tetragon: Add --force-large-progs option to force large bpf programs #795
Conversation
There was a problem hiding this comment.
How disruptive is to try to load large programs by default even on old kernels and if it fails fallback to small programs? or a bpf feature / probe test? I'm asking in case we can avoid adding a new command line parameter , otherwise fine!
Btw do we have info log messages that can note:
- Force loading small programs on kernels >= 5.3
- Force loading large programs on old kernels
Approved but would be great if we can do those ;-)
I'd think the standard 4.18 kernel will have expected features.. it's just rhel that I know of with far upstream backports,
good idea, I'll put some log message |
Adding --force-large-progs option to force loading of large bpf programs. It's useful in situations where kernel contains backports and its version does not reflect actuall features. Also adding log message for both --force-small-progs/force-large-progs options. Signed-off-by: Jiri Olsa <[email protected]>
Adding sigkill tracing policy example that catches writes like:
$ echo "krava" > /tmp/passwd
Signed-off-by: Jiri Olsa <[email protected]>
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
Adding --force-large-progs option to force loading of large bpf
programs.
It's usefull in situations where kernel contains backports and
its version does not reflect actual features.
Signed-off-by: Jiri Olsa [email protected]