mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-11 05:33:33 +00:00
fix(docker): adapt dockerfiles to HOST_ROOT env var
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
parent
17bc344381
commit
3e9ebfb354
@ -6,7 +6,7 @@ ENV FALCO_REPOSITORY dev
|
|||||||
|
|
||||||
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
|
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
|
||||||
|
|
||||||
ENV SYSDIG_HOST_ROOT /host
|
ENV HOST_ROOT /host
|
||||||
|
|
||||||
ENV HOME /root
|
ENV HOME /root
|
||||||
|
|
||||||
@ -91,7 +91,7 @@ RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/fa
|
|||||||
# If it's not empty, docker build will fail instead of
|
# If it's not empty, docker build will fail instead of
|
||||||
# silently overwriting the existing directory
|
# silently overwriting the existing directory
|
||||||
RUN rm -df /lib/modules \
|
RUN rm -df /lib/modules \
|
||||||
&& ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules
|
&& ln -s $HOST_ROOT/lib/modules /lib/modules
|
||||||
|
|
||||||
# debian:unstable head contains binutils 2.31, which generates
|
# debian:unstable head contains binutils 2.31, which generates
|
||||||
# binaries that are incompatible with kernels < 4.16. So manually
|
# binaries that are incompatible with kernels < 4.16. So manually
|
||||||
|
@ -7,7 +7,7 @@ ARG FALCO_VERSION=
|
|||||||
RUN test -n FALCO_VERSION
|
RUN test -n FALCO_VERSION
|
||||||
ENV FALCO_VERSION ${FALCO_VERSION}
|
ENV FALCO_VERSION ${FALCO_VERSION}
|
||||||
|
|
||||||
ENV SYSDIG_HOST_ROOT /host
|
ENV HOST_ROOT /host
|
||||||
|
|
||||||
ENV HOME /root
|
ENV HOME /root
|
||||||
|
|
||||||
@ -89,7 +89,7 @@ RUN rm -rf /usr/bin/clang \
|
|||||||
# If it's not empty, docker build will fail instead of
|
# If it's not empty, docker build will fail instead of
|
||||||
# silently overwriting the existing directory
|
# silently overwriting the existing directory
|
||||||
RUN rm -df /lib/modules \
|
RUN rm -df /lib/modules \
|
||||||
&& ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules
|
&& ln -s $HOST_ROOT/lib/modules /lib/modules
|
||||||
|
|
||||||
ADD falco-${FALCO_VERSION}-x86_64.deb /
|
ADD falco-${FALCO_VERSION}-x86_64.deb /
|
||||||
RUN dpkg -i /falco-${FALCO_VERSION}-x86_64.deb
|
RUN dpkg -i /falco-${FALCO_VERSION}-x86_64.deb
|
||||||
|
@ -12,7 +12,7 @@ LABEL name="falco" \
|
|||||||
|
|
||||||
COPY help.md /tmp/
|
COPY help.md /tmp/
|
||||||
|
|
||||||
ENV SYSDIG_HOST_ROOT /host
|
ENV HOST_ROOT /host
|
||||||
ENV HOME /root
|
ENV HOME /root
|
||||||
|
|
||||||
ADD http://download.draios.com/stable/rpm/draios.repo /etc/yum.repos.d/draios.repo
|
ADD http://download.draios.com/stable/rpm/draios.repo /etc/yum.repos.d/draios.repo
|
||||||
@ -24,11 +24,11 @@ RUN rpm --import https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.pub
|
|||||||
yum -y update-minimal --disablerepo "*" --enablerepo ${REPOLIST} --setopt=tsflags=nodocs \
|
yum -y update-minimal --disablerepo "*" --enablerepo ${REPOLIST} --setopt=tsflags=nodocs \
|
||||||
--security --sec-severity=Important --sec-severity=Critical && \
|
--security --sec-severity=Important --sec-severity=Critical && \
|
||||||
yum -y install --disablerepo "*" --enablerepo ${REPOLIST} --setopt=tsflags=nodocs ${INSTALL_PKGS} && \
|
yum -y install --disablerepo "*" --enablerepo ${REPOLIST} --setopt=tsflags=nodocs ${INSTALL_PKGS} && \
|
||||||
### help file markdown to man conversion
|
### help file markdown to man conversion
|
||||||
go-md2man -in /tmp/help.md -out /help.1 && \
|
go-md2man -in /tmp/help.md -out /help.1 && \
|
||||||
### we delete everything on /usr/src/kernels otherwise it messes up docker-entrypoint.sh
|
### we delete everything on /usr/src/kernels otherwise it messes up docker-entrypoint.sh
|
||||||
rm -fr /usr/src/kernels && \
|
rm -fr /usr/src/kernels && \
|
||||||
rm -df /lib/modules && ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules && \
|
rm -df /lib/modules && ln -s $HOST_ROOT/lib/modules /lib/modules && \
|
||||||
yum clean all
|
yum clean all
|
||||||
|
|
||||||
COPY ./docker-entrypoint.sh /
|
COPY ./docker-entrypoint.sh /
|
||||||
|
@ -6,7 +6,7 @@ ENV FALCO_REPOSITORY dev
|
|||||||
|
|
||||||
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
|
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
