github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-18 16:07:21 +00:00
Code Issues Projects Releases Wiki Activity

Changes related to use of kernel module.

Browse Source 
While building falco from source, I found a couple of problems related
to use of kernel modules:

1. The falco build needs driver_config.h from the sysdig repo, but it
isn't created by default.

[ 50%] Building C object userspace/libscap/CMakeFiles/scap.dir/scap.c.o
/mnt/sf_stemm/work/src/sysdig/userspace/libscap/scap.c:34:40: fatal error: ../../driver/driver_config.h: No such file or directory
compilation terminated.c

Fixed by adding ${SYSDIG_DIR}/driver to CMakeLists.txt. I did notice
that after doing this the object files were in the sysdig/driver
directory, but I don't think this is related to the Makefiles/CMakeFiles
in the sysdig/driver directory?

2. Falco needs the sysdig kernel module, but it may not be loaded if no
other sysdig is installed.

Added notes to the README that discuss loading the kernel module by hand
if no binary sysdig is installed.
This commit is contained in:
Mark Stemm
2016-05-02 22:44:41 -07:00
parent 7040d018c4
commit 345452836b
2 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CMakeLists.txt
View File

@@ -155,6 +155,7 @@ ExternalProject_Add(lpeg
install(FILES falco.yaml
DESTINATION "${DIR_ETC}")
add_subdirectory(${SYSDIG_DIR}/driver ${PROJECT_BINARY_DIR}/driver)
add_subdirectory(${SYSDIG_DIR}/userspace/libscap ${PROJECT_BINARY_DIR}/userspace/libscap)
add_subdirectory(${SYSDIG_DIR}/userspace/libsinsp ${PROJECT_BINARY_DIR}/userspace/libsinsp)

11
README.md
View File

@@ -69,11 +69,11 @@ Instructions for Centos and Ubuntu.
## Building Falco
## Building and running Falco locally from source
Building Falco requires having `cmake` and `g++` installed.
### Building
### Building Falco
Clone this repo in a directory that also contains the sysdig source repo. The result should be something like:
```
@@ -98,8 +98,13 @@ $ make
as a result, you should have a falco executable in `build/userspace/falco/falco`.
### (Optional) Install sysdig kernel driver
### Running locally-built Falco
If you have a binary version of sysdig installed, the sysdig kernel module is already loaded and can be used by falco. Otherwise, you should load the kernel module from the sysdig source directory. Assuming you are in the `build` dir, you can install the kernel module via:
`$ insmod driver/sysdig-probe.ko`
### Running Falco
Assuming you are in the `build` dir, you can run Falco as: