fix(docker): adapt dockerfiles to HOST_ROOT env var

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
Leonardo Di Donato 2019-11-05 15:32:30 +00:00 committed by Lorenzo Fontana
parent 17bc344381
commit 3e9ebfb354
6 changed files with 149 additions and 149 deletions

View File

@ -6,7 +6,7 @@ ENV FALCO_REPOSITORY dev
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE" LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
ENV SYSDIG_HOST_ROOT /host ENV HOST_ROOT /host
ENV HOME /root ENV HOME /root
@ -91,7 +91,7 @@ RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/fa
# If it's not empty, docker build will fail instead of # If it's not empty, docker build will fail instead of
# silently overwriting the existing directory # silently overwriting the existing directory
RUN rm -df /lib/modules \ RUN rm -df /lib/modules \
&& ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules && ln -s $HOST_ROOT/lib/modules /lib/modules
# debian:unstable head contains binutils 2.31, which generates # debian:unstable head contains binutils 2.31, which generates
# binaries that are incompatible with kernels < 4.16. So manually # binaries that are incompatible with kernels < 4.16. So manually

View File

@ -7,7 +7,7 @@ ARG FALCO_VERSION=
RUN test -n FALCO_VERSION RUN test -n FALCO_VERSION
ENV FALCO_VERSION ${FALCO_VERSION} ENV FALCO_VERSION ${FALCO_VERSION}
ENV SYSDIG_HOST_ROOT /host ENV HOST_ROOT /host
ENV HOME /root ENV HOME /root
@ -89,7 +89,7 @@ RUN rm -rf /usr/bin/clang \
# If it's not empty, docker build will fail instead of # If it's not empty, docker build will fail instead of
# silently overwriting the existing directory # silently overwriting the existing directory
RUN rm -df /lib/modules \ RUN rm -df /lib/modules \
&& ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules && ln -s $HOST_ROOT/lib/modules /lib/modules
ADD falco-${FALCO_VERSION}-x86_64.deb / ADD falco-${FALCO_VERSION}-x86_64.deb /
RUN dpkg -i /falco-${FALCO_VERSION}-x86_64.deb RUN dpkg -i /falco-${FALCO_VERSION}-x86_64.deb

View File

@ -12,7 +12,7 @@ LABEL name="falco" \
COPY help.md /tmp/ COPY help.md /tmp/
ENV SYSDIG_HOST_ROOT /host ENV HOST_ROOT /host
ENV HOME /root ENV HOME /root
ADD http://download.draios.com/stable/rpm/draios.repo /etc/yum.repos.d/draios.repo ADD http://download.draios.com/stable/rpm/draios.repo /etc/yum.repos.d/draios.repo
@ -24,11 +24,11 @@ RUN rpm --import https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.pub
yum -y update-minimal --disablerepo "*" --enablerepo ${REPOLIST} --setopt=tsflags=nodocs \ yum -y update-minimal --disablerepo "*" --enablerepo ${REPOLIST} --setopt=tsflags=nodocs \
--security --sec-severity=Important --sec-severity=Critical && \ --security --sec-severity=Important --sec-severity=Critical && \
yum -y install --disablerepo "*" --enablerepo ${REPOLIST} --setopt=tsflags=nodocs ${INSTALL_PKGS} && \ yum -y install --disablerepo "*" --enablerepo ${REPOLIST} --setopt=tsflags=nodocs ${INSTALL_PKGS} && \
### help file markdown to man conversion ### help file markdown to man conversion
go-md2man -in /tmp/help.md -out /help.1 && \ go-md2man -in /tmp/help.md -out /help.1 && \
### we delete everything on /usr/src/kernels otherwise it messes up docker-entrypoint.sh ### we delete everything on /usr/src/kernels otherwise it messes up docker-entrypoint.sh
rm -fr /usr/src/kernels && \ rm -fr /usr/src/kernels && \
rm -df /lib/modules && ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules && \ rm -df /lib/modules && ln -s $HOST_ROOT/lib/modules /lib/modules && \
yum clean all yum clean all
COPY ./docker-entrypoint.sh / COPY ./docker-entrypoint.sh /

View File

@ -6,7 +6,7 @@ ENV FALCO_REPOSITORY dev
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE" LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
ENV SYSDIG_HOST_ROOT /host ENV HOST_ROOT /host
ENV HOME /root ENV HOME /root
@ -16,14 +16,14 @@ ADD http://download.draios.com/apt-draios-priority /etc/apt/preferences.d/
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
# bash-completion \ # bash-completion \
# bc \ # bc \
ca-certificates \ ca-certificates \
curl \ curl \
gnupg2 \ gnupg2 \
jq \ jq \
# netcat \ # netcat \
# xz-utils \ # xz-utils \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add - \ RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add - \
@ -42,7 +42,7 @@ RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/fa
# If it's not empty, docker build will fail instead of # If it's not empty, docker build will fail instead of
# silently overwriting the existing directory # silently overwriting the existing directory
RUN rm -df /lib/modules \ RUN rm -df /lib/modules \
&& ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules && ln -s $HOST_ROOT/lib/modules /lib/modules
#COPY ./entrypoint.sh / #COPY ./entrypoint.sh /
# ENTRYPOINT ["/entrypoint.sh"] # ENTRYPOINT ["/entrypoint.sh"]

View File

@ -6,7 +6,7 @@ ENV FALCO_REPOSITORY stable
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE" LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
ENV SYSDIG_HOST_ROOT /host ENV HOST_ROOT /host
ENV HOME /root ENV HOME /root
@ -16,14 +16,14 @@ ADD http://download.draios.com/apt-draios-priority /etc/apt/preferences.d/
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends \ && apt-get install -y --no-install-recommends \
# bash-completion \ # bash-completion \
# bc \ # bc \
ca-certificates \ ca-certificates \
curl \ curl \
gnupg2 \ gnupg2 \
jq \ jq \
# netcat \ # netcat \
# xz-utils \ # xz-utils \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add - \ RUN curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add - \
@ -42,7 +42,7 @@ RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/fa
# If it's not empty, docker build will fail instead of # If it's not empty, docker build will fail instead of
# silently overwriting the existing directory # silently overwriting the existing directory
RUN rm -df /lib/modules \ RUN rm -df /lib/modules \
&& ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules && ln -s $HOST_ROOT/lib/modules /lib/modules
#COPY ./entrypoint.sh / #COPY ./entrypoint.sh /
# ENTRYPOINT ["/entrypoint.sh"] # ENTRYPOINT ["/entrypoint.sh"]

View File

@ -6,7 +6,7 @@ ENV FALCO_REPOSITORY stable
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE" LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
ENV SYSDIG_HOST_ROOT /host ENV HOST_ROOT /host
ENV HOME /root ENV HOME /root
@ -91,7 +91,7 @@ RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /etc/fa
# If it's not empty, docker build will fail instead of # If it's not empty, docker build will fail instead of
# silently overwriting the existing directory # silently overwriting the existing directory
RUN rm -df /lib/modules \ RUN rm -df /lib/modules \
&& ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules && ln -s $HOST_ROOT/lib/modules /lib/modules
# debian:unstable head contains binutils 2.31, which generates # debian:unstable head contains binutils 2.31, which generates
# binaries that are incompatible with kernels < 4.16. So manually # binaries that are incompatible with kernels < 4.16. So manually