Falco unable to start: "error opening device /host/dev/falco0"

[bzurkowski]

On startup, Falco falls into CrashLoopBackoff with the following error:

* Setting up /usr/src links from host
* Unloading falco-probe, if present
* Running dkms install for falco
Error! echo
Your kernel headers for kernel 3.10.0-957.el7.x86_64 cannot be found at
/lib/modules/3.10.0-957.el7.x86_64/build or /lib/modules/3.10.0-957.el7.x86_64/source.
* Running dkms build failed, couldn't find /var/lib/dkms/falco/a259b4bf49c3330d9ad6c3eed9eb1a31954259a6/build/make.log
* Trying to load a system falco-probe, if present
* Trying to find precompiled falco-probe for 3.10.0-957.el7.x86_64
Found kernel config at /host/boot/config-3.10.0-957.el7.x86_64
* Trying to download precompiled module from https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/falco-probe-a259b4bf49c3330d9ad6c3eed9eb1a31954259a6-x86_64-3.10.0-957.el7.x86_64-ab9d808cad44a11f32105a24b5acda29.ko
curl: (6) Could not resolve host: s3.amazonaws.com
Download failed, consider compiling your own falco-probe and loading it or getting in touch with the Falco community
Fri Apr 17 10:09:53 2020: Falco initialized with configuration file /etc/falco/falco.yaml
Fri Apr 17 10:09:53 2020: Loading rules from file /etc/falco/falco_rules.yaml:
Fri Apr 17 10:09:54 2020: Loading rules from file /etc/falco/falco_rules.local.yaml:
Fri Apr 17 10:09:54 2020: Loading rules from file /etc/falco/k8s_audit_rules.yaml:
Fri Apr 17 10:09:54 2020: Unable to load the driver. Exiting.
Fri Apr 17 10:09:54 2020: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco-probe module is loaded.. Exiting.

[bzurkowski]

It's related to loading Falco kernel module. This issue can be partially solved by disabling the sycall event source: --set extraArgs={--disable-source=syscall}.