update(build)!: replaced various PROBE with DRIVER where necessary.

Follow-up of https://github.com/falcosecurity/libs/pull/197. Updated libs too to master version, as needed. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2025-06-29 08:07:24 +00:00 · 2022-02-03 12:11:56 +01:00 · 2022-02-03 12:11:56 +01:00 · ff21544186
commit ff21544186
parent ee2f7c50e8
11 changed files with 18 additions and 18 deletions
--- a/ADOPTERS.md
+++ b/ADOPTERS.md
@ -64,7 +64,7 @@ This is a list of production adopters of Falco (in alphabetical order):

 * [Yahoo! JAPAN](https://www.yahoo.co.jp/) Yahoo! JAPAN is a leading company of internet in Japan. We build an AI Platform in our private cloud and provide it to scientists in our company. AI Platform is a multi-tenant Kubernetes environment and more flexible, faster, more efficient Machine Learning environment. Falco is used to detect unauthorized commands and malicious access and our AI Platform is monitored and alerted by Falco.

-* [Sysdig](https://www.sysdig.com/) Sysdig originally created Falco in 2016 to detect unexpected or suspicious activity using a rules engine on top of the data that comes from the sysdig kernel system call probe. Sysdig provides tooling to help with vulnerability management, compliance, detection, incident response and forensics in Cloud-native environments. Sysdig Secure has extended Falco to include: a rule library, the ability to update macros, lists & rules via the user interface and API, automated tuning of rules, and rule creation based on profiling known system behavior. On top of the basic Falco rules, Sysdig Secure implements the concept of a "Security policy" that can comprise several rules which are evaluated for a user-defined infrastructure scope like Kubernetes namespaces, OpenShift clusters, deployment workload, cloud regions etc.
+* [Sysdig](https://www.sysdig.com/) Sysdig originally created Falco in 2016 to detect unexpected or suspicious activity using a rules engine on top of the data that comes from the sysdig kernel system call driver. Sysdig provides tooling to help with vulnerability management, compliance, detection, incident response and forensics in Cloud-native environments. Sysdig Secure has extended Falco to include: a rule library, the ability to update macros, lists & rules via the user interface and API, automated tuning of rules, and rule creation based on profiling known system behavior. On top of the basic Falco rules, Sysdig Secure implements the concept of a "Security policy" that can comprise several rules which are evaluated for a user-defined infrastructure scope like Kubernetes namespaces, OpenShift clusters, deployment workload, cloud regions etc.

 ## Projects that use Falco libs

--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -98,8 +98,8 @@ set(CMAKE_CXX_FLAGS_RELEASE "-O3 -fno-strict-aliasing -DNDEBUG")
 include(GetFalcoVersion)

 set(PACKAGE_NAME "falco")
-set(PROBE_NAME "falco")
-set(PROBE_DEVICE_NAME "falco")
+set(DRIVER_NAME "falco")
+set(DRIVER_DEVICE_NAME "falco")
 set(DRIVERS_REPO "https://download.falco.org/driver")
 if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
  set(CMAKE_INSTALL_PREFIX
--- a/cmake/modules/falcosecurity-libs.cmake
+++ b/cmake/modules/falcosecurity-libs.cmake
@ -24,8 +24,8 @@ else()
  # default below In case you want to test against another falcosecurity/libs version just pass the variable - ie., `cmake
  # -DFALCOSECURITY_LIBS_VERSION=dev ..`
  if(NOT FALCOSECURITY_LIBS_VERSION)
-    set(FALCOSECURITY_LIBS_VERSION "319368f1ad778691164d33d59945e00c5752cd27")
-    set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=2cf44f06a282e8cee7aa1f775a08ea94c06e275faaf0636b21eb06af28cf4b3f")
+    set(FALCOSECURITY_LIBS_VERSION "85f898e7afdc250984bb31c5f80a86dc97ec0d10")
+    set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=c4175c8830d11f5d2467e1f4e61a2ea47449135c08af7acbe4d7f36a0d9b6252")
  endif()

  # cd /path/to/build && cmake /path/to/source
@ -47,8 +47,8 @@ if(MUSL_OPTIMIZED_BUILD)
  add_definitions(-DMUSL_OPTIMIZED)
 endif()

-set(PROBE_VERSION "${FALCOSECURITY_LIBS_VERSION}")
-set(PROBE_NAME "falco")
+set(DRIVER_VERSION "${FALCOSECURITY_LIBS_VERSION}")
+set(DRIVER_NAME "falco")
 set(DRIVER_PACKAGE_NAME "falco")
 set(SCAP_BPF_PROBE_ENV_VAR_NAME "FALCO_BPF_PROBE")
 set(SCAP_HOST_ROOT_ENV_VAR_NAME "HOST_ROOT")
--- a/scripts/debian/postinst.in
+++ b/scripts/debian/postinst.in
@ -18,7 +18,7 @@
 set -e

