diff --git a/CMakeLists.txt b/CMakeLists.txt index 5247e37d..5bffdc08 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -73,7 +73,7 @@ include(GetFalcoVersion) set(PACKAGE_NAME "falco") set(PROBE_NAME "falco") set(PROBE_DEVICE_NAME "falco") -set(DRIVERS_REPO "https://bintray.com/falcosecurity/driver") +set(DRIVERS_REPO "https://dl.bintray.com/falcosecurity/driver") if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT) set(CMAKE_INSTALL_PREFIX /usr diff --git a/scripts/falco-driver-loader b/scripts/falco-driver-loader index 9566782f..051c7012 100755 --- a/scripts/falco-driver-loader +++ b/scripts/falco-driver-loader @@ -105,7 +105,7 @@ get_target_id() { if [ -f "${HOST_ROOT}/etc/os-release" ]; then # freedesktop.org and systemd # shellcheck source=/dev/null - source "/etc/os-release" + source "${HOST_ROOT}/etc/os-release" OS_ID=$ID elif [ -f "${HOST_ROOT}/etc/debian_version" ]; then # Older Debian @@ -156,24 +156,24 @@ load_kernel_module() { exit 1 fi - echo "* Unloading ${DRIVER_NAME}, if present" + echo "* Unloading ${DRIVER_NAME} module, if present" rmmod "${DRIVER_NAME}" 2>/dev/null WAIT_TIME=0 KMOD_NAME=$(echo "${DRIVER_NAME}" | tr "-" "_") while lsmod | grep "${KMOD_NAME}" > /dev/null 2>&1 && [ $WAIT_TIME -lt "${MAX_RMMOD_WAIT}" ]; do if rmmod "${DRIVER_NAME}" 2>/dev/null; then - echo "* Unloading ${DRIVER_NAME} succeeded after ${WAIT_TIME}s" + echo "* Unloading ${DRIVER_NAME} module succeeded after ${WAIT_TIME}s" break fi ((++WAIT_TIME)) if (( WAIT_TIME % 5 == 0 )); then - echo "* ${DRIVER_NAME} still loaded, waited ${WAIT_TIME}s (max wait ${MAX_RMMOD_WAIT}s)" + echo "* ${DRIVER_NAME} module still loaded, waited ${WAIT_TIME}s (max wait ${MAX_RMMOD_WAIT}s)" fi sleep 1 done if lsmod | grep "${KMOD_NAME}" > /dev/null 2>&1; then - echo "* ${DRIVER_NAME} seems to still be loaded, hoping the best" + echo "* ${DRIVER_NAME} module seems to still be loaded, hoping the best" exit 0 fi @@ -182,13 +182,13 @@ load_kernel_module() { echo "* Skipping dkms install for UEK host" else if hash dkms &>/dev/null && dkms install -m "${DRIVER_NAME}" -v "${DRIVER_VERSION}" -k "${KERNEL_RELEASE}" 2>/dev/null; then - echo "* Trying to load a dkms ${DRIVER_NAME}, if present" + echo "* Trying to load a dkms ${DRIVER_NAME} module, if present" if insmod "/var/lib/dkms/${DRIVER_NAME}/${DRIVER_VERSION}/${KERNEL_RELEASE}/${ARCH}/module/${DRIVER_NAME}.ko" > /dev/null 2>&1; then - echo "${DRIVER_NAME} found and loaded in dkms" + echo "${DRIVER_NAME} module found and loaded in dkms" exit 0 elif insmod "/var/lib/dkms/${DRIVER_NAME}/${DRIVER_VERSION}/${KERNEL_RELEASE}/${ARCH}/module/${DRIVER_NAME}.ko.xz" > /dev/null 2>&1; then - echo "${DRIVER_NAME} found and loaded in dkms (xz)" + echo "${DRIVER_NAME} module found and loaded in dkms (xz)" exit 0 else echo "* Unable to insmod" @@ -204,21 +204,21 @@ load_kernel_module() { fi fi - echo "* Trying to load a system ${DRIVER_NAME}, if present" + echo "* Trying to load a system ${DRIVER_NAME} driver, if present" if modprobe "${DRIVER_NAME}" > /dev/null 2>&1; then - echo "${DRIVER_NAME} found and loaded with modprobe" + echo "${DRIVER_NAME} module found and loaded with modprobe" exit 0 fi - echo "* Trying to find precompiled ${DRIVER_NAME} for ${KERNEL_RELEASE}" + echo "* Trying to find a prebuilt ${DRIVER_NAME} module for kernel ${KERNEL_RELEASE}" get_target_id local FALCO_KERNEL_MODULE_FILENAME="${DRIVER_NAME}_${TARGET_ID}_${KERNEL_RELEASE}_${KERNEL_VERSION}.ko" if [ -f "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" ]; then - echo "Found precompiled module at ~/.falco/${FALCO_KERNEL_MODULE_FILENAME}, loading module" + echo "Found a prebuilt module at ${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}, loading it" insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" exit $? fi @@ -226,13 +226,13 @@ load_kernel_module() { local URL URL=$(echo "${DRIVERS_REPO}/kernel-module/${DRIVER_VERSION}/${FALCO_KERNEL_MODULE_FILENAME}" | sed s/+/%2B/g) - echo "* Trying to download precompiled module from ${URL}" + echo "* Trying to download prebuilt module from ${URL}" if curl --create-dirs "${FALCO_DRIVER_CURL_OPTIONS}" -o "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" "${URL}"; then echo "Download succeeded, loading module" insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" exit $? else - >&2 echo "Download failed, consider compiling your own ${DRIVER_NAME} and loading it or getting in touch with the Falco community" + >&2 echo "Download failed, consider compiling your own ${DRIVER_NAME} module and loading it or getting in touch with the Falco community" exit 1 fi } @@ -362,7 +362,7 @@ load_bpf_probe() { customize_kernel_build fi - echo "* Trying to compile BPF probe (${BPF_PROBE_FILENAME})" + echo "* Trying to compile the eBPF probe (${BPF_PROBE_FILENAME})" make -C "/usr/src/${DRIVER_NAME}-${DRIVER_VERSION}/bpf" > /dev/null @@ -378,27 +378,25 @@ load_bpf_probe() { local URL URL=$(echo "${DRIVERS_REPO}/ebpf-probe/${DRIVER_VERSION}/${BPF_PROBE_FILENAME}" | sed s/+/%2B/g) - echo "* Trying to download precompiled BPF probe from ${URL}" + echo "* Trying to download a prebuilt eBPF probe from ${URL}" curl --create-dirs "${FALCO_DRIVER_CURL_OPTIONS}" -o "${HOME}/.falco/${BPF_PROBE_FILENAME}" "${URL}" fi if [ -f "${HOME}/.falco/${BPF_PROBE_FILENAME}" ]; then if [ ! -f /proc/sys/net/core/bpf_jit_enable ]; then - echo "**********************************************************" - echo "** BPF doesn't have JIT enabled, performance might be **" - echo "** degraded. Please ensure to run on a kernel with **" - echo "** CONFIG_BPF_JIT enabled and/or use --net=host if **" - echo "** running inside a container. **" - echo "**********************************************************" + echo "******************************************************************" + echo "** BPF doesn't have JIT enabled, performance might be degraded. **" + echo "** Please ensure to run on a kernel with CONFIG_BPF_JIT on. **" + echo "******************************************************************" fi - echo "* BPF probe located, it's now possible to start falco" + echo "* eBPF probe located, it's now possible to start Falco" ln -sf "${HOME}/.falco/${BPF_PROBE_FILENAME}" "${HOME}/.falco/${DRIVER_NAME}-bpf.o" exit $? else - echo "* Failure to find a BPF probe" + echo "* Failure to find an eBPF probe" exit 1 fi }