mirror of
https://github.com/falcosecurity/falco.git
synced 2025-08-10 10:32:23 +00:00
chore(scripts): updated debian and rpm post installation scripts to deal with new automatic driver selection as default behavior.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro
poiana
parent
53d13f8bfc
commit
2ede48ccfc
@ -17,7 +17,8 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
#
|
#
|
||||||
|
|
||||||
chosen_driver=
|
# By default, we use the automatic selection for drivers
|
||||||
|
chosen_driver="auto"
|
||||||
chosen_unit=
|
chosen_unit=
|
||||||
CHOICE=
|
CHOICE=
|
||||||
|
|
||||||
@ -39,42 +40,54 @@ systemctl --system unmask falcoctl-artifact-follow.service || true
|
|||||||
|
|
||||||
if [ "$1" = "configure" ]; then
|
if [ "$1" = "configure" ]; then
|
||||||
case $FALCO_DRIVER_CHOICE in
|
case $FALCO_DRIVER_CHOICE in
|
||||||
kmod)
|
none)
|
||||||
CHOICE=2
|
CHOICE=1
|
||||||
;;
|
;;
|
||||||
ebpf)
|
kmod)
|
||||||
CHOICE=3
|
CHOICE=3
|
||||||
;;
|
;;
|
||||||
modern_ebpf)
|
ebpf)
|
||||||
CHOICE=4
|
CHOICE=4
|
||||||
;;
|
;;
|
||||||
|
modern_ebpf)
|
||||||
|
CHOICE=5
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
if [ -z $CHOICE ] && [ -x /usr/bin/dialog ] && [ "${FALCO_FRONTEND}" != "noninteractive" ]; then
|
if [ -z $CHOICE ] && [ -x /usr/bin/dialog ] && [ "${FALCO_FRONTEND}" != "noninteractive" ]; then
|
||||||
# If dialog is installed, create a dialog to let users choose the correct driver for them
|
# If dialog is installed, create a dialog to let users choose the correct driver for them
|
||||||
CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 55 4 \
|
CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 55 4 \
|
||||||
1 "Manual configuration (no unit is started)" \
|
1 "Manual configuration (no unit is started)" \
|
||||||
2 "Kmod" \
|
2 "Automatic selection" \
|
||||||
3 "eBPF" \
|
3 "Kmod" \
|
||||||
4 "Modern eBPF" \
|
4 "eBPF" \
|
||||||
|
5 "Modern eBPF" \
|
||||||
2>&1 >/dev/tty)
|
2>&1 >/dev/tty)
|
||||||
fi
|
fi
|
||||||
|
# No need to manage automatic case since it is already the default
|
||||||
case $CHOICE in
|
case $CHOICE in
|
||||||
2)
|
1)
|
||||||
chosen_driver="kmod"
|
chosen_driver=""
|
||||||
chosen_unit="kmod"
|
|
||||||
;;
|
;;
|
||||||
3)
|
3)
|
||||||
chosen_driver="ebpf"
|
chosen_driver="kmod"
|
||||||
chosen_unit="bpf"
|
|
||||||
;;
|
;;
|
||||||
4)
|
4)
|
||||||
|
chosen_driver="ebpf"
|
||||||
|
;;
|
||||||
|
5)
|
||||||
chosen_driver="modern_ebpf"
|
chosen_driver="modern_ebpf"
|
||||||
chosen_unit="modern-bpf"
|
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
if [ -n "$CHOICE" ]; then
|
if [ -n "$chosen_driver" ]; then
|
||||||
echo "[POST-INSTALL] Configure falcoctl driver type:"
|
echo "[POST-INSTALL] Configure falcoctl driver type:"
|
||||||
falcoctl driver config --type $chosen_driver
|
if [ "$chosen_driver" = "auto" ]; then
|
||||||
|
# Configure falcoctl to enable all drivers
|
||||||
|
falcoctl driver config --type "modern_ebpf" --type "ebpf" --type "kmod"
|
||||||
|
# Load the actually automatic chosen driver
|
||||||
|
chosen_driver=$(falcoctl driver printenv | grep DRIVER= | cut -d'"' -f2)
|
||||||
|
else
|
||||||
|
falcoctl driver config --type "$chosen_driver"
|
||||||
|
fi
|
||||||
CHOICE=
|
CHOICE=
|
||||||
case $FALCOCTL_ENABLED in
|
case $FALCOCTL_ENABLED in
|
||||||
no)
|
no)
|
||||||
@ -108,10 +121,15 @@ case "$chosen_driver" in
|
|||||||
# Only compile for kmod, in this way we use dkms
|
# Only compile for kmod, in this way we use dkms
|
||||||
echo "[POST-INSTALL] Call 'falcoctl driver install for kmod:"
|
echo "[POST-INSTALL] Call 'falcoctl driver install for kmod:"
|
||||||
falcoctl driver install --download=false
|
falcoctl driver install --download=false
|
||||||
|
chosen_unit="kmod"
|
||||||
;;
|
;;
|
||||||
"ebpf")
|
"ebpf")
|
||||||
echo "[POST-INSTALL] Call 'falcoctl driver install for ebpf':"
|
echo "[POST-INSTALL] Call 'falcoctl driver install for ebpf':"
|
||||||
