You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the stack addresses option (-o option:stack-addresses) doesn't work (addresses array always comes out empty). Running with --log debug results in multiple of the following error:
{"L":"DEBUG","T":"2024-04-07T07:22:15.869Z","M":"failed to get StackAddress","error":"failed to lookup value 0xc001604070 in map stack_addresses: operation not permitted","origin":"ebpf:pkg/ebpf/events_pipeline.go:652","calls":"(*Tracee).getStackAddresses()"}
Running with --capabilities add=cap_bpf fixes the issue. cap_bpf needs to be added automatically before querying the stack addresses map.
Output of tracee version:
Tracee version: v0.20.0
Output of uname -a:
Linux *********** 5.15.146.1-microsoft-standard-WSL2 #1 SMP Sun Mar 10 18:17:47 IST 2024 x86_64 x86_64 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered:
Description
Using the stack addresses option (
-o option:stack-addresses
) doesn't work (addresses array always comes out empty). Running with--log debug
results in multiple of the following error:Running with
--capabilities add=cap_bpf
fixes the issue.cap_bpf
needs to be added automatically before querying the stack addresses map.Output of
tracee version
:Output of
uname -a
:The text was updated successfully, but these errors were encountered: