probe-builder/agent_ignorelist.yaml at dev · draios/probe-builder · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# Ignorelist for known versions of sysdig agent (sysdigcloud-probe)
matchers:
  ubuntu_nvidia: ^(?P<version>[0-9]\.[0-9]+\.[0-9]+)-(?P<build>[0-9]+)-(?P<vendor>nvidia)$
  redhat: ^(?P<version>[0-9]\.[0-9]+\.[0-9]+)-(?P<rpmrelver>[0-9]+)(?P<rpmrelpatch>(\.[0-9]+)*)\.(?P<rhel>el.*)\.(?P<arch>[a-z0-9-_]+)$
  generic: ^(?P<major>[0-9])\.(?P<minor>[0-9]+)\..*
  generic_aarch64: ^(?P<major>[0-9])\.(?P<minor>[0-9]+)\..*\.aarch64$

ignorelist:
  - description: "Kernel 6.7 on agent <= 12.19.0"
    probe_versions: [ 12.17.0, 12.17.1, 12.18.0, 12.19.0 ]
    probe_kinds: [ kmod, legacy_ebpf ]
    matcher: generic
    skip_if: "{{ (major|int > 6) or (major|int == 6 and minor|int >= 7) }}"

  - description: "[SMAGENT-6088] Kernel 6.6 on agent <= 12.17.1"
    probe_versions: [ 12.15.0, 12.16.0, 12.16.1, 12.16.2, 12.16.3, 12.17.0, 12.17.1 ]
    probe_kinds: [ kmod, legacy_ebpf ]
    matcher: generic
    skip_if: "{{ (major|int > 6) or (major|int == 6 and minor|int >= 6) }}"

  - description: "[SMAGENT-5378] RHEL8.9 kernels ~492..500 do not include backported patch"
    probe_versions: [ 12.16.0, 12.16.1, 12.16.2, 12.16.3, 12.17.0, 12.17.1 ]
    probe_kinds: [ kmod ]
    matcher: redhat
    skip_if: "{{ (version == '4.18.0' and 492<=(rpmrelver|int)<=500) }}"

  - description: "[SMAGENT-5083] Patch backported to RHEL8.9 but not detected"
    probe_versions: [ 12.12.0, 12.12.1, 12.13.0, 12.14.0, 12.14.1, 12.15.0 ]
    probe_kinds: [ kmod ]
    matcher: redhat
    skip_if: "{{ (version == '4.18.0' and (rpmrelver|int)>500) }}"

  - description: "[SMAGENT-5083] Patch backported to RHEL9.3 but not detected"
    probe_versions: [ 12.12.0, 12.12.1, 12.13.0, 12.14.0, 12.14.1 ]
    probe_kinds: [ kmod ]
    matcher: redhat
    skip_if: "{{ (version == '5.14.0' and (rpmrelver|int)>=327) }}"

  - description: "[SMAGENT-6415] kernel 5.14: argument 1 of 'class_create' from incompatible pointer type"
    probe_versions: [ 12.17.0, 12.17.1, 12.18.0, 12.19.0, 12.20.0 ]
    probe_kinds: [ kmod, legacy_ebpf ]
    matcher: redhat
    skip_if: "{{ (version == '5.14.0' and (rpmrelver|int) >= 410) }}"

  - description: "[SMAGENT-4715] 6.2 kernel build"
    probe_versions: [ 12.12.0 ]
    probe_kinds: [ kmod ]
    matcher: generic
    skip_if: "{{ (major|int > 6) or (major|int == 6 and minor|int >= 2) }}"

  - description: "kernel 6.3: argument 1 of 'class_create' from incompatible pointer type"
    probe_versions: [ 12.12.0, 12.13.0, 12.14.0 ]
    probe_kinds: [ kmod, legacy_ebpf ]
    matcher: generic
    skip_if: "{{ (major|int > 6) or (major|int == 6 and minor|int >= 3) }}"

  - description: "[https://github.com/falcosecurity/libs/pull/1632] kernel 6.8: implicit declaration of function 'strlcpy'"
    probe_versions: [ 12.18.0, 12.19.0, 12.20.0, 13.0.0, 13.0.1 ]
    probe_kinds: [ kmod ]
    matcher: generic
    skip_if: "{{ (major|int > 6) or (major|int == 6 and minor|int >= 8) }}"

  - description: "[SMAGENT-6649] kernel 5.14 - RHEL backport: member reference base type struct 'percpu_counter'"
    probe_versions: [ 12.18.0, 12.19.0, 12.20.0, 13.0.0, 13.0.1 ]
    probe_kinds: [ legacy_ebpf ]
    matcher: redhat
    skip_if: "{{ (version == '5.14.0' and (rpmrelver|int) >= 410) }}"

  - description: "[SMAGENT-8627] kernel 5.14 - RHEL backport: mnt_idmap for fs"
    probe_versions: [ 13.1.0, 13.1.1, 13.2.0, 13.2.1, 13.3.0, 13.3.1, 13.3.2, 13.3.3, 13.4.0, 13.4.1, 13.5.0, 13.6.0, 13.6.1, 13.7.0, 13.7.1, 13.7.2 ]
    probe_kinds: [ kmod ]
    matcher: redhat
    skip_if: "{{ (version == '5.14.0' and (rpmrelver|int) >= 542) }}"

# 12.14.1 fixed the build for bpf but not for kmod
  - description: "kernel 6.3: argument 1 of 'class_create' from incompatible pointer type"
    probe_versions: [ 12.14.1 ]
    probe_kinds: [ kmod ]
    matcher: generic
    skip_if: "{{ (major|int > 6) or (major|int == 6 and minor|int >= 3) }}"

  - description: "[https://github.com/falcosecurity/libs/pull/1884] kernel 6.10: implicit declaration of function 'fd_is_open'"
    probe_versions: [ 12.20.0, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.1.0, 13.1.1, 13.2.0, 13.2.1, 13.3.0, 13.3.1 ]
    probe_kinds: [ kmod ]
    matcher: generic
    skip_if: "{{ major|int == 6 and minor|int >= 10 }}"

  - description: "kernel 6.11: no member named '__i_ctime' in 'struct inode'"
    probe_versions: [ 12.20.0, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.1.0, 13.1.1, 13.2.0, 13.2.1, 13.3.0, 13.3.1, 13.3.2, 13.3.3, 13.4.0, 13.4.1 ]
    probe_kinds: [ legacy_ebpf ]
    matcher: generic
    skip_if: "{{ major|int == 6 and minor|int >= 11 }}"

  - description: "kernel 6.12...aarch64 error: unterminated function-like macro invocation time.tv_nsec = _READ((inode->i_ctime_nsec);"
    probe_versions: [ 13.5.0 ]
    probe_kinds: [ legacy_ebpf ]
    matcher: generic_aarch64
    skip_if: "{{ (major|int > 6) or (major|int == 6 and minor|int >= 12) }}"

  - description: "kernel 6.15 error: no member named 'parent' in 'struct kernfs_node' [SMAGENT-9355]"
    probe_versions: [ 13.5.0, 13.6.0, 13.6.1, 13.7.0, 13.7.1, 13.7.2, 13.8.0, 13.8.1, 13.9.0, 13.9.1, 13.9.2, 14.0.0 ]
    probe_kinds: [ legacy_ebpf ]
    matcher: generic
    skip_if: "{{ (major|int > 6) or (major|int == 6 and minor|int >= 15) }}"

  # Please note: this is the same as above, but for 6.14.0-1012-nvidia build
  - description: "kernel 6.14.0-1012-nvidia error: no member named 'parent' in 'struct kernfs_node' [SMAGENT-9355]"
    probe_versions: [ 13.5.0, 13.6.0, 13.6.1, 13.7.0, 13.7.1, 13.7.2, 13.8.0, 13.8.1, 13.9.0, 13.9.1, 13.9.2, 14.0.0 ]
    probe_kinds: [ legacy_ebpf ]
    matcher: ubuntu_nvidia
    skip_if: "{{ (version == '6.14.0') and (build|int >= 1012) and (vendor == 'nvidia') }}"

  # Please note: this is the same as above, but for RHEL9.8 kernels
  - description: "kernel 5.14.0-x.y.z.el9_8 error: no member named 'parent' in 'struct kernfs_node' [SMAGENT-9355]"
    probe_versions: [ 13.5.0, 13.6.0, 13.6.1, 13.7.0, 13.7.1, 13.7.2, 13.8.0, 13.8.1, 13.9.0, 13.9.1, 13.9.2, 14.0.0 ]
    probe_kinds: [ legacy_ebpf ]
    matcher: redhat
    skip_if: "{{ (version == '5.14.0' and (rpmrelver|int)>=687) }}"

  - description: "kernel 5.14.0-687.y.z.el9_8.s390x error: lvalue required as left operand of assignment pgprot_val(vma->vm_page_prot)"
    probe_versions: [ 13.9.0, 13.9.1, 13.9.2, 14.0.0, 14.0.1, 14.1.0, 14.1.1, 14.2.0, 14.2.1, 14.2.2, 14.2.3, 14.2.4, 14.2.5, 14.3.0, 14.3.1, 14.3.2, 14.4.0, 14.4.1, 14.5.0, 14.5.1 ]
    probe_kinds: [ kmod ]
    matcher: redhat
    skip_if: "{{ (version == '5.14.0' and (rpmrelver|int)>=687) and arch == 's390x' }}"