From 85f91a3ec44b9cd81f8d678f0375fe77194b4e00 Mon Sep 17 00:00:00 2001 From: Jeremi Piotrowski Date: Tue, 7 Jun 2022 17:12:04 +0200 Subject: [PATCH] update(falco_scripts): support pre-built module/probe on Flatcar Pre-built kernel modules/eBPF probes for Flatcar use the value of the OS VERSION_ID field as KERNEL_RELEASE in the filename. A specific kernel release version does not uniquely identify a Flatcar configuration, because Flatcar is image-based instead of package-based. Here's a more specific example: the same kernel version can be part of various Flatcar releases (across channels alpha/beta/stable) with differences in configuration. This is why we use the VERSION_ID value during offline builds with driverkit. Flatcar version numbers are all higher than 1500.0.0, so there is no risk of collision with kernel version numbers. When locally building the kernel module on the system, we have access to the correct kernel build directory at /lib/modules/$(uname -r)/build with the right configuration and so for that branch, we need to reset KERNEL_RELEASE=$(uname -r). See also the driverkit PR that introduces a builder for Flatcar: https://github.com/falcosecurity/driverkit/pull/131 Signed-off-by: Jeremi Piotrowski --- scripts/falco-driver-loader | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/falco-driver-loader b/scripts/falco-driver-loader index 6e0acd7f..2bbe9a65 100755 --- a/scripts/falco-driver-loader +++ b/scripts/falco-driver-loader @@ -135,6 +135,10 @@ get_target_id() { TARGET_ID="ubuntu-generic" fi ;; + ("flatcar") + KERNEL_RELEASE="${VERSION_ID}" + TARGET_ID=$(echo "${OS_ID}" | tr '[:upper:]' '[:lower:]') + ;; (*) TARGET_ID=$(echo "${OS_ID}" | tr '[:upper:]' '[:lower:]') ;; @@ -180,6 +184,7 @@ load_kernel_module_compile() { fi if [ "${TARGET_ID}" == "flatcar" ]; then + KERNEL_RELEASE=$(uname -r) echo "* Flatcar detected (version ${VERSION_ID}); relocating kernel tools" flatcar_relocate_tools fi