github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-06 05:22:04 +00:00
Code Issues Projects Releases Wiki Activity

new(scripts, cmake): added support for modern bpf probe.

Browse Source 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro 2022-11-09 14:37:22 +01:00 committed by poiana
parent c6f668bc71
commit cb20cf83ff
10 changed files with 62 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmake/cpack/CMakeCPackOptions.cmake
View File

@ -3,7 +3,8 @@ if(CPACK_GENERATOR MATCHES "DEB" OR CPACK_GENERATOR MATCHES "RPM")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco@.target _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco@.target _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-kmod.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-kmod.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-kmod-inject.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-kmod-inject.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-ebpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-modern_bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-plugin.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-plugin.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
endif() endif()

4
scripts/CMakeLists.txt
View File

@ -22,7 +22,9 @@ file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod-inject.service"
DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd")
file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod.service" file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod.service"
DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd")
file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-ebpf.service" file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-bpf.service"
DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd")
file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-modern_bpf.service"
DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd")
file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-plugin.service" file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-plugin.service"
DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd")

13
scripts/debian/postinst.in
View File

@ -27,7 +27,8 @@ case "$1" in
1 "Don't start" \ 1 "Don't start" \
2 "Kmod" \ 2 "Kmod" \
3 "eBPF" \ 3 "eBPF" \
4 "Plugin" \ 4 "Modern eBPF" \
5 "Plugin" \
2>&1 >/dev/tty) 2>&1 >/dev/tty)
clear clear
case $CHOICE in case $CHOICE in
@ -35,9 +36,12 @@ case "$1" in
chosen_driver="kmod" chosen_driver="kmod"
;; ;;
3) 3)
chosen_driver="ebpf" chosen_driver="bpf"
;; ;;
4) 4)
chosen_driver="modern_bpf"
;;
5)
chosen_driver="plugin" chosen_driver="plugin"
;; ;;
esac esac
@ -50,7 +54,7 @@ case "$chosen_driver" in
"kmod") "kmod")
falco-driver-loader module falco-driver-loader module
;; ;;
"ebpf") "bpf")
falco-driver-loader bpf falco-driver-loader bpf
;; ;;
esac esac
@ -61,7 +65,8 @@ esac
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal. # This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask "falco@kmod.target" >/dev/null || true deb-systemd-helper unmask "falco@kmod.target" >/dev/null || true
deb-systemd-helper unmask "falco@ebpf.target" >/dev/null || true deb-systemd-helper unmask "falco@bpf.target" >/dev/null || true
deb-systemd-helper unmask "falco@modern_bpf.target" >/dev/null || true
deb-systemd-helper unmask "falco@plugin.target" >/dev/null || true deb-systemd-helper unmask "falco@plugin.target" >/dev/null || true
# was-enabled defaults to true, so new installations run enable. # was-enabled defaults to true, so new installations run enable.

9
scripts/debian/postrm.in
View File

@ -28,7 +28,8 @@ fi
if [ "$1" = "remove" ]; then if [ "$1" = "remove" ]; then
if [ -x "/usr/bin/deb-systemd-helper" ]; then if [ -x "/usr/bin/deb-systemd-helper" ]; then
deb-systemd-helper mask 'falco@kmod.target' >/dev/null || true deb-systemd-helper mask 'falco@kmod.target' >/dev/null || true
deb-systemd-helper mask 'falco@ebpf.target' >/dev/null || true deb-systemd-helper mask 'falco@bpf.target' >/dev/null || true
deb-systemd-helper mask 'falco@modern_bpf.target' >/dev/null || true
deb-systemd-helper mask "falco@plugin.target" >/dev/null || true deb-systemd-helper mask "falco@plugin.target" >/dev/null || true
fi fi
fi fi
@ -37,8 +38,10 @@ if [ "$1" = "purge" ]; then
if [ -x "/usr/bin/deb-systemd-helper" ]; then if [ -x "/usr/bin/deb-systemd-helper" ]; then
deb-systemd-helper purge 'falco@kmod.target' >/dev/null || true deb-systemd-helper purge 'falco@kmod.target' >/dev/null || true
deb-systemd-helper unmask 'falco@kmod.target' >/dev/null || true deb-systemd-helper unmask 'falco@kmod.target' >/dev/null || true
deb-systemd-helper purge 'falco@ebpf.target' >/dev/null || true deb-systemd-helper purge 'falco@bpf.target' >/dev/null || true
deb-systemd-helper unmask 'falco@ebpf.target' >/dev/null || true deb-systemd-helper unmask 'falco@bpf.target' >/dev/null || true
deb-systemd-helper purge 'falco@modern_bpf.target' >/dev/null || true
deb-systemd-helper unmask 'falco@modern_bpf.target' >/dev/null || true
deb-systemd-helper purge 'falco@plugin.target' >/dev/null || true deb-systemd-helper purge 'falco@plugin.target' >/dev/null || true
deb-systemd-helper unmask 'falco@plugin.target' >/dev/null || true deb-systemd-helper unmask 'falco@plugin.target' >/dev/null || true
fi fi

3
scripts/debian/prerm.in
View File

@ -23,7 +23,8 @@ set -e
if [ -d /run/systemd/system ] && [ "$1" = remove ]; then if [ -d /run/systemd/system ] && [ "$1" = remove ]; then
deb-systemd-invoke stop 'falco@kmod.target' >/dev/null || true deb-systemd-invoke stop 'falco@kmod.target' >/dev/null || true
deb-systemd-invoke stop 'falco@ebpf.target' >/dev/null || true deb-systemd-invoke stop 'falco@bpf.target' >/dev/null || true
deb-systemd-invoke stop 'falco@modern_bpf.target' >/dev/null || true
deb-systemd-invoke stop 'falco@plugin.target' >/dev/null || true deb-systemd-invoke stop 'falco@plugin.target' >/dev/null || true
fi fi

13
scripts/rpm/postinstall.in
View File

@ -26,7 +26,8 @@ case "$1" in
1 "Don't start" \ 1 "Don't start" \
2 "Kmod" \ 2 "Kmod" \
3 "eBPF" \ 3 "eBPF" \
4 "Plugin" \ 4 "Modern eBPF" \
5 "Plugin" \
2>&1 >/dev/tty) 2>&1 >/dev/tty)
clear clear
case $CHOICE in case $CHOICE in
@ -34,9 +35,12 @@ case "$1" in
chosen_driver="kmod" chosen_driver="kmod"
;; ;;
3) 3)
chosen_driver="ebpf" chosen_driver="bpf"
;; ;;
4) 4)
chosen_driver="modern_bpf"
;;
5)
chosen_driver="plugin" chosen_driver="plugin"
;; ;;
esac esac
@ -49,7 +53,7 @@ case "$chosen_driver" in
"kmod") "kmod")
falco-driver-loader module falco-driver-loader module
;; ;;
"ebpf") "bpf")
falco-driver-loader bpf falco-driver-loader bpf
;; ;;
esac esac
@ -67,7 +71,8 @@ esac
if [ $1 -eq 1 ]; then if [ $1 -eq 1 ]; then
# This will only remove masks created on package removal. # This will only remove masks created on package removal.
/usr/bin/systemctl --system unmask "falco@kmod.target" >/dev/null || true /usr/bin/systemctl --system unmask "falco@kmod.target" >/dev/null || true
/usr/bin/systemctl --system unmask "falco@ebpf.target" >/dev/null || true /usr/bin/systemctl --system unmask "falco@bpf.target" >/dev/null || true
/usr/bin/systemctl --system unmask "falco@modern_bpf.target" >/dev/null || true
/usr/bin/systemctl --system unmask "falco@plugin.target" >/dev/null || true /usr/bin/systemctl --system unmask "falco@plugin.target" >/dev/null || true
if [ -n "$chosen_driver" ]; then if [ -n "$chosen_driver" ]; then

