diff --git a/CHANGELOG.md b/CHANGELOG.md index e349f3b4039..75a74ebf277 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,7 +22,7 @@ Released on 2023-09-26 * new(falco-driver-loader): --source-only now prints the values as env vars [[#2353](https://github.com/falcosecurity/falco/pull/2353)] - [@steakunderscore](https://github.com/steakunderscore) -* new(docker): allow passing options to falco-driver-loader from the driver loader cointainer [[#2781](https://github.com/falcosecurity/falco/pull/2781)] - [@LucaGuerra](https://github.com/LucaGuerra) +* new(docker): allow passing options to falco-driver-loader from the driver loader container [[#2781](https://github.com/falcosecurity/falco/pull/2781)] - [@LucaGuerra](https://github.com/LucaGuerra) * new(docker): add experimental falco-distroless image based on Wolfi [[#2768](https://github.com/falcosecurity/falco/pull/2768)] - [@LucaGuerra](https://github.com/LucaGuerra) * new: the legacy falco image is available as driver-loader-legacy [[#2718](https://github.com/falcosecurity/falco/pull/2718)] - [@LucaGuerra](https://github.com/LucaGuerra) * new: added option to enable/disable echoing of server answer to stdout (disabled by default) when using HTTP output [[#2602](https://github.com/falcosecurity/falco/pull/2602)] - [@FedeDP](https://github.com/FedeDP) @@ -1086,7 +1086,7 @@ Released on 2021-01-18 ### Minor Changes * build: bump b64 to v2.0.0.1 [[#1441](https://github.com/falcosecurity/falco/pull/1441)] - [@fntlnz](https://github.com/fntlnz) -* rules(macro container_started): re-use `spawned_process` macro inside `container_started` macro [[#1449](https://github.com/falcosecurity/falco/pull/1449)] - [@leodido](https://github.com/leodido) +* rules(macro container_started): reuse `spawned_process` macro inside `container_started` macro [[#1449](https://github.com/falcosecurity/falco/pull/1449)] - [@leodido](https://github.com/leodido) * docs: reach out documentation [[#1472](https://github.com/falcosecurity/falco/pull/1472)] - [@fntlnz](https://github.com/fntlnz) * docs: Broken outputs.proto link [[#1493](https://github.com/falcosecurity/falco/pull/1493)] - [@deepskyblue86](https://github.com/deepskyblue86) * docs(README.md): correct broken links [[#1506](https://github.com/falcosecurity/falco/pull/1506)] - [@leogr](https://github.com/leogr) diff --git a/proposals/20221129-artifacts-distribution.md b/proposals/20221129-artifacts-distribution.md index f3cfd907870..4c6a96eb9ca 100644 --- a/proposals/20221129-artifacts-distribution.md +++ b/proposals/20221129-artifacts-distribution.md @@ -69,7 +69,7 @@ The allowed publishing channels are: Both channels are equivalent and may publish the same artifacts. However, for historical reasons and to avoid confusion, the **`docker.io` registry should only be used for container images** and not for other kinds of artifacts (e.g., plugins, rules, etc.). -Mirrors are allowed and encouraged if they facilitate artifacts consumption by our users. This proposal reccomends to enable mirrors on the major public OCI registry, such as [Amazon ECR](https://gallery.ecr.aws/) (which is already implentend in our infra at the time of writing). +Mirrors are allowed and encouraged if they facilitate artifacts consumption by our users. This proposal recommends to enable mirrors on the major public OCI registry, such as [Amazon ECR](https://gallery.ecr.aws/) (which is already implentend in our infra at the time of writing). Official **channels and mirrors must be listed at [falco.org](https://falco.org/)**. diff --git a/userspace/falco/atomic_signal_handler.h b/userspace/falco/atomic_signal_handler.h index 001f15310a0..23147306049 100644 --- a/userspace/falco/atomic_signal_handler.h +++ b/userspace/falco/atomic_signal_handler.h @@ -87,9 +87,9 @@ namespace falco /** * @brief If a signal is triggered, performs an handler action. * The action function will be invoked exactly once among all the - * simultaneus calls. The action will not be performed if the + * simultaneous calls. The action will not be performed if the * signal is not triggered, or if the triggered has already been - * handled. When an action is being performed, all the simultaneus + * handled. When an action is being performed, all the simultaneous * callers will wait and be blocked up until its execution is finished. * If the handler action throws an exception, it will be considered * performed. After the first handler has been performed, every diff --git a/userspace/falco/falco_outputs.h b/userspace/falco/falco_outputs.h index 6a9c8b3cc8e..d5a243a2ce7 100644 --- a/userspace/falco/falco_outputs.h +++ b/userspace/falco/falco_outputs.h @@ -36,7 +36,7 @@ limitations under the License. All methods in this class are thread-safe. The output framework supports a multi-producer model where messages are stored in a queue and consumed - by each configured output asynchrounously. + by each configured output asynchronously. */ class falco_outputs { diff --git a/userspace/falco/stats_writer.cpp b/userspace/falco/stats_writer.cpp index b7194b9101c..6b84d89e1d7 100644 --- a/userspace/falco/stats_writer.cpp +++ b/userspace/falco/stats_writer.cpp @@ -34,6 +34,12 @@ limitations under the License. // check that this value changed since their last observation. static std::atomic s_timer((stats_writer::ticker_t) 0); static timer_t s_timerid; +// note: Workaround for older GLIBC versions (< 2.35), where calling timer_delete() +// with an invalid timer ID not returned by timer_create() causes a segfault because of +// a bug in GLIBC (https://sourceware.org/bugzilla/show_bug.cgi?id=28257). +// Just performing a nullptr check is not enough as even after creating the timer, s_timerid +// remains a nullptr somehow. +bool s_timerid_exists = false; static void timer_handler(int signum) { @@ -60,18 +66,31 @@ bool stats_writer::init_ticker(uint32_t interval_msec, std::string &err) sev.sigev_value.sival_ptr = &s_timerid; #ifndef __EMSCRIPTEN__ // delete any previously set timer - timer_delete(s_timerid); - if (timer_create(CLOCK_MONOTONIC, &sev, &s_timerid) == -1) { + if (s_timerid_exists) + { + if (timer_delete(s_timerid) == -1) + { + err = std::string("Could not delete previous timer: ") + strerror(errno); + return false; + } + s_timerid_exists = false; + } + + if (timer_create(CLOCK_MONOTONIC, &sev, &s_timerid) == -1) + { err = std::string("Could not create periodic timer: ") + strerror(errno); return false; } + s_timerid_exists = true; + #endif timer.it_value.tv_sec = interval_msec / 1000; timer.it_value.tv_nsec = (interval_msec % 1000) * 1000 * 1000; timer.it_interval = timer.it_value; #ifndef __EMSCRIPTEN__ - if (timer_settime(s_timerid, 0, &timer, NULL) == -1) { + if (timer_settime(s_timerid, 0, &timer, NULL) == -1) + { err = std::string("Could not set up periodic timer: ") + strerror(errno); return false; } @@ -134,7 +153,11 @@ stats_writer::~stats_writer() } // delete timerID and reset timer #ifndef __EMSCRIPTEN__ - timer_delete(s_timerid); + if (s_timerid_exists) + { + timer_delete(s_timerid); + s_timerid_exists = false; + } #endif } }