Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[auditbeat/fim/kprobes] Correct seccomp policy for arm64 #39759

Merged

Conversation

pkoutsovasilis
Copy link
Contributor

seccomp.ModifyDefaultPolicy for amd64 whitelists the specified syscalls. On the contrary, for arm64 the same function blacklists them 🙂 Thus this PR adjusts the code of kprobes Backend of FIM to add the missing syscalls only for amd64.

Proposed commit message

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

N/A

Author's Checklist

N/A

How to test this PR locally

N/A

Related issues

N/A

Use cases

N/A

Screenshots

N/A

Logs

N/A

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 29, 2024
@pkoutsovasilis pkoutsovasilis added bug backport-v8.14.0 Automated backport with mergify and removed needs_team Indicates that the issue/PR needs a Team:* label labels May 29, 2024
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 29, 2024
@pkoutsovasilis pkoutsovasilis marked this pull request as ready for review May 29, 2024 15:49
@pkoutsovasilis pkoutsovasilis requested a review from a team as a code owner May 29, 2024 15:49
@haesbaert
Copy link
Contributor

Forgive my ignorance, but aren't you missing the //go:build amd64 in the beginning of the file?

@pkoutsovasilis
Copy link
Contributor Author

Forgive my ignorance, but aren't you missing the //go:build amd64 in the beginning of the file?

no worries, because the name ends with _linux_amd64.go this file will compile only for linux and amd64. Makes sense?

@pkoutsovasilis
Copy link
Contributor Author

@haesbaert since you left a comment and if I am not mistaken it is resolved, for the shake of completion (and since you are part of sec-linux-platform) could you also approve this PR?

@haesbaert
Copy link
Contributor

@haesbaert since you left a comment and if I am not mistaken it is resolved, for the shake of completion (and since you are part of sec-linux-platform) could you also approve this PR?

ofc ❤️

@haesbaert haesbaert merged commit 7a561ff into elastic:main May 29, 2024
18 checks passed
mergify bot pushed a commit that referenced this pull request May 29, 2024
* fix(auditbeat/fim/kprobes): do add syscalls in default seccomp policy for arm64

* doc: update CHANGELOG.next.asciidoc

(cherry picked from commit 7a561ff)
pkoutsovasilis added a commit that referenced this pull request May 30, 2024
…9762)

* fix(auditbeat/fim/kprobes): do add syscalls in default seccomp policy for arm64

* doc: update CHANGELOG.next.asciidoc

(cherry picked from commit 7a561ff)

Co-authored-by: Panos Koutsovasilis <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport-v8.14.0 Automated backport with mergify bug needs_team Indicates that the issue/PR needs a Team:* label
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants