tetragon: Setup execve_map max entries #3279
Conversation
olsajiri
added
the
release-note/minor
olsajiri
force-pushed
the
pr/olsajiri/harden
branch
2 times, most recently
from
f1947ec to
7b664dd
Compare
Signed-off-by: Jiri Olsa <[email protected]>
olsajiri
force-pushed
the
pr/olsajiri/harden
branch
from
7b664dd to
ab3513b
Compare
| threads := readFileDefault("/proc/sys/kernel/threads-max", 32768) | ||
| ExecveMap.SetMaxEntries(int(threads)) |
There was a problem hiding this comment.
Why do we need this? It seems it will make the size of the execve_map even larger as threads-max is often well above 32K. This will take significant space while running threads-max threads is pretty rare nop?
There was a problem hiding this comment.
I tried this as mitigation for https://github.com/isovalent/security/issues/88 .. I think we need some combination of this change (with some reasonable size for execve_map) and other ways mentioned in the issue
There was a problem hiding this comment.
ah I see, maybe this is one of the cases where NO_PREALLOC could help so that we can dynamically size to a very large map. But I could see how this can lead to memory issues in the future. That's not an easy problem :/
No description provided.