github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-01-30 06:00:00 +00:00
Code Issues Projects Releases Wiki Activity
2,308 Commits 122 Branches 184 Tags
ccb7c19b319b704147f97eda8595d5e0925e576b
Commit Graph

166 Commits

Author SHA1 Message Date
Leonardo Di Donato
4b0333cc08 update(docker/falco): SKIP_MODULE_LOAD not supported anymore - use SKIP_DRIVER_LOADER 
When we started to implemented 20200506-artifacts-scope-part-2 proposal
, among a million other things, we renamed `SKIP_MODULE_LOAD` to
`SKIP_DRIVER_LOADER`. We reatained compatibility with `SKIP_MODULE_LOAD`
for a bunch of releases.

Now, after 9 months have passed I think it's time to completely
deprecate it.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2021-04-08 20:40:39 +02:00
Leonardo Grasso
40edfe66ba fix(docker/no-driver): handle urlencoding 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 12:55:11 +01:00
Leonardo Grasso
70ee1093d8 build(docker): fetch packages from download.falco.org 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-26 12:55:11 +01:00
Leonardo Grasso
825e6caf2d build: fetch build deps from download.falco.org 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2021-03-10 18:00:52 +01:00
Shane Lawrence
74164b1ef8 Use default pip version to get avocado version. 
Signed-off-by: Shane Lawrence <shane@lawrence.dev>
 2021-03-05 10:50:27 +01:00
Bart van der Schans
05545f228d Add flex and bison to docker for building bpf module on recent amazon linux2 
Signed-off-by: Bart van der Schans <bart@vanderschans.nl>
 2021-03-05 10:46:10 +01:00
Carlos Panato
5a6cbb190c docs: update link for building from source 
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
 2021-02-04 17:37:57 +01:00
Leonardo Grasso
6ca4e11d8c update(docker): correct container labels 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-11-23 11:26:08 -05:00
Leonardo Grasso
6bc97ca9e7 fix(docker/no-driver): add missing HOST_ROOT env 
Please note that the `HOME` env has been added for consistency purposes with the main docker image.

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-11-23 11:26:08 -05:00
Leonardo Grasso
388de27398 update(docker/tester): split version guessing of Falco version 
Needed by statically linked build of Falco.

Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-13 07:29:01 -04:00
Leonardo Grasso
69d2fa76ff fix(docker/tester): re-enable -e 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Co-Authored-By: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-10-13 07:29:01 -04:00
Leonardo Di Donato
0586a7d33c update(docker/no-driver): use the statically linked falco tarball 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-09-10 15:01:07 +02:00
Lorenzo Fontana
7e9ca5c540 build: run_regression_tests.sh skip packages tests if asked 
Co-Authored-By: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-09-10 15:01:07 +02:00
Lorenzo Fontana
98a5813bd7 build: allow the tester command to retrieve the source and build env 
variables

Co-Authored-By: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Lorenzo Fontana <fontanalorenz@gmail.com>
 2020-09-10 15:01:07 +02:00
Leonardo Grasso
9d88bfd0d4 build: add MINIMAL_BUILD option 
Co-Authored-By: Lorenzo Fontana <fontanalorenz@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-09-10 15:01:07 +02:00
Leonardo Di Donato
e618f005b6 update(docker/tester): use the new run_regression_tests.sh CLI flags 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-07-20 22:48:00 +02:00
Lorenzo Fontana
324a3b88e7 build: remove libyaml-0-2 as dependency in packages and dockerfiles 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-07-16 19:34:39 +02:00
Leonardo Grasso
4d31784a83 fix(docker): correct syntax error in the entrypoint script 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-07-08 12:11:33 +02:00
Leonardo Grasso
ad960a9485 chore(docker): rename SKIP_MODULE_LOAD to SKIP_DRIVER_LOADER 
As per https://github.com/falcosecurity/falco/blob/master/proposals/20200506-artifacts-scope-part-2.md#action-items

