diff --git a/docker/falco/Dockerfile b/docker/falco/Dockerfile index e7771421..06974309 100644 --- a/docker/falco/Dockerfile +++ b/docker/falco/Dockerfile @@ -34,6 +34,7 @@ RUN apt-get update \ libssl-dev \ llvm-7 \ netcat \ + patchelf \ xz-utils \ && rm -rf /var/lib/apt/lists/* diff --git a/docker/local/Dockerfile b/docker/local/Dockerfile index ed3b139b..53cecdb2 100644 --- a/docker/local/Dockerfile +++ b/docker/local/Dockerfile @@ -40,6 +40,7 @@ RUN apt-get update \ liblsan0 \ libtsan0 \ libcc1-0 \ + patchelf \ && rm -rf /var/lib/apt/lists/* RUN if [ "$TARGETARCH" = "amd64" ]; \ diff --git a/scripts/falco-driver-loader b/scripts/falco-driver-loader index 560dba70..6e0acd7f 100755 --- a/scripts/falco-driver-loader +++ b/scripts/falco-driver-loader @@ -141,6 +141,32 @@ get_target_id() { esac } +flatcar_relocate_tools() { + local -a tools=( + scripts/basic/fixdep + scripts/mod/modpost + tools/objtool/objtool + ) + local -r hostld=$(ls /host/usr/lib64/ld-*.so) + local -r kdir=/lib/modules/$(ls /lib/modules/)/build + echo "** Found host dl interpreter: ${hostld}" + for host_tool in ${tools[@]}; do + t=${host_tool} + tool=$(basename $t) + tool_dir=$(dirname $t) + host_tool=${kdir}/${host_tool} + if [ ! -f ${host_tool} ]; then + continue + fi + umount ${host_tool} 2>/dev/null || true + mkdir -p /tmp/${tool_dir}/ + cp -a ${host_tool} /tmp/${tool_dir}/ + echo "** Setting host dl interpreter for $host_tool" + patchelf --set-interpreter ${hostld} --set-rpath /host/usr/lib64 /tmp/${tool_dir}/${tool} + mount -o bind /tmp/${tool_dir}/${tool} ${host_tool} + done +} + load_kernel_module_compile() { # Skip dkms on UEK hosts because it will always fail if [[ $(uname -r) == *uek* ]]; then @@ -153,6 +179,11 @@ load_kernel_module_compile() { return fi + if [ "${TARGET_ID}" == "flatcar" ]; then + echo "* Flatcar detected (version ${VERSION_ID}); relocating kernel tools" + flatcar_relocate_tools + fi + # Try to compile using all the available gcc versions for CURRENT_GCC in $(which gcc) $(ls "$(dirname "$(which gcc)")"/gcc-* | grep 'gcc-[0-9]\+' | sort -n -r -k 2 -t -); do echo "* Trying to dkms install ${DRIVER_NAME} module with GCC ${CURRENT_GCC}"