6
scripts/rpm/postuninstall.in
View File

@ -21,7 +21,8 @@ set -e
if [ -d /run/systemd/system ] && [ "$1" = 0 ]; then if [ -d /run/systemd/system ] && [ "$1" = 0 ]; then
/usr/bin/systemctl --system daemon-reload >/dev/null || true /usr/bin/systemctl --system daemon-reload >/dev/null || true
/usr/bin/systemctl --system mask 'falco@kmod.target' >/dev/null || true /usr/bin/systemctl --system mask 'falco@kmod.target' >/dev/null || true
/usr/bin/systemctl --system mask 'falco@ebpf.target' >/dev/null || true /usr/bin/systemctl --system mask 'falco@bpf.target' >/dev/null || true
/usr/bin/systemctl --system mask 'falco@modern_bpf.target' >/dev/null || true
/usr/bin/systemctl --system mask 'falco@plugin.target' >/dev/null || true /usr/bin/systemctl --system mask 'falco@plugin.target' >/dev/null || true
fi fi
@ -33,5 +34,6 @@ fi
# if package upgrade, not uninstall: # if package upgrade, not uninstall:
# `systemd-update-helper mark-restart-system-units <service>` # `systemd-update-helper mark-restart-system-units <service>`
%systemd_postun_with_restart 'falco@kmod.target' %systemd_postun_with_restart 'falco@kmod.target'
%systemd_postun_with_restart 'falco@ebpf.target' %systemd_postun_with_restart 'falco@bpf.target'
%systemd_postun_with_restart 'falco@modern_bpf.target'
%systemd_postun_with_restart 'falco@plugin.target' %systemd_postun_with_restart 'falco@plugin.target'

6
scripts/rpm/preuninstall.in
View File

@ -21,7 +21,8 @@ set -e
if [ -d /run/systemd/system ] && [ $1 -eq 0 ]; then if [ -d /run/systemd/system ] && [ $1 -eq 0 ]; then
# stop falco service before uninstall # stop falco service before uninstall
/usr/bin/systemctl --system stop 'falco@kmod.target' >/dev/null || true /usr/bin/systemctl --system stop 'falco@kmod.target' >/dev/null || true
/usr/bin/systemctl --system stop 'falco@ebpf.target' >/dev/null || true /usr/bin/systemctl --system stop 'falco@bpf.target' >/dev/null || true
/usr/bin/systemctl --system stop 'falco@modern_bpf.target' >/dev/null || true
/usr/bin/systemctl --system stop 'falco@plugin.target' >/dev/null || true /usr/bin/systemctl --system stop 'falco@plugin.target' >/dev/null || true
fi fi
@ -35,5 +36,6 @@ fi
# if preuninstall: # if preuninstall:
# `systemd-update-helper remove-system-units <service>` # `systemd-update-helper remove-system-units <service>`
%systemd_preun 'falco@kmod.target' %systemd_preun 'falco@kmod.target'
%systemd_preun 'falco@ebpf.target' %systemd_preun 'falco@bpf.target'
%systemd_preun 'falco@modern_bpf.target'
%systemd_preun 'falco@plugin.target' %systemd_preun 'falco@plugin.target'

0
scripts/systemd/falco-ebpf.service → scripts/systemd/falco-bpf.service
View File

23
scripts/systemd/falco-modern_bpf.service Normal file
View File

@ -0,0 +1,23 @@
[Unit]
Description=Falco: Container Native Runtime Security with ebpf
Documentation=https://falco.org/docs/
PartOf=falco@ebpf.target
Conflicts=falco-kmod.service
Conflicts=falco-plugin.service
[Service]
Type=simple
User=root
ExecStart=/usr/bin/falco --pidfile=/var/run/falco.pid --modern-bpf
UMask=0077
TimeoutSec=30
RestartSec=15s
Restart=on-failure
PrivateTmp=true
NoNewPrivileges=yes
ProtectHome=read-only
ProtectSystem=full
ProtectKernelTunables=true
RestrictRealtime=true
RestrictAddressFamilies=~AF_PACKET
StandardOutput=null