Merge pull request #36 from draios/readme-build-additions

Changes related to use of kernel module.
2025-07-07 19:59:25 +00:00 · 2016-05-04 13:07:32 -07:00 · 2016-05-04 13:07:32 -07:00 · bd7b9880ee
commit bd7b9880ee
parent 7040d018c4 dfa6da47a3
2 changed files with 15 additions and 3 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -155,6 +155,7 @@ ExternalProject_Add(lpeg
 install(FILES falco.yaml
 	DESTINATION "${DIR_ETC}")

+add_subdirectory(${SYSDIG_DIR}/driver ${PROJECT_BINARY_DIR}/driver)
 add_subdirectory(${SYSDIG_DIR}/userspace/libscap ${PROJECT_BINARY_DIR}/userspace/libscap)
 add_subdirectory(${SYSDIG_DIR}/userspace/libsinsp ${PROJECT_BINARY_DIR}/userspace/libsinsp)

--- a/README.md
+++ b/README.md
@ -69,11 +69,11 @@ Instructions for Centos and Ubuntu.



-## Building Falco
+## Building and running Falco locally from source
 Building Falco requires having `cmake` and `g++` installed.


-### Building
+### Building Falco
 Clone this repo in a directory that also contains the sysdig source repo. The result should be something like:

 ```
@ -98,8 +98,19 @@ $ make

 as a result, you should have a falco executable in `build/userspace/falco/falco`.

+### Load latest sysdig kernel module

-### Running locally-built Falco
+If you have a binary version of sysdig installed, an older sysdig kernel module may already be loaded. To ensure you are using the latest version, you should unload any existing sysdig kernel module and load the locally built version.
+
+Unload any existing kernel module via:
+
+`$ rmmod sysdig_probe`
+
+To load the locally built version, assuming you are in the `build` dir, use:
+
+`$ insmod driver/sysdig-probe.ko`
+
+### Running Falco

 Assuming you are in the `build` dir, you can run Falco as: