mirror of
https://github.com/falcosecurity/falco.git
synced 2025-11-13 08:59:39 +00:00
858a69bb2c
This helps when running on a system which has the module loaded, but getting access to the module file is hard for some reason. Since I know that the right version of the module is loaded I just want falco to connect. I tested this with this run command: docker run -e SYSDIG_SKIP_LOAD=1 -it -v /dev:/host/dev -v /proc:/host/proc --privileged falco And it successfully connected to Sysdig and started printing out warnings for my system. falco-CLA-1.0-signed-off-by: Carl Sverre accounts@carlsverre.com
18 lines
353 B
Bash
Executable File
18 lines
353 B
Bash
Executable File
#!/bin/bash
|
|
#set -e
|
|
|
|
# Set the SYSDIG_SKIP_LOAD variable to skip loading the sysdig kernel module
|
|
|
|
if [[ -z "${SYSDIG_SKIP_LOAD}" ]]; then
|
|
echo "* Setting up /usr/src links from host"
|
|
|
|
for i in $(ls $SYSDIG_HOST_ROOT/usr/src)
|
|
do
|
|
ln -s $SYSDIG_HOST_ROOT/usr/src/$i /usr/src/$i
|
|
done
|
|
|
|
/usr/bin/sysdig-probe-loader
|
|
fi
|
|
|
|
exec "$@"
|