Explores essential Linux kernel concepts needed to write effective Tetragon tracing policies. Covers kernel vs user space, system calls, hook points (kprobes, tracepoints, LSM hooks), process management, file descriptors, and networking sockets. Provides practical examples of how kernel fundamentals translate into monitoring policies for security observability, with guidance on choosing appropriate attachment points for different scenarios.
Table of contents
Kernel Space vs User SpaceThe System Call InterfaceHook PointsProcess ManagementFile System and File DescriptorsNetworking and SocketsConclusion: Building Your Kernel KnowledgeResources and References:Sort: