update(docker,falco_scripts): fix kernel module build on Flatcar

Relocate necessary tools from the kernel module build system to run using host dynlinker and libraries, so that compiling falco module on Flatcar works. Since Flatcar v2983.0.0, Flatcar ships with glibc-2.33, but the falco-driver-loader container is based on debian:buster and so has a much older glibc. This prevents some necessary tools within /lib/modules/*/build from working which causes the falco module to fail to compile using dkms. To make the tools work, we need to relocate them so we add patchelf to the falco and local dockerfiles. The relocation is based on the approach done by the sysdig agent-kmodule build system, but I'm unable to find the source code for it. The host linker and libs will be found at /host/usr/lib64, so we change the interpreter and rpath on the tools. The relocation happens on a copy of the tools which are then bind mounted at the right location. The result allows the module build to work. Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
2025-09-16 06:48:31 +00:00 · 2022-06-07 16:55:57 +02:00
parent 9d7153e119
commit 6d56571e23
3 changed files with 33 additions and 0 deletions
--- a/docker/falco/Dockerfile
+++ b/docker/falco/Dockerfile
@@ -34,6 +34,7 @@ RUN apt-get update \
 	libssl-dev \
 	llvm-7 \
 	netcat \
+	patchelf \
 	xz-utils \
 	&& rm -rf /var/lib/apt/lists/*

--- a/docker/local/Dockerfile
+++ b/docker/local/Dockerfile
@@ -40,6 +40,7 @@ RUN apt-get update \
 	liblsan0 \
 	libtsan0 \
 	libcc1-0 \
+	patchelf \
 	&& rm -rf /var/lib/apt/lists/*

 RUN if [ "$TARGETARCH" = "amd64" ]; \