|
||||||
|
|
||||||
ENV SYSDIG_HOST_ROOT /host
|
ENV HOST_ROOT /host
|
||||||
|
|
||||||
ENV HOME /root
|
ENV HOME /root
|
||||||
|
|
||||||
@ -16,14 +16,14 @@ ADD http://download.draios.com/apt-draios-priority /etc/apt/preferences.d/
|
|||||||
|
|
||||||
RUN apt-get update \
|
RUN apt-get update \
|
||||||
&& apt-get install -y --no-install-recommends \
|
&& apt-get install -y --no-install-recommends \
|
||||||
# bash-completion \
|
# bash-completion \
|
||||||
# bc \
|
# bc \
|
||||||
ca-certificates \
|
ca-certificates \
|
||||||
curl \
|
curl \
|
||||||
gnupg2 \
|
gnupg2 \
|
||||||
jq \
|
jq \
|
||||||
# netcat \
|
# netcat \
|
||||||
# xz-utils \
|
# xz-utils \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add - \
|
RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add - \
|
||||||
@ -42,7 +42,7 @@ RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/fa
|
|||||||
# If it's not empty, docker build will fail instead of
|
# If it's not empty, docker build will fail instead of
|
||||||
# silently overwriting the existing directory
|
# silently overwriting the existing directory
|
||||||
RUN rm -df /lib/modules \
|
RUN rm -df /lib/modules \
|
||||||
&& ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules
|
&& ln -s $HOST_ROOT/lib/modules /lib/modules
|
||||||
|
|
||||||
#COPY ./entrypoint.sh /
|
#COPY ./entrypoint.sh /
|
||||||
# ENTRYPOINT ["/entrypoint.sh"]
|
# ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
@ -6,7 +6,7 @@ ENV FALCO_REPOSITORY stable
|
|||||||
|
|
||||||
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
|
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
|
||||||
|
|
||||||
ENV SYSDIG_HOST_ROOT /host
|
ENV HOST_ROOT /host
|
||||||
|
|
||||||
ENV HOME /root
|
ENV HOME /root
|
||||||
|
|
||||||
@ -16,14 +16,14 @@ ADD http://download.draios.com/apt-draios-priority /etc/apt/preferences.d/
|
|||||||
|
|
||||||
RUN apt-get update \
|
RUN apt-get update \
|
||||||
&& apt-get install -y --no-install-recommends \
|
&& apt-get install -y --no-install-recommends \
|
||||||
# bash-completion \
|
# bash-completion \
|
||||||
# bc \
|
# bc \
|
||||||
ca-certificates \
|
ca-certificates \
|
||||||
curl \
|
curl \
|
||||||
gnupg2 \
|
gnupg2 \
|
||||||
jq \
|
jq \
|
||||||
# netcat \
|
# netcat \
|
||||||
# xz-utils \
|
# xz-utils \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add - \
|
RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add - \
|
||||||
@ -42,7 +42,7 @@ RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/fa
|
|||||||
# If it's not empty, docker build will fail instead of
|
# If it's not empty, docker build will fail instead of
|
||||||
# silently overwriting the existing directory
|
# silently overwriting the existing directory
|
||||||
RUN rm -df /lib/modules \
|
RUN rm -df /lib/modules \
|
||||||
&& ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules
|
&& ln -s $HOST_ROOT/lib/modules /lib/modules
|
||||||
|
|
||||||
#COPY ./entrypoint.sh /
|
#COPY ./entrypoint.sh /
|
||||||
# ENTRYPOINT ["/entrypoint.sh"]
|
# ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
@ -6,7 +6,7 @@ ENV FALCO_REPOSITORY stable
|
|||||||
|
|
||||||
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
|
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
|
||||||
|
|
||||||
ENV SYSDIG_HOST_ROOT /host
|
ENV HOST_ROOT /host
|
||||||
|
|
||||||
ENV HOME /root
|
ENV HOME /root
|
||||||
|
|
||||||
@ -91,7 +91,7 @@ RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/fa
|
|||||||
# If it's not empty, docker build will fail instead of
|
# If it's not empty, docker build will fail instead of
|
||||||
# silently overwriting the existing directory
|
# silently overwriting the existing directory
|
||||||
RUN rm -df /lib/modules \
|
RUN rm -df /lib/modules \
|
||||||
&& ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules
|
&& ln -s $HOST_ROOT/lib/modules /lib/modules
|
||||||
|
|
||||||
# debian:unstable head contains binutils 2.31, which generates
|
# debian:unstable head contains binutils 2.31, which generates
|
||||||
# binaries that are incompatible with kernels < 4.16. So manually
|
# binaries that are incompatible with kernels < 4.16. So manually
|
||||||
|
Loading…
Reference in New Issue
Block a user