From 8fe79ee45de78e825ba80ddb1c093f1afdd85f62 Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Tue, 7 Jun 2022 17:12:04 +0200 Subject: [PATCH] update(falco_scripts): support pre-built module/probe on Flatcar Pre-built kernel modules/eBPF probes for Flatcar use the value of the OS VERSION_ID field as KERNEL_RELEASE in the filename. A specific kernel release version does not uniquely identify a Flatcar configuration, because Flatcar is image-based instead of package-based. Here's a more specific example: the same kernel version can be part of various Flatcar releases (across channels alpha/beta/stable) with differences in configuration. This is why we use the VERSION_ID value during offline builds with driverkit. Flatcar version numbers are all higher than 1500.0.0, so there is no risk of collision with kernel version numbers. When locally building the kernel module on the system, we have access to the correct kernel build directory at /lib/modules/$(uname -r)/build with the right configuration and so for that branch, we need to reset KERNEL_RELEASE=$(uname -r). See also the driverkit PR that introduces a builder for Flatcar: https://github.com/falcosecurity/driverkit/pull/131 Signed-off-by: Jeremi Piotrowski --- scripts/falco-driver-loader | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/falco-driver-loader b/scripts/falco-driver-loader index 6e0acd7f29e..2bbe9a653e2 100755 --- a/scripts/falco-driver-loader +++ b/scripts/falco-driver-loader @@ -135,6 +135,10 @@ get_target_id() { TARGET_ID="ubuntu-generic" fi ;; + ("flatcar") + KERNEL_RELEASE="${VERSION_ID}" + TARGET_ID=$(echo "${OS_ID}" | tr '[:upper:]' '[:lower:]') + ;; (*) TARGET_ID=$(echo "${OS_ID}" | tr '[:upper:]' '[:lower:]') ;; @@ -180,6 +184,7 @@ load_kernel_module_compile() { fi if [ "${TARGET_ID}" == "flatcar" ]; then + KERNEL_RELEASE=$(uname -r) echo "* Flatcar detected (version ${VERSION_ID}); relocating kernel tools" flatcar_relocate_tools fi