|
|
|
|
|
|
by gbrown_
3496 days ago
|
|
|
> When we wrote go-audit, there were few, (if any?), distros that had eBPF kernel > support. Now Ubuntu 16.04 has support, as do many others, and that is great! This! I'm rather tired of people preaching about eBPF when in reality many of us
have to run long term supported kernels/ distros like RedHat or Ubuntu LTS
releases. |
|
|
What is said is "If Slack really want to use syscall auditing for production, invest the effort to fix it, please. (And cc me.)", which seems totally reasonable to me.
Slack's answer is "We have worked around limitations and very definitely stress tested it in our environment. A lot. A lot lot." As I understand, this means "No, Slack will not invest any effort to fix Linux syscall auditing in upstream kernel, because we have already worked around limitations." Which is kind of sad and expected.