Load/unload kernel module on start/stop (#459)

* Load/unload kernel module on start/stop When falco is started, load the kernel module. (The falco binary also will do a modprobe if it can't open the inspector, as a backup). When falco is stopped, unload the kernel module. This fixes https://github.com/falcosecurity/falco/issues/418. * Put script execute line in right place.
2025-09-07 17:54:07 +00:00 · 2018-11-06 13:07:50 -08:00
parent 6eac49e5ae
commit 32f8e304eb
2 changed files with 10 additions and 1 deletions
--- a/scripts/rpm/falco
+++ b/scripts/rpm/falco
@@ -1,3 +1,5 @@
+#!/bin/sh
+
 #
 # Copyright (C) 2016-2018 Draios Inc dba Sysdig.
 #
@@ -16,7 +18,6 @@
 # limitations under the License.
 #

-#!/bin/sh
 #
 # falco syscall monitoring agent
 #
@@ -53,6 +54,9 @@ start() {
    # [ -f $config ] || exit 6
    echo -n $"Starting $prog: "
    daemon $exec --daemon --pidfile=$pidfile
+    if [ ! -d /sys/module/falco_probe ]; then
+        /sbin/modprobe falco-probe || return $?
+    fi
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
@@ -64,6 +68,7 @@ stop() {
    killproc -p $pidfile
    retval=$?
    echo
+    /sbin/rmmod falco-probe
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
 }