github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-16 06:48:31 +00:00
Code Issues Projects Releases Wiki Activity

Build and package standalone falco kernel module

Browse Source 
Start packaging (and building when necessary) a falco-specific kernel
module in falco releases. Previously, falco would depend on sysdig and
use its kernel module instead.

The kernel module was already templated to some degree in various
places, so we just had to change the templated name from
sysdig/sysdig-probe to falco/falco-probe.

In containers, run falco-probe-loader instead of
sysdig-probe-loader. This is actually a script in the sysdig repository
which is modified in https://github.com/draios/sysdig/pull/789, and uses
the filename to indicate what kernel module to build and/or load.

For the falco package itself, don't depend on sysdig any longer but instead
depend on dkms and its dependencies, using sysdig as a guide on the set
of required packages.

Additionally, for the package pre-install/post-install scripts start
running falco-probe-loader.

Finally, add a --version argument to falco so it can pass the desired
version string to falco-probe-loader.
This commit is contained in:
Mark Stemm
2017-03-20 15:36:03 -07:00
parent 18900089f3
commit ec5adfe892
14 changed files with 100 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
userspace/falco/falco.cpp
View File

@@ -53,6 +53,7 @@ static void signal_callback(int signal)
static void usage()
{
printf(
"falco version " FALCO_VERSION "\n"
"Usage: falco [options]\n\n"
"Options:\n"
" -h, --help Print this page\n"
@@ -106,6 +107,7 @@ static void usage()
" -t <tag> Only run those rules with a tag=<tag>. Can be specified multiple times.\n"
" Can not be specified with -T/-D.\n"
" -v Verbose output.\n"
" --version Print version number.\n"
"\n"
);
}
@@ -255,6 +257,7 @@ int falco_init(int argc, char **argv)
{"option", required_argument, 0, 'o'},
{"print", required_argument, 0, 'p' },
{"pidfile", required_argument, 0, 'P' },
{"version", no_argument, 0, 0 },
{"writefile", required_argument, 0, 'w' },
{0, 0, 0, 0}
@@ -368,6 +371,13 @@ int falco_init(int argc, char **argv)
}
if(string(long_options[long_index].name) == "version")
{
printf("falco version %s\n", FALCO_VERSION);
return EXIT_SUCCESS;
}
inspector = new sinsp();
engine = new falco_engine();
engine->set_inspector(inspector);