Release v1.7.0

Docker tag: 1.7.0-22468

Added

• For docker, kubernetes, and podman containers we now start collecting extra metadata such as:

  • container name

  • container hostname

  • image name

  • image ref

  • image tags

  • pod namespace

  • pod name

• Depending on the system, we may not be able to gather some of the metadata in certain cases, such as short-lived containers or nested containers. 

  • Kubernetes containers: We support containerd and cri-o as the kubernetes runtimes.

  • Podman containers: The API socket must be enabled to gather the metadata. The socket must be in its default path: /run/user/$USER_ID/podman/podman.sock for rootless containers, and /run/podman/podman.sock for root containers.

  • Docker containers: If the socket is managed by systemd, we expect the socket to be in its default path: /var/run/docker.sock.

• Support for eBPF filemod on systems whose kernels were compiled with CONFIG_SECURITY_PATH is disabled. In practice we have seen this be the case on older RHEL-like environments (e.g., fedora and some older AWS Linux kernels.)

Changed

• In containerized deployments of the sensor, tracefs always mount if not available. This mount will only affect the container in which the sensor is deployed.

• Be more resilient on detecting podman containers.

Fixed

• Be more resilient about possible sensor restarts caused by a resource-starved system during sensor boot up.

Hashes

MD5

ca6790ad781251ef82eaf36e9ac8b882  output/x86_64/cfsvcd
5fb861a6e478f7d638ecf94f21c51faf  output/x86_64/cwp-launch
0d095d86c3dce1ca1fe4497ea4c928e8  output/aarch64/cfsvcd
6a0f321b77a1ec8f63fe9bdb3cdc1bc6  output/aarch64/cwp-launch

SHA256

c9bf5577a221facb99ae211cea4eb31b2ca79da6228c03146efd87ad32005bc8  output/x86_64/cfsvcd
fc0c0f0e117a12dfbd599eef1edb564d0d9cab45d18fb29cd52f4d6394c161ca  output/x86_64/cwp-launch
f4e9688788d7e46a9b71b903c51ec77f158033092f9fca2016e11aca9606a898  output/aarch64/cfsvcd
77aea027512343ee95c77d58eaa7a3cc2adf296f0c8b6d82bf850ce519e626e5  output/aarch64/cwp-launch