From 6d56571e236b525982778ebcc45f74c0ba5f4dbf Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Tue, 7 Jun 2022 16:55:57 +0200 Subject: [PATCH] update(docker,falco_scripts): fix kernel module build on Flatcar Relocate necessary tools from the kernel module build system to run using host dynlinker and libraries, so that compiling falco module on Flatcar works. Since Flatcar v2983.0.0, Flatcar ships with glibc-2.33, but the falco-driver-loader container is based on debian:buster and so has a much older glibc. This prevents some necessary tools within /lib/modules/*/build from working which causes the falco module to fail to compile using dkms. To make the tools work, we need to relocate them so we add patchelf to the falco and local dockerfiles. The relocation is based on the approach done by the sysdig agent-kmodule build system, but I'm unable to find the source code for it. The host linker and libs will be found at /host/usr/lib64, so we change the interpreter and rpath on the tools. The relocation happens on a copy of the tools which are then bind mounted at the right location. The result allows the module build to work. Signed-off-by: Jeremi Piotrowski --- docker/falco/Dockerfile | 1 + docker/local/Dockerfile | 1 + scripts/falco-driver-loader | 31 +++++++++++++++++++++++++++++++ 3 files changed, 33 insertions(+) diff --git a/docker/falco/Dockerfile b/docker/falco/Dockerfile index e7771421..06974309 100644 --- a/docker/falco/Dockerfile +++ b/docker/falco/Dockerfile @@ -34,6 +34,7 @@ RUN apt-get update \ libssl-dev \ llvm-7 \ netcat \ + patchelf \ xz-utils \ && rm -rf /var/lib/apt/lists/* diff --git a/docker/local/Dockerfile b/docker/local/Dockerfile index ed3b139b..53cecdb2 100644 --- a/docker/local/Dockerfile +++ b/docker/local/Dockerfile @@ -40,6 +40,7 @@ RUN apt-get update \ liblsan0 \ libtsan0 \ libcc1-0 \ + patchelf \ && rm -rf /var/lib/apt/lists/* RUN if [ "$TARGETARCH" = "amd64" ]; \ diff --git a/scripts/falco-driver-loader b/scripts/falco-driver-loader index 560dba70..6e0acd7f 100755 --- a/scripts/falco-driver-loader +++ b/scripts/falco-driver-loader @@ -141,6 +141,32 @@ get_target_id() { esac } +flatcar_relocate_tools() { + local -a tools=( + scripts/basic/fixdep + scripts/mod/modpost + tools/objtool/objtool + ) + local -r hostld=$(ls /host/usr/lib64/ld-*.so) + local -r kdir=/lib/modules/$(ls /lib/modules/)/build + echo "** Found host dl interpreter: ${hostld}" + for host_tool in ${tools[@]}; do + t=${host_tool} + tool=$(basename $t) + tool_dir=$(dirname $t) + host_tool=${kdir}/${host_tool} + if [ ! -f ${host_tool} ]; then + continue + fi + umount ${host_tool} 2>/dev/null || true + mkdir -p /tmp/${tool_dir}/ + cp -a ${host_tool} /tmp/${tool_dir}/ + echo "** Setting host dl interpreter for $host_tool" + patchelf --set-interpreter ${hostld} --set-rpath /host/usr/lib64 /tmp/${tool_dir}/${tool} + mount -o bind /tmp/${tool_dir}/${tool} ${host_tool} + done +} + load_kernel_module_compile() { # Skip dkms on UEK hosts because it will always fail if [[ $(uname -r) == *uek* ]]; then @@ -153,6 +179,11 @@ load_kernel_module_compile() { return fi + if [ "${TARGET_ID}" == "flatcar" ]; then + echo "* Flatcar detected (version ${VERSION_ID}); relocating kernel tools" + flatcar_relocate_tools + fi + # Try to compile using all the available gcc versions for CURRENT_GCC in $(which gcc) $(ls "$(dirname "$(which gcc)")"/gcc-* | grep 'gcc-[0-9]\+' | sort -n -r -k 2 -t -); do echo "* Trying to dkms install ${DRIVER_NAME} module with GCC ${CURRENT_GCC}"