Releases: draios/sysdig
Releases · draios/sysdig
0.20.0
New Features
- Use dithered boxes to increase the number of available colors for spectrogram/subsecoffset views [#961] [#963] [#966]
- Add the ability to log json parse errors to a separate log file [#975] [#981] [#990]
- Update the embedded jsonpp implementation to 0.10.6 [#975] [#982]
- Reduce inactive container scan time from 20 minutes to 30 seconds [#985]
- Added the ability to parse and represent RAW sockets [#991]
- Handle finit_module syscall [#996] [#1001]
- Add error message when
scap_open()is called with incorrect mode [#997] - Use explicit versions for all Docker API Endpoints [#1000]
- Report more detailed errors when PPM_IOCTL_GET_N_TRACEPOINT_HIT fails [#1016]
- Update zlib/openssl/curl dependencies to ones that have security vulnerability fixes [#1030]
- Add support for bpf/seccomp syscalls [#1031] [#1033]
- When trying to build the kernel module using dkms fails, include dkms.log output along with the failure [#1038]
Bug Fixes
- Properly remove
/dev/sysdig*devices on older kernels [#888] - Properly set protocol for sockets used for listen() [#949]
- Make the check for identifying a container as mesos more strict [#955]
- Use insmod instead of modprobe to load dkms kernel module [#956]
- Fix typos/spelling mistakes [#968] [#1024]
- Fix bugs found by PVS-studio [#972]
- Add validation to value of SYSDIG_HOST_ROOT environment variable [#984]
- Add additional validation to contents of K8s auth string [#989]
- Ensure all extracted filtercheck values have lengths [#993]
- Fix a bug that could cause mesos json responses to be improperly truncated [#994]
- Fixed get_env() to handle spaces properly and to only return exact matches. [#1004]
- Fix a race condition that could cause a crash during non-blocking dns lookups [#1012]
- Add libelf as a dependency which prevents failures when sysdig is loaded by kernels using CONFIG_STACK_VALIDATION/CONFIG_ORC_UNWINDER [#1018]
- Fix AT_FDCWD 32-bit syscall decoding [#1025]
- Fix driver load problems with kernels that disable page fault tracepoints [#1034]
- Properly exit when reading truncated trace files with csysdig [#1037]
- Handle null return from sinsp_evt::get_thread_info() [#1039]
- Fix a memory leak when summarizing events by system call [#1042]
- Fix a crash caused when specifying a k8s api server but no certificate [#1045]
0.19.1
0.19.0
New features
- Add per-cpu counters when a tracepoint is hit [#947]
Bug fixes
mq_unlinksyscall reports asptrace[#927]- Fixed copy-paste typo [#946]
- expose the event masking/unmasking mechanism at the inspector level [#951]
- Fix targetViewFilter for "Accessed Files" in wsysdig_summary chisel [#952]
- Various improvements and fixes for Sysdig Inspect
0.18.0
New features
- Changed language of CLA to also cover government contributions [#902]
- Support mapped container docker networking mode, currently used by k8s pods [#922]
- Allow an external event capture dumper object to be used together with an inspector object [#912]
- Handle reading large execve args/env that might otherwise cause a page fault [#920]
- Add container events (container start/stop/etc) to capture files. In the future, will also be used for orchestrator information. [#935]
- Add the executable path as a filterable/displayable item
proc.exepath[#845] [#934] - Small README changes [#936]
- Support additional flags to
clone()syscall [#909] - Support page faults as events [#904]
- Support for upcoming visualization product [#931]
Bug fixes
- Compilation fixes for sysdig monitor agent [#942]
- Fix minor problems found by valgrind [#938]
- Fix crash when reading large messages from docker daemon [#932]
- Better cleanup of failed installation of the sysdig driver under coreos [#926]
- Ensure that a parent's ptid is set when an execve fills in information on a new process [#914]
- Fix IN operator so it works with non-string values [#913]
- fix compile errors with newer versions of libcurl [#895] [#911]
- fix compile errors when O_DIRECTORY not defined [#907]
- Use session id, not process group id, for proc.sid [#904] [#905]
- Small docs fixes related to
container.mount.*[#901] - Update installation script to use latest version of EPEL repository [#897]
0.17.0
0.16.0
New features
- Support for Kernel 4.11
sysdig -Nis now the default option, server port decoding can be reenabled with-R- Decode
unsharesyscall
Bug fixes
- Fix rkt detection for containers created before sysdig runs
- Fix container detection if docker itself is running inside a container
- Fix detection of lxc containers
- Fix compilation issues on RHEL5
- Fix memory leak on
spy_userschisel
0.15.1
0.15.0
New Features
- Support for Linux Kernel 4.10
- Use
/proc/<pid>/statusinstead of custom ioctl to get process vpid for kernels >= 4.1
Bug fixes
- Various fixes on Kubernetes ingestion
- Fix some happening deadlocks in the driver when
ioctlwere exiting with error - Fix mkdir and rmdir events, they were skipped in case of page faults
- Bugfix on
topports_serverchisel - Avoid some cases of infinite loop when evaluating filters like
proc.aname
0.14.0
New Features
- JSON output is not: an object per event separated by newline, instead of objects inside array as before.
- New filter
proc.pcmdline, which represents the full command line (proc.name + proc.args) of the parent of the process generating the event
Bug fixes
- Updated embedded OpenSSL, CURL and jq to address security issues
- Fixes for kernel version 4.9.3
- Improved detection of Mesos containers
- fix compilation with
HAS_CAPTUREdisabled on Linux - Fixes for merged captures support