mirror of
https://github.com/falcosecurity/falco.git
synced 2025-08-22 16:16:11 +00:00
fix: probe environment set to FALCO_BPF_PROBE also at load time
Signed-off-by: Lorenzo Fontana <lo@linux.com>
This commit is contained in:
parent
d77080a8c2
commit
802b9f7b69
@ -32,4 +32,5 @@ ExternalProject_Add(
|
||||
CONFIGURE_COMMAND ""
|
||||
BUILD_COMMAND ""
|
||||
INSTALL_COMMAND ""
|
||||
TEST_COMMAND "")
|
||||
TEST_COMMAND ""
|
||||
PATCH_COMMAND patch -p1 -i ${CMAKE_CURRENT_SOURCE_DIR}/patch/libscap.patch)
|
||||
|
22
cmake/modules/sysdig-repo/patch/libscap.patch
Normal file
22
cmake/modules/sysdig-repo/patch/libscap.patch
Normal file
@ -0,0 +1,22 @@
|
||||
diff --git a/userspace/libscap/scap.c b/userspace/libscap/scap.c
|
||||
index 59b04e0a..bdc311cb 100644
|
||||
--- a/userspace/libscap/scap.c
|
||||
+++ b/userspace/libscap/scap.c
|
||||
@@ -52,7 +52,7 @@ limitations under the License.
|
||||
//#define NDEBUG
|
||||
#include <assert.h>
|
||||
|
||||
-static const char *SYSDIG_BPF_PROBE_ENV = "SYSDIG_BPF_PROBE";
|
||||
+static const char *SYSDIG_BPF_PROBE_ENV = "FALCO_BPF_PROBE";
|
||||
|
||||
//
|
||||
// Probe version string size
|
||||
@@ -171,7 +171,7 @@ scap_t* scap_open_live_int(char *error, int32_t *rc,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
- snprintf(buf, sizeof(buf), "%s/.sysdig/%s-bpf.o", home, PROBE_NAME);
|
||||
+ snprintf(buf, sizeof(buf), "%s/.falco/%s-bpf.o", home, PROBE_NAME);
|
||||
bpf_probe = buf;
|
||||
}
|
||||
}
|
@ -39,7 +39,7 @@ spec:
|
||||
# Leave blank for the default probe location, or set to the path
|
||||
# of a precompiled probe.
|
||||
# env:
|
||||
# - name: BPF_PROBE
|
||||
# - name: FALCO_BPF_PROBE
|
||||
# value: ""
|
||||
args: [ "/usr/bin/falco", "--cri", "/host/run/containerd/containerd.sock", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://$(KUBERNETES_SERVICE_HOST)", "-pk"]
|
||||
volumeMounts:
|
||||
|
@ -23,7 +23,7 @@ spec:
|
||||
# Leave blank for the default probe location, or set to the path
|
||||
# of a precompiled probe.
|
||||
# env:
|
||||
# - name: BPF_PROBE
|
||||
# - name: FALCO_BPF_PROBE
|
||||
# value: ""
|
||||
args: [ "/usr/bin/falco", "--cri", "/host/run/containerd/containerd.sock", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://$(KUBERNETES_SERVICE_HOST)", "-pk"]
|
||||
volumeMounts:
|
||||
|
@ -350,7 +350,7 @@ load_bpf_probe() {
|
||||
echo "**********************************************************"
|
||||
fi
|
||||
|
||||
echo "* BPF probe located, it's now possible to start sysdig"
|
||||
echo "* BPF probe located, it's now possible to start falco"
|
||||
|
||||
ln -sf "${HOME}/.falco/${BPF_PROBE_FILENAME}" "${HOME}/.falco/${BPF_PROBE_NAME}.o"
|
||||
exit $?
|
||||
@ -402,7 +402,7 @@ if ! hash curl > /dev/null 2>&1; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -v BPF_PROBE ] || [ "${1}" = "bpf" ]; then
|
||||
if [ -v FALCO_BPF_PROBE ] || [ "${1}" = "bpf" ]; then
|
||||
load_bpf_probe
|
||||
else
|
||||
load_kernel_probe
|
||||
|
Loading…
Reference in New Issue
Block a user