 DKMS_PACKAGE_NAME="@PACKAGE_NAME@"
-DKMS_VERSION="@PROBE_VERSION@"
+DKMS_VERSION="@DRIVER_VERSION@"
 NAME="@PACKAGE_NAME@"

 postinst_found=0
--- a/scripts/debian/prerm.in
+++ b/scripts/debian/prerm.in
@ -18,7 +18,7 @@
 set -e

 DKMS_PACKAGE_NAME="@PACKAGE_NAME@"
-DKMS_VERSION="@PROBE_VERSION@"
+DKMS_VERSION="@DRIVER_VERSION@"

 case "$1" in
 	remove|upgrade|deconfigure)
--- a/scripts/falco-driver-loader
+++ b/scripts/falco-driver-loader
@ -547,8 +547,8 @@ if [[ -z "$MAX_RMMOD_WAIT" ]]; then
 	MAX_RMMOD_WAIT=60
 fi

-DRIVER_VERSION="@PROBE_VERSION@"
-DRIVER_NAME=${DRIVER_NAME:-"@PROBE_NAME@"}
+DRIVER_VERSION="@DRIVER_VERSION@"
+DRIVER_NAME=${DRIVER_NAME:-"@DRIVER_NAME@"}
 FALCO_VERSION="@FALCO_VERSION@"

 DRIVER="module"
--- a/scripts/rpm/postinstall.in
+++ b/scripts/rpm/postinstall.in
@ -15,7 +15,7 @@
 # limitations under the License.
 #

-mod_version="@PROBE_VERSION@"
+mod_version="@DRIVER_VERSION@"
 dkms add -m falco -v $mod_version --rpm_safe_upgrade
 if [ `uname -r | grep -c "BOOT"` -eq 0 ] && [ -e /lib/modules/`uname -r`/build/include ]; then
 	dkms build -m falco -v $mod_version
--- a/scripts/rpm/preuninstall.in
+++ b/scripts/rpm/preuninstall.in
@ -15,5 +15,5 @@
 # limitations under the License.
 #

-mod_version="@PROBE_VERSION@"
+mod_version="@DRIVER_VERSION@"
 dkms remove -m falco -v $mod_version --all --rpm_safe_upgrade
--- a/test/falco_test.py
+++ b/test/falco_test.py
@ -524,10 +524,10 @@ class FalcoTest(Test):
                ["md5sum", "/boot/config-{}".format(kernel_release)]).rstrip()
            config_hash = md5_output.split(" ")[0]

-            probe_filename = "falco-{}-{}-{}-{}.ko".format(
+            driver_filename = "falco-{}-{}-{}-{}.ko".format(
                falco_version, arch, kernel_release, config_hash)
            driver_path = os.path.join(self.falcodir, "driver", "falco.ko")
-            module_path = os.path.join(self.module_dir, probe_filename)
+            module_path = os.path.join(self.module_dir, driver_filename)
            self.log.debug("Copying {} to {}".format(driver_path, module_path))
            shutil.copyfile(driver_path, module_path)

--- a/userspace/falco/config_falco.h.in
+++ b/userspace/falco/config_falco.h.in
@ -30,5 +30,5 @@ limitations under the License.
 #define FALCO_INSTALL_CONF_FILE "/etc/falco/falco.yaml"
 #define FALCO_ENGINE_PLUGINS_DIR "${FALCO_ABSOLUTE_SHARE_DIR}/plugins/"

-#define PROBE_NAME "@PROBE_NAME@"
-#define DRIVER_VERSION "@PROBE_VERSION@"
+#define DRIVER_NAME "@DRIVER_NAME@"
+#define DRIVER_VERSION "@DRIVER_VERSION@"
--- a/userspace/falco/falco.cpp
+++ b/userspace/falco/falco.cpp
@ -1427,7 +1427,7 @@ int falco_init(int argc, char **argv)
 				if (!disable_syscall && !userspace)
 				{
 					// Try to insert the Falco kernel module
-					if(system("modprobe " PROBE_NAME " > /dev/null 2> /dev/null"))
+					if(system("modprobe " DRIVER_NAME " > /dev/null 2> /dev/null"))
 					{
 						falco_logger::log(LOG_ERR, "Unable to load the driver.\n");
 					}