From fc7a451aedb04b985f5463eb70eefb68ac700bf8 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Mon, 15 Apr 2024 18:34:25 +0200 Subject: [PATCH] fix(docker): fixed docker entrypoints for driver loading. Signed-off-by: Federico Di Pierro --- docker/driver-loader-legacy/docker-entrypoint.sh | 11 +++++++---- docker/driver-loader/docker-entrypoint.sh | 7 +++++-- docker/falco/docker-entrypoint.sh | 13 ++++++++----- 3 files changed, 20 insertions(+), 11 deletions(-) diff --git a/docker/driver-loader-legacy/docker-entrypoint.sh b/docker/driver-loader-legacy/docker-entrypoint.sh index a01cd278..346e1fa1 100755 --- a/docker/driver-loader-legacy/docker-entrypoint.sh +++ b/docker/driver-loader-legacy/docker-entrypoint.sh @@ -25,7 +25,7 @@ print_usage() { echo "" echo "Available drivers:" echo " auto leverage automatic driver selection logic (default)" - echo " modern_ebpf modern eBPF CORE probe" + echo " modern_ebpf modern eBPF CORE probe" echo " ebpf eBPF probe" echo " kmod kernel module" echo "" @@ -59,14 +59,17 @@ has_driver= has_opts= while test $# -gt 0; do case "$1" in - kmod|ebpf) + auto|kmod|ebpf|modern_ebpf) if [ -n "$has_driver" ]; then >&2 echo "Only one driver per invocation" print_usage exit 1 else - if [ "$1" != "auto" ]; then - /usr/bin/falcoctl driver config --type $1 + if [ "$opt" != "auto" ]; then + /usr/bin/falcoctl driver config --type $opt + else + # Needed because we need to configure Falco to start with correct driver + /usr/bin/falcoctl driver config --type modern_ebpf --type ebpf --type kmod fi has_driver="true" fi diff --git a/docker/driver-loader/docker-entrypoint.sh b/docker/driver-loader/docker-entrypoint.sh index 7f51d543..059dd3b1 100755 --- a/docker/driver-loader/docker-entrypoint.sh +++ b/docker/driver-loader/docker-entrypoint.sh @@ -69,8 +69,11 @@ while test $# -gt 0; do print_usage exit 1 else - if [ "$1" != "auto" ]; then - /usr/bin/falcoctl driver config --type $1 + if [ "$opt" != "auto" ]; then + /usr/bin/falcoctl driver config --type $opt + else + # Needed because we need to configure Falco to start with correct driver + /usr/bin/falcoctl driver config --type modern_ebpf --type ebpf --type kmod fi has_driver="true" fi diff --git a/docker/falco/docker-entrypoint.sh b/docker/falco/docker-entrypoint.sh index 448e117c..406b494a 100755 --- a/docker/falco/docker-entrypoint.sh +++ b/docker/falco/docker-entrypoint.sh @@ -23,9 +23,9 @@ print_usage() { echo "Usage:" echo " docker run -i -t --privileged -v /root/.falco:/root/.falco -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro -v /etc:/host/etc:ro -e 'FALCO_DRIVER_LOADER_OPTIONS=[driver] [options]' falcosecurity/falco:latest" echo "" - echo "Available drivers:" + echo "Available FALCO_DRIVER_LOADER_OPTIONS drivers:" echo " auto leverage automatic driver selection logic (default)" - echo " modern_ebpf modern eBPF CORE probe" + echo " modern_ebpf modern eBPF CORE probe" echo " ebpf eBPF probe" echo " kmod kernel module" echo "" @@ -67,15 +67,18 @@ if [[ -z "${SKIP_DRIVER_LOADER}" ]]; then for opt in "${falco_driver_loader_option_arr[@]}" do case "$opt" in - kmod|ebpf) + auto|kmod|ebpf|modern_ebpf) if [ -n "$has_driver" ]; then >&2 echo "Only one driver per invocation" print_usage exit 1 else if [ "$opt" != "auto" ]; then - /usr/bin/falcoctl driver config --type $opt - fi + /usr/bin/falcoctl driver config --type $opt + else + # Needed because we need to configure Falco to start with correct driver + /usr/bin/falcoctl driver config --type modern_ebpf --type ebpf --type kmod + fi has_driver="true" fi ;;