falcoctl driver install
|
falcoctl driver install
|
||||||
|
chosen_unit="bpf"
|
||||||
|
;;
|
||||||
|
"modern_ebpf")
|
||||||
|
chosen_unit="modern-bpf"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|||||||
@ -16,7 +16,8 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
#
|
#
|
||||||
|
|
||||||
chosen_driver=
|
# By default, we use the automatic selection for drivers
|
||||||
|
chosen_driver="auto"
|
||||||
chosen_unit=
|
chosen_unit=
|
||||||
CHOICE=
|
CHOICE=
|
||||||
|
|
||||||
@ -38,42 +39,53 @@ systemctl --system unmask falcoctl-artifact-follow.service || true
|
|||||||
|
|
||||||
if [ $1 -ge 1 ]; then
|
if [ $1 -ge 1 ]; then
|
||||||
case $FALCO_DRIVER_CHOICE in
|
case $FALCO_DRIVER_CHOICE in
|
||||||
kmod)
|
none)
|
||||||
CHOICE=2
|
CHOICE=1
|
||||||
;;
|
;;
|
||||||
ebpf)
|
kmod)
|
||||||
CHOICE=3
|
CHOICE=3
|
||||||
;;
|
;;
|
||||||
modern_ebpf)
|
ebpf)
|
||||||
CHOICE=4
|
CHOICE=4
|
||||||
;;
|
;;
|
||||||
|
modern_ebpf)
|
||||||
|
CHOICE=5
|
||||||
|
;;
|
||||||
esac
|
esac
|
||||||
if [ -z $CHOICE ] && [ -x /usr/bin/dialog ] && [ "${FALCO_FRONTEND}" != "noninteractive" ]; then
|
if [ -z $CHOICE ] && [ -x /usr/bin/dialog ] && [ "${FALCO_FRONTEND}" != "noninteractive" ]; then
|
||||||
# If dialog is installed, create a dialog to let users choose the correct driver for them
|
# If dialog is installed, create a dialog to let users choose the correct driver for them
|
||||||
CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 55 4 \
|
CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 55 4 \
|
||||||
1 "Manual configuration (no unit is started)" \
|
1 "Manual configuration (no unit is started)" \
|
||||||
2 "Kmod" \
|
2 "Automatic selection" \
|
||||||
3 "eBPF" \
|
3 "Kmod" \
|
||||||
4 "Modern eBPF" \
|
4 "eBPF" \
|
||||||
|
5 "Modern eBPF" \
|
||||||
2>&1 >/dev/tty)
|
2>&1 >/dev/tty)
|
||||||
fi
|
fi
|
||||||
|
# No need to manage automatic case since it is already the default
|
||||||
case $CHOICE in
|
case $CHOICE in
|
||||||
2)
|
1)
|
||||||
chosen_driver="kmod"
|
chosen_driver=""
|
||||||
chosen_unit="kmod"
|
|
||||||
;;
|
;;
|
||||||
3)
|
3)
|
||||||
chosen_driver="ebpf"
|
chosen_driver="kmod"
|
||||||
chosen_unit="bpf"
|
|
||||||
;;
|
;;
|
||||||
4)
|
4)
|
||||||
|
chosen_driver="ebpf"
|
||||||
|
;;
|
||||||
|
5)
|
||||||
chosen_driver="modern_ebpf"
|
chosen_driver="modern_ebpf"
|
||||||
chosen_unit="modern-bpf"
|
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
if [ -n "$CHOICE" ]; then
|
if [ -n "$chosen_driver" ]; then
|
||||||
echo "[POST-INSTALL] Configure falcoctl driver type:"
|
if [ "$chosen_driver" = "auto" ]; then
|
||||||
falcoctl driver config --type $chosen_driver
|
# Configure falcoctl to enable all drivers
|
||||||
|
falcoctl driver config --type "modern_ebpf" --type "ebpf" --type "kmod"
|
||||||
|
# Load the actually automatic chosen driver
|
||||||
|
chosen_driver=$(falcoctl driver printenv | grep DRIVER= | cut -d'"' -f2)
|
||||||
|
else
|
||||||
|
falcoctl driver config --type "$chosen_driver"
|
||||||
|
fi
|
||||||
CHOICE=
|
CHOICE=
|
||||||
case $FALCOCTL_ENABLED in
|
case $FALCOCTL_ENABLED in
|
||||||
no)
|
no)
|
||||||
@ -107,10 +119,15 @@ case "$chosen_driver" in
|
|||||||
# Only compile for kmod, in this way we use dkms
|
# Only compile for kmod, in this way we use dkms
|
||||||
echo "[POST-INSTALL] Call 'falcoctl driver install for kmod:"
|
echo "[POST-INSTALL] Call 'falcoctl driver install for kmod:"
|
||||||
falcoctl driver install --download=false
|
falcoctl driver install --download=false
|
||||||
|
chosen_unit="kmod"
|
||||||
;;
|
;;
|
||||||
"ebpf")
|
"ebpf")
|
||||||
echo "[POST-INSTALL] Call 'falcoctl driver install for ebpf':"
|
echo "[POST-INSTALL] Call 'falcoctl driver install for ebpf':"
|
||||||
falcoctl driver install
|
falcoctl driver install
|
||||||
|
chosen_unit="bpf"
|
||||||
|
;;
|
||||||
|
"modern_ebpf")
|
||||||
|
chosen_unit="modern-bpf"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user