Made consistency checker sturdier when running under eBPF, so spurious failures that would make the sensor fallback to Audit will now be less common
Hashes
MD5
83030de0f882d0c0e1531952d69a2c2f output/x86_64/cfsvcd
2c2ba7277397ea9c05b530e5ec174fc4 output/x86_64/cwp-launch
e9b6ac8ea8a76e169d6f20798025df12 output/aarch64/cfsvcd
e1ef447f209a2ec1b6e603a7cd518ec5 output/aarch64/cwp-launchSHA256
b828b691462681d59c6a2cfd6712c3e6702cffee18f6b6b64be44c9aef66e73f output/x86_64/cfsvcd
8b9cb69a8b0f71728b25ac5a92e31201dea4e5ed5dd18d44aadd5fc9388aedc2 output/x86_64/cwp-launch
da52fd6a219833e7b9651ba1413a065f14f69df3a96e23d090603e6d16814a3f output/aarch64/cfsvcd
c11f8f6944be2b8f8e9f3a162bcd4a83a2d07cd260aabc461ef015ac0b5d720c output/aarch64/cwp-launch