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-07-07 12:17:20 +02:00
Leonardo Grasso
4af769f84c new(test): add gRPC unix socket support 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-06-30 13:04:03 +02:00
Leonardo Di Donato
c06ccf8378 update(docker/tester): grpcurl 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-06-30 13:04:03 +02:00
Leonardo Di Donato
3bfd94fefd docs(test): run locally handling python deps with venv 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-05-26 15:01:48 +02:00
Leonardo Grasso
3d3d537d85 update(docker/falco-driver-loader): propagate all args 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-18 15:16:59 +02:00
Leonardo Grasso
368817a95d fix(docker/no-driver): correct config value substitution 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-15 11:20:56 +02:00
Leonardo Grasso
c42cb1858c update(docker/falco): rename folder for naminig consistency 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-14 18:59:29 +02:00
Leonardo Grasso
935d9f5378 fix(docker/no-driver): enable time_format_iso_8601 by default 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-14 18:59:29 +02:00
Leonardo Grasso
2345ea2770 new(docker): add falco-no-driver image 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-14 18:59:29 +02:00
Leonardo Grasso
901239c3c8 docs(docker): add falcosecurity/falco-no-driver image 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-14 18:59:29 +02:00
Leonardo Grasso
0f23a9477f update(docker/OWNERS): add myself to approvers 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-14 14:09:46 +02:00
Leonardo Grasso
0c4074b7a9 update(docker): remove minimal image 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-13 10:39:07 +02:00
Leonardo Grasso
05c684d68c test: add bin package (tar.gz) to integration test 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-12 19:22:49 +02:00
Leonardo Grasso
900a3b5860 refactor(docker): driverloader to falco-driver-loader 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-08 18:08:03 +02:00
Leonardo Grasso
2e703f0565 refactor(docker/driverloader): rename build arg 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-04 15:05:53 +02:00
Leonardo Grasso
24c0e80bd8 chore(docker): clean up unused set -e 
Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-04 11:27:38 +02:00
Leonardo Grasso
5e421c9ac4 docs(docker): add driverloader into supported images 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-04 11:27:38 +02:00
Leonardo Grasso
63259f3885 new(docker/driverloader): docker image to load the driver 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-05-04 11:27:38 +02:00
Leonardo Grasso
9915b9077c update(docker/event-generator): remove the event-generator from the Falco repo 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-04-24 15:40:50 +02:00
Leonardo Grasso
35691b0e05 update(docker): update README.md 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-04-01 11:49:59 +02:00
Leonardo Grasso
ea0f78c2c2 chore(docker): remove kernel/linuxkit and kernel/probeloader images 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-04-01 11:49:59 +02:00
Leonardo Grasso
61e859745d chore(docker): remove RHEL-base image 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2020-04-01 11:49:59 +02:00
Leonardo Di Donato
fbcdb57cea update(docker): entrypoints to call falco-driver-loader now 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-03-23 18:50:06 +01:00
Leonardo Di Donato
c1d840d471 update(test): account only for falco version in tests, not driver version 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-03-23 18:50:06 +01:00
Lorenzo Fontana
9db36822e7 update(docker/tester): python 3 support for regression tests 
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-03-17 21:24:31 +01:00
Leonardo Di Donato
87e8457ce7 docs: bump versions to 0.21.0 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-03-17 15:34:20 +01:00
Mark Stemm
2126616529 Fix image for event generator deployment yaml 
I had a bug in https://github.com/falcosecurity/falco/pull/1088 where
the image name for the event generator was pointing to a temporary tag
instead of latest. This switches the image name back to latest.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-03-12 21:32:24 +01:00
Mark Stemm
6488ea8456 (WIP) K8s Deployment to run event generator w k8s_audit 
Add a deployment yaml that allows running the event generator in a k8s
cluster:

 - Change the event generator to create/delete objects in a namespace
   "falco-eg-sandbox" instead of "falco-event-generator". That way you
   separate the generator from the resources it modifies (mostly, the
   exception being the rolebinding).
 - Create a serviceaccount, clusterrole, and rolebinding that allows the
   event generator to create/list/delete objects in the falco-eg-sandbox
   namespace. The list of permissions is fairly broad mostly so the
   event generator can delete all resources without explicitly naming
   them. The binding does limit permissions to the falco-eg-sandbox
   namespace, though.

A one-line way to run this would be:

kubectl create namespace falco-event-generator && \
  kubectl create namespace falco-eg-sandbox && \
  kubectl apply -f event-generator-role-rolebinding-serviceaccount.yaml && \
  kubectl apply -f event-generator-k8saudit-deployment.yaml

I haven't actually pushed a new docker image to replace the current
event generator yet--the deployment yaml refers to a placeholder
falcosecurity/falco-event-generator:eg-sandbox image. Once the review is
done I'll rebase this to change the image to latest before merging.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-03-12 13:12:40 +01:00
Mark Stemm
3fd67aa5c3 K8s Daemonset to run event generator w/ syscalls 
Add a Daemonset yaml that allows running the falco event generator on
syscalls. It will run on any non-master node.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2020-03-12 13:12:40 +01:00
Leonardo Di Donato
de5cd1ce6f update(docker): latest or explicit FALCO_VERSION for docker images via docker build argument 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-03-10 20:46:52 +01:00
Lorenzo Fontana
941313b1f1 fix(docker/minimal): untar of downloaded falco package 
Co-Authored-By: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Lorenzo Fontana <lo@linux.com>
 2020-03-06 11:53:28 +01:00
Leonardo Di Donato
272bb59df4 update(docker): reorganize docker images with build arguments 
Using the VERSION_BUCKET build arguments at docker build time users can now choose from which Falco version to build them.

Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
 2020-02-28 17:32:38 +01:00