update(docker,falco_scripts): fix kernel module build on Flatcar

Relocate necessary tools from the kernel module build system to run using host dynlinker and libraries, so that compiling falco module on Flatcar works. Since Flatcar v2983.0.0, Flatcar ships with glibc-2.33, but the falco-driver-loader container is based on debian:buster and so has a much older glibc. This prevents some necessary tools within /lib/modules/*/build from working which causes the falco module to fail to compile using dkms. To make the tools work, we need to relocate them so we add patchelf to the falco and local dockerfiles. The relocation is based on the approach done by the sysdig agent-kmodule build system, but I'm unable to find the source code for it. The host linker and libs will be found at /host/usr/lib64, so we change the interpreter and rpath on the tools. The relocation happens on a copy of the tools which are then bind mounted at the right location. The result allows the module build to work. Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
2025-07-30 21:55:56 +00:00 · 2022-06-07 16:55:57 +02:00 · 2022-06-07 16:55:57 +02:00 · 6d56571e23
commit 6d56571e23
parent 9d7153e119
3 changed files with 33 additions and 0 deletions
--- a/docker/falco/Dockerfile
+++ b/docker/falco/Dockerfile
@ -34,6 +34,7 @@ RUN apt-get update \
 	libssl-dev \
 	llvm-7 \
 	netcat \
+	patchelf \
 	xz-utils \
 	&& rm -rf /var/lib/apt/lists/*

--- a/docker/local/Dockerfile
+++ b/docker/local/Dockerfile
@ -40,6 +40,7 @@ RUN apt-get update \
 	liblsan0 \
 	libtsan0 \
 	libcc1-0 \
+	patchelf \
 	&& rm -rf /var/lib/apt/lists/*

 RUN if [ "$TARGETARCH" = "amd64" ]; \
--- a/scripts/falco-driver-loader
+++ b/scripts/falco-driver-loader
@ -141,6 +141,32 @@ get_target_id() {
 	esac
 }

+flatcar_relocate_tools() {
+	local -a tools=(
+		scripts/basic/fixdep
+		scripts/mod/modpost
+		tools/objtool/objtool
+	)
+	local -r hostld=$(ls /host/usr/lib64/ld-*.so)
+	local -r kdir=/lib/modules/$(ls /lib/modules/)/build
+	echo "** Found host dl interpreter: ${hostld}"
+	for host_tool in ${tools[@]}; do
+		t=${host_tool}
+		tool=$(basename $t)
+		tool_dir=$(dirname $t)
+		host_tool=${kdir}/${host_tool}
+		if [ ! -f ${host_tool} ]; then
+			continue
+		fi
+		umount ${host_tool} 2>/dev/null || true
+		mkdir -p /tmp/${tool_dir}/
+		cp -a ${host_tool} /tmp/${tool_dir}/
+		echo "** Setting host dl interpreter for $host_tool"
+		patchelf --set-interpreter ${hostld} --set-rpath /host/usr/lib64 /tmp/${tool_dir}/${tool}
+		mount -o bind /tmp/${tool_dir}/${tool} ${host_tool}
+	done
+}
+
 load_kernel_module_compile() {
 	# Skip dkms on UEK hosts because it will always fail
 	if [[ $(uname -r) == *uek* ]]; then
@ -153,6 +179,11 @@ load_kernel_module_compile() {
 		return
 	fi

+	if [ "${TARGET_ID}" == "flatcar" ]; then
+		echo "* Flatcar detected (version ${VERSION_ID}); relocating kernel tools"
+		flatcar_relocate_tools
+	fi
+
 	# Try to compile using all the available gcc versions
 	for CURRENT_GCC in $(which gcc) $(ls "$(dirname "$(which gcc)")"/gcc-* | grep 'gcc-[0-9]\+' | sort -n -r -k 2 -t -); do
 		echo "* Trying to dkms install ${DRIVER_NAME} module with GCC ${CURRENT_GCC}"