diff --git a/scripts/falco-driver-loader b/scripts/falco-driver-loader index 37d0ec38..a9395bc9 100755 --- a/scripts/falco-driver-loader +++ b/scripts/falco-driver-loader @@ -16,7 +16,7 @@ # limitations under the License. # # Simple script that desperately tries to load the kernel instrumentation by -# looking for it in a bunch of ways. Convenient when running falco inside +# looking for it in a bunch of ways. Convenient when running Falco inside # a container or in other weird environments. # @@ -155,20 +155,20 @@ load_kernel_module_compile() { # Try to compile using all the available gcc versions for CURRENT_GCC in $(which gcc) $(ls "$(dirname "$(which gcc)")"/gcc-* | grep 'gcc-[0-9]\+' | sort -r); do - echo "* Trying to dkms install the Falco module with GCC ${CURRENT_GCC}" + echo "* Trying to dkms install ${DRIVER_NAME} module with GCC ${CURRENT_GCC}" echo "#!/usr/bin/env bash" > /tmp/falco-dkms-make echo "make CC=${CURRENT_GCC} \$@" >> /tmp/falco-dkms-make chmod +x /tmp/falco-dkms-make if dkms install --directive="MAKE='/tmp/falco-dkms-make'" -m "${DRIVER_NAME}" -v "${DRIVER_VERSION}" -k "${KERNEL_RELEASE}" 2>/dev/null; then - echo "* Falco module installed in dkms, trying to insmod" + echo "* ${DRIVER_NAME} module installed in dkms, trying to insmod" if insmod "/var/lib/dkms/${DRIVER_NAME}/${DRIVER_VERSION}/${KERNEL_RELEASE}/${ARCH}/module/${DRIVER_NAME}.ko" > /dev/null 2>&1; then - echo "* Success: Falco module found and loaded in dkms" + echo "* Success: ${DRIVER_NAME} module found and loaded in dkms" exit 0 elif insmod "/var/lib/dkms/${DRIVER_NAME}/${DRIVER_VERSION}/${KERNEL_RELEASE}/${ARCH}/module/${DRIVER_NAME}.ko.xz" > /dev/null 2>&1; then - echo "* Success: Falco module found and loaded in dkms (xz)" + echo "* Success: ${DRIVER_NAME} module found and loaded in dkms (xz)" exit 0 else - echo "* Unable to insmod the Falco module" + echo "* Unable to insmod ${DRIVER_NAME} module" fi else DKMS_LOG="/var/lib/dkms/${DRIVER_NAME}/${DRIVER_VERSION}/build/make.log" @@ -190,13 +190,13 @@ load_kernel_module_download() { local URL URL=$(echo "${DRIVERS_REPO}/${DRIVER_VERSION}/${FALCO_KERNEL_MODULE_FILENAME}" | sed s/+/%2B/g) - echo "* Trying to download a prebuilt Falco module from ${URL}" + echo "* Trying to download a prebuilt ${DRIVER_NAME} module from ${URL}" if curl -L --create-dirs "${FALCO_DRIVER_CURL_OPTIONS}" -o "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" "${URL}"; then echo "* Download succeeded" - insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" && echo "* Success: Falco module found and inserted" + insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" && echo "* Success: ${DRIVER_NAME} module found and inserted" exit $? else - >&2 echo "Unable to find a prebuilt Falco module" + >&2 echo "Unable to find a prebuilt ${DRIVER_NAME} module" return fi } @@ -217,42 +217,42 @@ load_kernel_module() { exit 1 fi - echo "* Unloading the Falco module, if present" + echo "* Unloading ${DRIVER_NAME} module, if present" rmmod "${DRIVER_NAME}" 2>/dev/null WAIT_TIME=0 KMOD_NAME=$(echo "${DRIVER_NAME}" | tr "-" "_") while lsmod | cut -d' ' -f1 | grep -qx "${KMOD_NAME}" && [ $WAIT_TIME -lt "${MAX_RMMOD_WAIT}" ]; do if rmmod "${DRIVER_NAME}" 2>/dev/null; then - echo "* Unloading the Falco module succeeded after ${WAIT_TIME}s" + echo "* Unloading ${DRIVER_NAME} module succeeded after ${WAIT_TIME}s" break fi ((++WAIT_TIME)) if (( WAIT_TIME % 5 == 0 )); then - echo "* Falco module still loaded, waited ${WAIT_TIME}s (max wait ${MAX_RMMOD_WAIT}s)" + echo "* ${DRIVER_NAME} module still loaded, waited ${WAIT_TIME}s (max wait ${MAX_RMMOD_WAIT}s)" fi sleep 1 done if lsmod | cut -d' ' -f1 | grep -qx "${KMOD_NAME}" > /dev/null 2>&1; then - echo "* Falco module seems to still be loaded, hoping the best" + echo "* ${DRIVER_NAME} module seems to still be loaded, hoping the best" exit 0 fi - echo "* Trying to load a system Falco module, if present" + echo "* Trying to load a system ${DRIVER_NAME} module, if present" if modprobe "${DRIVER_NAME}" > /dev/null 2>&1; then - echo "* Success: Falco module found and loaded with modprobe" + echo "* Success: ${DRIVER_NAME} module found and loaded with modprobe" exit 0 fi - echo "* Looking for a Falco module locally (kernel ${KERNEL_RELEASE})" + echo "* Looking for a ${DRIVER_NAME} module locally (kernel ${KERNEL_RELEASE})" get_target_id local FALCO_KERNEL_MODULE_FILENAME="${DRIVER_NAME}_${TARGET_ID}_${KERNEL_RELEASE}_${KERNEL_VERSION}.ko" if [ -f "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" ]; then - echo "* Found a prebuilt Falco module at ${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}, loading it" - insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" && echo "* Success: Falco module found and inserted" + echo "* Found a prebuilt ${DRIVER_NAME} module at ${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}, loading it" + insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" && echo "* Success: ${DRIVER_NAME} module found and inserted" exit $? fi @@ -265,7 +265,7 @@ load_kernel_module() { fi # Not able to download a prebuilt module nor to compile one on-the-fly - >&2 echo "Consider compiling your own Falco driver and loading it or getting in touch with the Falco community" + >&2 echo "Consider compiling your own ${DRIVER_NAME} driver and loading it or getting in touch with the Falco community" exit 1 } @@ -283,12 +283,12 @@ clean_kernel_module() { KMOD_NAME=$(echo "${DRIVER_NAME}" | tr "-" "_") if lsmod | cut -d' ' -f1 | grep -qx "${KMOD_NAME}"; then if rmmod "${DRIVER_NAME}" 2>/dev/null; then - echo "* Unloading the Falco module succeeded" + echo "* Unloading ${DRIVER_NAME} module succeeded" else - echo "* Unloading the Falco module failed" + echo "* Unloading ${DRIVER_NAME} module failed" fi else - echo "* There is no Falco module loaded" + echo "* There is no ${DRIVER_NAME} module loaded" fi if ! hash dkms >/dev/null 2>&1; then @@ -298,14 +298,14 @@ clean_kernel_module() { DRIVER_VERSIONS=$(dkms status -m "${DRIVER_NAME}" | cut -d',' -f2 | sed -e 's/^[[:space:]]*//') if [ -z "${DRIVER_VERSIONS}" ]; then - echo "* There is no Falco module in dkms" + echo "* There is no ${DRIVER_NAME} module in dkms" return fi for CURRENT_VER in ${DRIVER_VERSIONS}; do if dkms remove -m "${DRIVER_NAME}" -v "${CURRENT_VER}" --all 2>/dev/null; then - echo "* Removing the Falco module (version ${CURRENT_VER}) succeeded" + echo "* Removing ${DRIVER_NAME}/${CURRENT_VER} succeeded" else - echo "* Removing the Falco module (version ${CURRENT_VER}) failed" + echo "* Removing ${DRIVER_NAME}/${CURRENT_VER} failed" exit 1 fi done @@ -432,12 +432,18 @@ load_bpf_probe_download() { echo "* Trying to download a prebuilt eBPF probe from ${URL}" if ! curl -L --create-dirs "${FALCO_DRIVER_CURL_OPTIONS}" -o "${HOME}/.falco/${BPF_PROBE_FILENAME}" "${URL}"; then - >&2 echo "Unable to find a prebuilt Falco eBPF probe" + >&2 echo "Unable to find a prebuilt ${DRIVER_NAME} eBPF probe" return fi } load_bpf_probe() { + echo "* Mounting debugfs" + + if [ ! -d /sys/kernel/debug/tracing ]; then + mount -t debugfs nodev /sys/kernel/debug + fi + get_target_id BPF_PROBE_FILENAME="${DRIVER_NAME}_${TARGET_ID}_${KERNEL_RELEASE}_${KERNEL_VERSION}.o" @@ -465,7 +471,7 @@ load_bpf_probe() { && echo "* Success: eBPF probe symlinked to ${HOME}/.falco/${DRIVER_NAME}-bpf.o" exit $? else - >&2 echo "Unable to load the Falco eBPF probe" + >&2 echo "Unable to load the ${DRIVER_NAME} eBPF probe" exit 1 fi }