new(scrips): improve systemd units for rpm and debian.

Unify them; plus, rework systemd units to support eBPF too.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

scripts/debian/falco.service

@@ -1,26 +0,0 @@
-[Unit]
-Description=Falco: Container Native Runtime Security
-Documentation=https://falco.org/docs/
-After=falco_inject_kmod.service
-Requires=falco_inject_kmod.service
-
-[Service]
-Type=simple
-User=root
-ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid
-ExecStopPost=/sbin/rmmod falco
-UMask=0077
-TimeoutSec=30
-RestartSec=15s
-Restart=on-failure
-PrivateTmp=true
-NoNewPrivileges=yes
-ProtectHome=read-only
-ProtectSystem=full
-ProtectKernelTunables=true
-ReadWritePaths=/sys/module/falco
-RestrictRealtime=true
-RestrictAddressFamilies=~AF_PACKET
-
-[Install]
-WantedBy=multi-user.target

scripts/debian/falco_inject_kmod.service

@@ -1,13 +0,0 @@
-[Unit]
-Description=Falco: Container Native Runtime Security
-Documentation=https://falco.org/docs/
-Before=falco.service
-Wants=falco.service
-
-[Service]
-Type=oneshot
-User=root
-ExecStart=/sbin/modprobe falco
-
-[Install]
-WantedBy=multi-user.target

scripts/debian/postinst.in

@@ -47,17 +47,17 @@ esac
 
 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
         # This will only remove masks created by d-s-h on package removal.
-        deb-systemd-helper unmask 'falco.service' >/dev/null || true
+        deb-systemd-helper unmask 'falco@kmod.target' >/dev/null || true
 
         # was-enabled defaults to true, so new installations run enable.
-        if deb-systemd-helper --quiet was-enabled 'falco.service'; then
+        if deb-systemd-helper --quiet was-enabled 'falco@kmod.target'; then
                 # Enables the unit on first installation, creates new
                 # symlinks on upgrades if the unit file has changed.
-                deb-systemd-helper enable 'falco.service' >/dev/null || true
+                deb-systemd-helper enable 'falco@kmod.target' >/dev/null || true
         else
                 # Update the statefile to add new symlinks (if any), which need to be
                 # cleaned up on purge. Also remove old symlinks.
-                deb-systemd-helper update-state 'falco.service' >/dev/null || true
+                deb-systemd-helper update-state 'falco@kmod.target' >/dev/null || true
         fi
 fi
 
@@ -69,6 +69,6 @@ if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-decon
                 else
                         _dh_action=start
                 fi
-                deb-systemd-invoke $_dh_action 'falco.service' >/dev/null || true
+                deb-systemd-invoke $_dh_action 'falco@kmod.target' >/dev/null || true
         fi
 fi

scripts/debian/postrm.in

@@ -27,13 +27,13 @@ fi
 
 if [ "$1" = "remove" ]; then
         if [ -x "/usr/bin/deb-systemd-helper" ]; then
-                deb-systemd-helper mask 'falco.service' >/dev/null || true
+                deb-systemd-helper mask 'falco@kmod.target' >/dev/null || true
         fi
 fi
 
 if [ "$1" = "purge" ]; then
         if [ -x "/usr/bin/deb-systemd-helper" ]; then
-                deb-systemd-helper purge 'falco.service' >/dev/null || true
-                deb-systemd-helper unmask 'falco.service' >/dev/null || true
+                deb-systemd-helper purge 'falco@kmod.target' >/dev/null || true
+                deb-systemd-helper unmask 'falco@kmod.target' >/dev/null || true
         fi
 fi

scripts/debian/prerm.in

@@ -22,7 +22,7 @@ set -e
 # Currently running falco service uses the driver, so stop it before driver cleanup
 
 if [ -d /run/systemd/system ] && [ "$1" = remove ]; then
-        deb-systemd-invoke stop 'falco.service' >/dev/null || true
+        deb-systemd-invoke stop 'falco@kmod.target' >/dev/null || true
 fi
 
 case "$1" in