saschagrunert
Follow
saschagrunert
Follow
Achievements
Achievements
Highlights
Pinned Loading
5,527 contributions in the last year
Less
More
Activity overview
Contributed to
cri-o/cri-o,
kubernetes-sigs/security-profiles-operator,
saschagrunert/webapp.rs
and 5 other
repositories
Loading
Contribution activity
November 2021
Created 107 commits in 9 repositories
Created 2 repositories
Created a pull request in kubernetes-sigs/security-profiles-operator that received 28 comments
Switch to GRPC sockets rather than using tcp ports
What type of PR is this? /kind feature What this PR does / why we need it: The enricher as well as the bpf recorder require host network for cgroup …
+501
−23
•
28
comments
Opened 48 other pull requests in 4 repositories
kubernetes-sigs/security-profiles-operator
24
merged
1
open
- Add update-vmlinux makefile target
-
Graduate seccomp profile from
v1alpha1tov1beta1 - Add BPF recorder docs
- Make seccomp profile architectures non pointers
- Add architecture to recorded seccomp profiles
- Update to nix 2.4 and nixpkgs
- Add bpf recorder metrics
-
Add
Verbosityoption to spod config - Early give-up on short-lived processes
- Add bpf recorder e2e test
- Finalize bpf recorder unit tests
-
Reduce verbose level to
1 - Make log verbosity usable
- Filter system mount namespace
- Update btf and integrate into CI
- Add start/stop unit tests for BPF recorder
- Add host PID hint and clarify syscall_id var
- Use mount namespace for faster tracking
- Add more recorder unit tests
- Add bpf recorder unit tests
- Make cgroup tracking more robust
- Reuse util.ContainerIDForPID in enricher
- Rely on BPF PID tracking rather than mount namespaces
- Reference the bindata container ID as const
- Remove no_bpf build tag
containers/conmon-rs
1
open
15
merged
3
closed
- Add unit tests to init module
-
Move
Serverinto a lib - Remove gRPC references
- Add golang client
- Switch to capnproto (2nd edition)
- Add rustfmt to gh-pages update job
- WIP: Run integration test in VM
- Listen to SIGINT as well
- Switch to simple-logger
- Add unix domain socket support
- Add max rss integration test
- Add license
- Setup basic CI
- Validate config before server start
- Remove unused dependencies
- Switch to single threaded tokio runtime
- WIP: Switch to capnproto
- Add logging support
- Bump dependencies and remove glib
NixOS/nixpkgs
3
merged
containers/podman
1
merged
Reviewed 149 pull requests in 24 repositories
cri-o/cri-o
25 pull requests
- build(deps): bump github.com/containerd/containerd from 1.5.7 to 1.5.8
- [1.20] Add support to drop ALL and add back few capabilities
- Add .containerenv file to containers
- Add support for target namespaces
- build(deps): bump go.opentelemetry.io/otel from 1.1.0 to 1.2.0
- build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc from 1.1.0 to 1.2.0
- build(deps): bump go.opentelemetry.io/otel/sdk from 1.1.0 to 1.2.0
- RFC: add support for proposed extended scope NRI.
- [release-1.21] release-notes: update to main
- [release-1.20] release-notes: update to main
- Specify runtime table format in the error message
- build(deps): bump github.com/containerd/ttrpc from 1.0.2 to 1.1.0
- server: fix segfault when using cgroupv2
- [release-1.22] test: add label for openshift e2e in dockerfile
- release-notes: update to main
- oci: Fix a couple of deadlocks in container stop code
- [1.21] bump to 1.21.4
- build(deps): bump github.com/onsi/gomega from 1.16.0 to 1.17.0
- [1.22] bump to 1.22.1
- build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.26.0 to 0.26.1
- [1.20] bump to 1.20.6
- stats: modernize stats collection and implement Pod level stats reporting
- Bug 2012838: fix override storage options from storage.conf
- build(deps): bump google.golang.org/grpc from 1.41.0 to 1.42.0
- build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.25.0 to 0.26.0
kubernetes/kubernetes
23 pull requests
-
Make CRI
v1the default and allow a fallback tov1alpha2 - CHANGELOG/1.9: Fix up GCS bucket references
- Automated cherry pick of #106382: defer close the rotated log open
- Automated cherry pick of #106382: defer close the rotated log open
- Automated cherry pick of #106382: defer close the rotated log open
- [go1.16] Update to go1.16.10
- [go1.16] Update to go1.16.10
- Cherry-pick of #101708: Fix log spam for du failure on pod etc-hosts metrics
- Automated cherry pick of #105755: Support cgroupv2 in node problem detector test
- Update debian, debian-iptables images to pick up CVEs fixes
- Update debian, debian-iptables, setcap images to pick up CVEs fixes
- Automated cherry pick of #105997: Fixing how EndpointSlice Mirroring handles Service selector
- Automated cherry pick of #105997: Fixing how EndpointSlice Mirroring handles Service selector
- Automated cherry pick of #105997: Fixing how EndpointSlice Mirroring handles Service selector
- Automated cherry pick of #105673: support more than 100 disk mounts on Windows
- Automated cherry pick of #105673: support more than 100 disk mounts on Windows
- Automated cherry pick of #105755: Support cgroupv2 in node problem detector test
- Automated cherry pick of #105755: Support cgroupv2 in node problem detector test
- Cherry pick of #104551: Run storage hostpath e2e test client pod as privileged
- Cherry pick of #104551: Run storage hostpath e2e test client pod as privileged
- Cherry pick of #104551: Run storage hostpath e2e test client pod as privileged
- Update debian, debian-iptables, setcap images to pick up CVEs fixes
- Fix pkg/volume/util/operationexecutor/operation_generator.go log format problem
kubernetes-sigs/security-profiles-operator
21 pull requests
- Load/Unload AppArmor profiles into hosts
- Add BPF recorder docs
- Update the SELinux policy for selinuxd to support F-35
- Bump sigs.k8s.io/controller-runtime from 0.10.2 to 0.10.3
- Add features and their status
- Finalize bpf recorder unit tests
- Add CII Best Practices badge
- Bump golang.org/x/text to v0.3.7
- Update btf and integrate into CI
- Bump golangci to 1.43.0
- apparmor: add initial AppArmor CRD management implementation
- Use mount namespace for faster tracking
- apparmor: Create draft version of AppArmor CRD
- Bump github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring from 0.51.2 to 0.52.0
- selinux: Don't emit errors or events if we're only waiting for selinuxd to remove policy
- enricher: Remove useless Info-level log line
- Switch to GRPC sockets rather than using tcp ports
- Upgrade fedora to 35
- Add bpf based syscall recorder
- Remove no_bpf build tag
- Bump google.golang.org/grpc from 1.41.0 to 1.42.0
containers/conmon-rs
20 pull requests
- update goals in README
- Add unit tests to init module
- Bump anyhow from 1.0.45 to 1.0.47
- server: daemonize and write pidfile
- Add go client and library
- refactor to a client, common library, and server
- Add golang client
-
Bump clap from
ca3e14cto5e91347 - Bump tokio from 1.13.0 to 1.14.0
-
Bump clap from
3092751toca3e14c - add Makefile
- Bump gettext-rs from 0.4.4 to 0.7.0
-
Bump clap from
00a0c4eto3092751 - setup oom and locale
- Add max rss integration test
- add graceful shutdown
- Add test client binary
- Reduce binary size in release mode
- Implement a minimal ConmonServer
- Add config structure
containers/containrs
12 pull requests
- Bump anyhow from 1.0.45 to 1.0.47
- Bump serde_json from 1.0.68 to 1.0.69
-
Bump clap from
4dfa56ato00a0c4e - Bump libc from 0.2.106 to 0.2.107
- Bump paste from 1.0.5 to 1.0.6
-
Bump clap from
879dd23to4dfa56a - Bump tokio-macros from 1.5.0 to 1.5.1
-
Bump clap from
0ad042ato96e7dfe - Bump tokio from 1.12.0 to 1.13.0
- Bump tokio-stream from 0.1.7 to 0.1.8
- Bump libc from 0.2.105 to 0.2.106
- Bump tokio-util from 0.6.8 to 0.6.9
kubernetes/release
8 pull requests
- update ci-signal reporter OWNERS
- build(deps): bump github.com/yuin/goldmark from 1.4.3 to 1.4.4
- build(deps): bump github.com/google/go-containerregistry from 0.6.0 to 0.7.0
- cosign: update cosign to 1.3.1
- debian-iptables: add go-runner to bullseye image
- k8s-cloud-builder/k8s-ci-builder: Build image using go1.17.3
- update cosign to v1.3.0
- build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.9 to 3.21.10
kubernetes-sigs/downloadkubernetes
6 pull requests
- build(deps-dev): bump webpack from 5.64.0 to 5.64.1
- build(deps-dev): bump webpack from 5.62.0 to 5.62.1
- build(deps-dev): bump webpack from 5.61.0 to 5.62.0
- build(deps-dev): bump mini-css-extract-plugin from 2.4.3 to 2.4.4
- build(deps-dev): bump css-loader from 6.5.0 to 6.5.1
- build(deps-dev): bump npm-check-updates from 11.8.5 to 12.0.0
NixOS/nixpkgs
6 pull requests
kubernetes-sigs/cri-tools
4 pull requests
kubernetes/sig-release
4 pull requests
containers/common
3 pull requests
containers/storage
3 pull requests
kubernetes/enhancements
2 pull requests
kubernetes/test-infra
2 pull requests
kubernetes/community
1 pull request
kubernetes/org
1 pull request
containers/youki
1 pull request
kubernetes-sigs/release-sdk
1 pull request
kubernetes-sigs/promo-tools
1 pull request
openshift/enhancements
1 pull request
kubernetes-sigs/release-notes
1 pull request
kubernetes/website
1 pull request
openshift/machine-config-operator
1 pull request
saschagrunert/webapp.rs
1 pull request
Created an issue in aquasecurity/btfhub that received 3 comments
btfgen.sh produces empty output
When running the btfgen.sh script for my bpf objects, then the output will be only empty directories.
> ./btfgen.sh -a x86_64 -o recorder.bpf.o.amd…
3
comments