Falco driver loader enhancements #2165
Conversation
Signed-off-by: Ian Robertson <ian.robertson@wpengine.com>
…parated) Signed-off-by: Ian Robertson <ian.robertson@wpengine.com>
|
Welcome @IanRobertson-wpe! It looks like this is your first PR to falcosecurity/falco 🎉 |
|
cc @FedeDP |
|
/milestone 0.33.0 |
| IFS=", " read -r -a urls <<< "${DRIVERS_REPO}" | ||
| for url in "${urls[@]}"; do | ||
| load_bpf_probe_download $url | ||
| if [ $? -eq 0 ]; then |
There was a problem hiding this comment.
This check is missing from the kmod section above (after load_kernel_module_download $url); is it ok?
There was a problem hiding this comment.
Yes, the load_kernel_module_download function will immediately exit when it gets a good download/install, so I didn't need to do the same check on the errorlevel. If that function is not successful (if we need to try another url) it will return here and the loop can proceed. This is different from the probe wherein I must check the errorlevel to determine success, as that function does not directly exit and always returns.
|
Changes LGTM! |
|
Was able to test this:
|
|
LGTM label has been added. Git tree hash: 448daff7d6380c66a2a71727b35a1f3cc463b50c
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: FedeDP, IanRobertson-wpe The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area engine
What this PR does / why we need it:
This PR introduces changes to the falco-driver-loader script.
to support multiple download URLs in the DRIVERS_REPO environment variable, and to store downloaded drivers in a folder that mirrors the download directory.
The DRIVERS_REPO environment variable can now be used to specify multiple download URLs by separating individual URLs by a comma. URLs will be attempted in order from first to last as specified. Once a successful download has been performed (per a successful result code from curl), any remaining URLs will not be attempted. This will allow, for example, users to specify their own custom driver repo URL without having to duplicate those that are already available in the standard downloads.falco.org repo.
Example:
DRIVERS_REPO="https://myrepo.mycompany.com/mydrivers,https://download.falco.org/driver"
When storing downloaded drivers, falco-driver-loader previously stored these under /root/.falco/. However, falco-driver-loader could load a mismatched DRIVER_VERSION kernel module or eBPF probe as there was no identifying information relating to the locally-stored driver. These drivers will now be stored under /root/.falco/${DRIVER_VERSION}/${ARCH}/, which exactly mirrors the download URL that is constructed. Thus, there is parity between the locally-stored download location and the download path. While preventing mismatched driver versions with Falco, this also provides the advantage of allowing users to pre-load drivers by placing these kernel modules and eBPF probes directly on disk through a distribution mechanism other than DRIVERS_REPO.
Which issue(s) this PR fixes:
N/A
Special notes for your reviewer:
Does this PR introduce a user-facing change?: