Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing capability for option:stack-addresses #3964

Open
oshaked1 opened this issue Apr 7, 2024 · 0 comments
Open

Missing capability for option:stack-addresses #3964

oshaked1 opened this issue Apr 7, 2024 · 0 comments
Labels
kind/bug
Milestone
v0.22.0

Comments

@oshaked1
Copy link
Contributor

oshaked1 commented Apr 7, 2024

Description

Using the stack addresses option (-o option:stack-addresses) doesn't work (addresses array always comes out empty). Running with --log debug results in multiple of the following error:

{"L":"DEBUG","T":"2024-04-07T07:22:15.869Z","M":"failed to get StackAddress","error":"failed to lookup value 0xc001604070 in map stack_addresses: operation not permitted","origin":"ebpf:pkg/ebpf/events_pipeline.go:652","calls":"(*Tracee).getStackAddresses()"}

Running with --capabilities add=cap_bpf fixes the issue. cap_bpf needs to be added automatically before querying the stack addresses map.

Output of tracee version:

Tracee version: v0.20.0

Output of uname -a:

Linux *********** 5.15.146.1-microsoft-standard-WSL2 #1 SMP Sun Mar 10 18:17:47 IST 2024 x86_64 x86_64 x86_64 GNU/Linux
@yanivagman yanivagman added this to the v0.22.0 milestone May 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
v0.22.0
Development

No branches or pull requests
2 participants
@yanivagman @oshaked1