driver: fix compilation on kernel < 3.11 (draios#880)

O_TMPFILE was introduced in 3.11, so let's not consider it for kernels
older than that.

libsinsp: fix typo sisnp_baseliner -> sinsp_baseliner

Set environment variables only on main threads (draios#848)

* Set environment variables only on main threads

* Set cwd only on main thread, it causes extra thread lookups during startup

* Add few sanity checks for the presence of tinfo

* more of the previous

* more of the previous

* Replace all access to m_env with a call to the getter get_env()

* Other nullptr tinfo checks

* Add other nullptr checks

Merging for 0.7.0 (draios#855)

* Bline2 (draios#830)

* generate a dump file when a process different from docker accesses the docker oom files

* more debug info

* slightly better logging filtering

* better log filtering

* a bit more filtering

* minor changes

* reenable falcobl

* minor changes for better baseliner support

* reduce noisiness

* some baseline flags

* cleanups

* cleanups

* cleanup

* when dumping the sinsp thread table to disk, do it on a thread by thread basis to avoid excessive memory usage

* temporarily remove the falcobl project

* Fix parsing of cgroups with empty subsys

* Dumpermem (draios#839)

* when dumping the sinsp thread table to disk, do it on a thread by thread basis to avoid excessive memory usage

* make sure to free the structures allocated in sinsp_thread_manager::dump_threads_to_file

* fixed a buffer overflow in sinsp_threadinfo::args_to_scap

* more buffer overflow protection in sinsp_threadinfo::env_to_scap and sinsp_threadinfo::cgroups_to_scap

* make sure not to scan proc when crating a memory dumper

* sinsp-generate the process list when dumping to memory

* sinsp-generate the process list when dumping to memory

* warnings and compile errors

* cleanups

* some optimizations in the code that writes the sinsp thread table to file

* more thread table dump optimizations

* Adding ability to open trace files from fds (draios#838)

* Adding ability to open trace files from fds

Add the ability to open scap files or inspectors from a fd. Makes it
possible to open other objects that return a fd and treat those objects
as if they were a file.

 - Add new functions scap_open_offline_fd, scap_dump_open_fd that take
   all the same arguments as their filename versions but take a fd
   instead of a filename. scap_open_offline_int now takes a gzfile which
   has been opened by one of the top-level functions.
 - scap_open's args struct now contains a fd. If non-zero, it takes
   precedence over filename and the fd is used to open a gzfile via
   gzdopen().
 - New function scap_event_reset_count sets the read event count to
   0. Used when rewinding a scap file to start over.
 - Add some more useful error messages to
   scap_read_{proclist,userlist,fdlist} when reading more than expected.
 - also add fdopen variants to sinsp_dumper/sinsp. They call the
   appropriate scap fd variants. most of sinsp::open moves to sinsp::open_int().
 - Add is_open() and written_events() methods to sinsp_dumper(). Useful
   when writing files via fd to track progress.
 - In sinsp::init(), after rewinding the file also reset the event
   count.
 - Add a sinsp::fseek() which just uses scap_fseek().

* Add ftell/ability to read bytes written.

Add scap_dump_ftell, which maps to gztell, and
sinsp_dumper::next_write_position, which uses scap_dump_ftell.

* Add ability to skip proc scan for fd opens.

Add an argument to scap_dump_open_fd that controls whether or not to do
a scan of /proc when initializing the dump file.

In sinsp_dumper::fdopen, set this to false. Also write the thread table
to the file, following recent changes to sinsp_dumper::open.

* Add a filtercheck for process tty. (draios#847)

This allows it to be used in falco rules.

* Try changing the build environment (draios#849)

* Try changing the build environment

Adding sudo: required, as falco does, should allow the kernel driver to build.

* Run sysdig without -N

draios@65ef7a6
got rid of -N, so don't add that option.

* Set close-on-exec flag for driver fds. (draios#851)

While debugging some agent unit tests, I noticed that after a fork +
exec the number of driver references was higher than expected. Some of
these problems can be fixed within the tests, but it's also useful to
set the close-on-exec flag for the driver fd so it's closed during an
exec.

Also fix some error messages that were referring to a hardcoded
sysdig_probe instead of PROBE_DEVICE_NAME.

* Use strtok_r instead of strtok. (draios#850)

Ensures thread safety.

Merge branch 'dev' into falco-master

Rkt k8s (draios#834)

* Initial refactoring of cgroup parsing.

* Prototyping for kubernetes case.

* Fix for kubernetes/rkt, has to be tested in such environment.

* Fix for the pod id character stripping.

* Removed extensive logging and commented out lines.

Fix -R on csysdig

[agent-master only] Remove unused and deprecated task_times() declara…

…tion

Fix for CoreOS not to show systemd internal processes. (draios#817)

* Fix for CoreOS not to show systemd internal processes.

* Validation of application name when parsed.

Fix for lxc on Ubuntu 16.10

It looks that on Ubuntu 16.10 lxc containers cgroups may contain
systemd slices:

11:devices:/lxc/x1/system.slice/snapd.service
10:memory:/lxc/x1/system.slice/snapd.service
9:hugetlb:/lxc/x1
8:perf_event:/lxc/x1
7:cpuset:/lxc/x1
6:pids:/lxc/x1/system.slice/snapd.service
5:freezer:/lxc/x1
4:cpu,cpuacct:/lxc/x1/system.slice/snapd.service
3:net_cls,net_prio:/lxc/x1
2:blkio:/lxc/x1/system.slice/snapd.service
1:name=systemd:/lxc/x1/system.slice/snapd.service

this fix uses as container id only the first path after /lxc/ instead of
everything. It looks safe since `/` is forbidden as containerid