From a6c59263366c85813af33c8f9afa6d63787b4e0c Mon Sep 17 00:00:00 2001
From: Jorge Salamero Sanz <bencer@users.noreply.github.com>
Date: Tue, 26 Feb 2019 16:44:20 +0100
Subject: [PATCH] Adds packaging for RHEL (#544)

---
 docker/rhel/Dockerfile           | 38 ++++++++++++++++++++++++++++++++
 docker/rhel/docker-entrypoint.sh | 35 +++++++++++++++++++++++++++++
 docker/rhel/help.md              | 15 +++++++++++++
 3 files changed, 88 insertions(+)
 create mode 100644 docker/rhel/Dockerfile
 create mode 100755 docker/rhel/docker-entrypoint.sh
 create mode 100644 docker/rhel/help.md

diff --git a/docker/rhel/Dockerfile b/docker/rhel/Dockerfile
new file mode 100644
index 00000000..4ac997f7
--- /dev/null
+++ b/docker/rhel/Dockerfile
@@ -0,0 +1,38 @@
+FROM registry.access.redhat.com/rhel7
+
+MAINTAINER Sysdig Support Team <support@sysdig.com>
+
+### Atomic/OpenShift Labels - https://github.com/projectatomic/ContainerApplicationGenericLabels
+LABEL name="falco" \
+      vendor="Sysdig" \
+      url="http://falco.org/" \
+      summary="Container Native runtime security" \
+      description="Falco is an open source project for intrusion and abnormality detection for Cloud Native platforms." \
+      run='docker run -d --name falco --restart always --privileged --net host --pid host -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro -v /etc:/host/etc:ro --shm-size=350m registry.connect.redhat.com/sysdig/falco'
+
+COPY help.md /tmp/
+
+ENV SYSDIG_HOST_ROOT /host
+ENV HOME /root
+
+ADD http://download.draios.com/stable/rpm/draios.repo /etc/yum.repos.d/draios.repo
+RUN rpm --import https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public && \
+    rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
+    yum clean all && \
+    REPOLIST=rhel-7-server-rpms,rhel-7-server-optional-rpms,epel,draios \
+    INSTALL_PKGS="gcc dkms kernel-devel kernel-headers python golang-github-cpuguy83-go-md2man falco" && \
+    yum -y update-minimal --disablerepo "*" --enablerepo ${REPOLIST} --setopt=tsflags=nodocs \
+      --security --sec-severity=Important --sec-severity=Critical && \
+    yum -y install --disablerepo "*" --enablerepo ${REPOLIST} --setopt=tsflags=nodocs ${INSTALL_PKGS} && \
+### help file markdown to man conversion
+    go-md2man -in /tmp/help.md -out /help.1 && \
+### we delete everything on /usr/src/kernels otherwise it messes up docker-entrypoint.sh
+    rm -fr /usr/src/kernels && \
+    rm -df /lib/modules && ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules && \
+    yum clean all
+
+COPY ./docker-entrypoint.sh /
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+CMD ["/usr/bin/falco"]
diff --git a/docker/rhel/docker-entrypoint.sh b/docker/rhel/docker-entrypoint.sh
new file mode 100755
index 00000000..d9db5c39
--- /dev/null
+++ b/docker/rhel/docker-entrypoint.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+#
+# Copyright (C) 2016-2018 Draios Inc dba Sysdig.
+#
+# This file is part of falco.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#set -e
+
+# Set the SYSDIG_SKIP_LOAD variable to skip loading the sysdig kernel module
+
+if [[ -z "${SYSDIG_SKIP_LOAD}" ]]; then
+    echo "* Setting up /usr/src links from host"
+
+    for i in $(ls $SYSDIG_HOST_ROOT/usr/src)
+    do
+        ln -s $SYSDIG_HOST_ROOT/usr/src/$i /usr/src/$i
+    done
+
+    /usr/bin/falco-probe-loader
+fi
+
+exec "$@"
diff --git a/docker/rhel/help.md b/docker/rhel/help.md
new file mode 100644
index 00000000..5cc8a0a8
--- /dev/null
+++ b/docker/rhel/help.md
@@ -0,0 +1,15 @@
+% falco (1) Container Image Pages
+% Falco Team
+% June, 2017
+
+# NAME
+falco \- Container Native runtime security
+
+# DESCRIPTION
+Falco is an open source project for intrusion and abnormality detection for Cloud Native platforms. See Falco website for more information: http://falco.org/
+
+# EXAMPLE
+    docker run -d --name falco --restart always --privileged --net host --pid host -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro -v /etc:/host/etc:ro --shm-size=350m registry.connect.redhat.com/sysdig/falco
+
+# AUTHORS
+Falco Team