Skip to content

0.29.0
Compare
Choose a tag to compare
@github-actions github-actions released this 30 Mar 15:33
· 300 commits to dev since this release
0.29.0
773559a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New features

  • Full Plugins support! With colored output formatting, because we know you love it!
  • Podman support
  • Introduced a versioning between libscap and kernel drivers, that will allow in the future to properly tag libs release and avoid rebuilding kernel drivers when their version is not changed.
  • Integrated back ~4months worth of work on libs, on par with Falco 0.31.1 release
  • New syscalls: mprotect, execveat, copy_file_range, clone3

Bug Fixes

  • eBPF fixes
  • Security fixes
  • Fixed cgroups v2 support in libscap, a bug that prevented pre-existing containers (prior to running sysdig) to be matched with their processes
  • Fixed some container events related issues

Plugins info

  • Same plugins that are used for Falco can be used for sysdig
  • cmd line options, examples:
    • Register any found plugin from supported system folders and use dummy as input source passing to it open params:
$ sysdig -I dummy:'{"start":1,"maxEvents":10}'
    • Load and register dummy source plugin passing to it init config and open params:
sysdig -H dummy:'{"jitter":50}' -I dummy:'{"start":1,"maxEvents":10}'
  • Moreover, you can also load plugins using a Falco plugin configuration file, by passing the --plugin-config-file cmdline option ()
  • The --help usage text was updated with new informations.

I hope you will enjoy this new Sysdig release as much as we loved bringing it to you!

Assets 5
Loading