Docker tag: 1.7.0-22468
Added
For docker, kubernetes, and podman containers we now start collecting extra metadata such as:
container name
container hostname
image name
image ref
image tags
pod namespace
pod name
Depending on the system, we may not be able to gather some of the metadata in certain cases, such as short-lived containers or nested containers.
Kubernetes containers: We support containerd and cri-o as the kubernetes runtimes.
Podman containers: The API socket must be enabled to gather the metadata. The socket must be in its default path:
/run/user/$USER_ID/podman/podman.sockfor rootless containers, and/run/podman/podman.sockfor root containers.Docker containers: If the socket is managed by systemd, we expect the socket to be in its default path:
/var/run/docker.sock.
Support for eBPF filemod on systems whose kernels were compiled with CONFIG_SECURITY_PATH is disabled. In practice we have seen this be the case on older RHEL-like environments (e.g., fedora and some older AWS Linux kernels.)
Changed
In containerized deployments of the sensor, tracefs always mount if not available. This mount will only affect the container in which the sensor is deployed.
Be more resilient on detecting podman containers.
Fixed
Be more resilient about possible sensor restarts caused by a resource-starved system during sensor boot up.
Hashes
MD5
ca6790ad781251ef82eaf36e9ac8b882 output/x86_64/cfsvcd
5fb861a6e478f7d638ecf94f21c51faf output/x86_64/cwp-launch
0d095d86c3dce1ca1fe4497ea4c928e8 output/aarch64/cfsvcd
6a0f321b77a1ec8f63fe9bdb3cdc1bc6 output/aarch64/cwp-launchSHA256
c9bf5577a221facb99ae211cea4eb31b2ca79da6228c03146efd87ad32005bc8 output/x86_64/cfsvcd
fc0c0f0e117a12dfbd599eef1edb564d0d9cab45d18fb29cd52f4d6394c161ca output/x86_64/cwp-launch
f4e9688788d7e46a9b71b903c51ec77f158033092f9fca2016e11aca9606a898 output/aarch64/cfsvcd
77aea027512343ee95c77d58eaa7a3cc2adf296f0c8b6d82bf850ce519e626e5 output/aarch64/cwp-launch