- Carol Valencia·Last edited by Carol Valencia on Oct 22, 2022Linked with GitHubContributed by
Log in to edit or delete your comments and be notified of replies.
There is no commentSelect some text and then click Comment, or simply add a comment to this page from below to start a discussion.Tetragon Demo Fileless
Examples about Tetragon rules here
kubectl run demo-memfd --image=krol/demo-memfd:v1.1
kubectl logs -n kube-system ds/tetragon -c export-stdout -f | tetragon observe
Image Not Showing
Possible Reasons
Learn More →
Tetragon policy
PR: https://github.com/cilium/tetragon/pull/484
apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
name: "demo-memfd"
spec:
kprobes:
# int close(int fd);
- call: "__x64_sys_close"
syscall: true
args:
- index: 0
type: "int"
selectors:
- matchPIDs:
- operator: NotIn
followForks: true
isNamespacePID: true
values:
- 0
- 1
matchActions:
- action: UnfollowFD
argFd: 0
argName: 0
# int memfd_create(const char *name, unsigned int flags);
- call: "__x64_sys_memfd_create"
syscall: true
args:
- index: 0
type: "string"
- index: 1
type: "int"
selectors:
- matchPIDs:
- operator: NotIn
followForks: true
isNamespacePID: true
values:
- 0
- 1
# int execve(const char *pathname, char *const argv[],char *const envp[]);
- call: "__x64_sys_execve"
syscall: true
args:
- index: 0
type: "string"
selectors:
- matchPIDs:
- operator: NotIn
followForks: false
isNamespacePID: true
values:
- 0
- 1
matchArgs:
- index: 0
operator: "Prefix"
values:
- "/proc/self/fd/"
matchActions:
- action: Sigkill
With kill enabled
🚀 process default/demo-memfd /demo-memfd nginx /bin/date
⁉️ syscall default/demo-memfd /demo-memfd __x64_sys_execve
💥 exit default/demo-memfd /demo-memfd nginx /bin/date SIGKILL
Automatic detection by Tetragon: https://github.com/cilium/tetragon/pull/499
Read more
Consumption Settings
make build
Jun 7, 2024O11 - Week01
Goals:
Jan 30, 2024Notes 1.29 Release
to give the status
Dec 12, 2023main for the Kubernetes Release Blog 1.29
This outline can be used as reference for writing up the release blog. The following sections should give you an idea what can be consider for the blog, but for sure you don’t/can’t include all sections:
Nov 29, 2023Published on 
HackMD
HackMD