mirror of
https://github.com/falcosecurity/falco.git
synced 2026-03-19 19:22:05 +00:00
ec5adfe892
Start packaging (and building when necessary) a falco-specific kernel module in falco releases. Previously, falco would depend on sysdig and use its kernel module instead. The kernel module was already templated to some degree in various places, so we just had to change the templated name from sysdig/sysdig-probe to falco/falco-probe. In containers, run falco-probe-loader instead of sysdig-probe-loader. This is actually a script in the sysdig repository which is modified in https://github.com/draios/sysdig/pull/789, and uses the filename to indicate what kernel module to build and/or load. For the falco package itself, don't depend on sysdig any longer but instead depend on dkms and its dependencies, using sysdig as a guide on the set of required packages. Additionally, for the package pre-install/post-install scripts start running falco-probe-loader. Finally, add a --version argument to falco so it can pass the desired version string to falco-probe-loader.
51 lines
1.5 KiB
Docker
51 lines
1.5 KiB
Docker
FROM debian:unstable
|
|
|
|
MAINTAINER Sysdig <support@sysdig.com>
|
|
|
|
ENV FALCO_VERSION 0.1.1dev
|
|
|
|
LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE"
|
|
|
|
ENV SYSDIG_HOST_ROOT /host
|
|
|
|
ENV HOME /root
|
|
|
|
RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
|
|
|
|
ADD http://download.draios.com/apt-draios-priority /etc/apt/preferences.d/
|
|
|
|
RUN echo "deb http://httpredir.debian.org/debian jessie main" > /etc/apt/sources.list.d/jessie.list \
|
|
&& apt-get update \
|
|
&& apt-get install -y --no-install-recommends \
|
|
bash-completion \
|
|
curl \
|
|
jq \
|
|
gnupg2 \
|
|
ca-certificates \
|
|
gcc \
|
|
gcc-5 \
|
|
gcc-4.9 \
|
|
dkms && rm -rf /var/lib/apt/lists/*
|
|
|
|
# Since our base Debian image ships with GCC 5.0 which breaks older kernels, revert the
|
|
# default to gcc-4.9. Also, since some customers use some very old distributions whose kernel
|
|
# makefile is hardcoded for gcc-4.6 or so (e.g. Debian Wheezy), we pretend to have gcc 4.6/4.7
|
|
# by symlinking it to 4.9
|
|
|
|
RUN rm -rf /usr/bin/gcc \
|
|
&& ln -s /usr/bin/gcc-4.9 /usr/bin/gcc \
|
|
&& ln -s /usr/bin/gcc-4.9 /usr/bin/gcc-4.8 \
|
|
&& ln -s /usr/bin/gcc-4.9 /usr/bin/gcc-4.7 \
|
|
&& ln -s /usr/bin/gcc-4.9 /usr/bin/gcc-4.6
|
|
|
|
RUN ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules
|
|
|
|
ADD falco-${FALCO_VERSION}-x86_64.deb /
|
|
RUN dpkg -i /falco-${FALCO_VERSION}-x86_64.deb
|
|
|
|
COPY ./docker-entrypoint.sh /
|
|
|
|
ENTRYPOINT ["/docker-entrypoint.sh"]
|
|
|
|
CMD ["/usr/bin/falco"]
|