Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

falco-driver-loader and stable docker images need /etc to be mounted #1203

Closed
5 tasks done
leogr opened this issue May 12, 2020 · 7 comments
Closed
5 tasks done

falco-driver-loader and stable docker images need /etc to be mounted #1203

leogr opened this issue May 12, 2020 · 7 comments
Assignees
@leogr
Labels
kind/documentation

Comments

@leogr
Copy link
Member

leogr commented May 12, 2020
edited
Loading

What to document

Since falco-driver-loader from current master tries to infer the driver target from various files in /etc, falcosecurity/falco:lastest and falcosecurity/falco-driver-loader images need the host /etc to be mounted to /host/etc inside the container (e.g -v /etc:/host/etc:ro).

We have to document this.

There's already another issue related to this: https://github.com/falcosecurity/falco/issues/1188#issuecomment-627312495

Furthermore, many installations and third-party integrations may be affected (eg. the helm chart).
helm chart? cc @nestorsalceda @bencer @nibalizer
contrib? cc @maxgio92

TODOs:
This was referenced May 12, 2020
Merged
Closed
@maxgio92
Copy link
Member

maxgio92 commented May 14, 2020
edited
Loading

Thanks @leogr. In the contrib part, I think the manifests are already up to date (except for the driver loader image which must be updated).

Details here.

@leogr
Copy link
Member Author

leogr commented May 15, 2020

I believe the current helm chart is really affected by this issue, see referenced issues above.

@usamaahmadkhan
Copy link

@leogr yes the /etc is mounted on /etc/host with helm value Values.ebpf.settings.mountEtcVolume = true and i'm still seeing this error

@leogr
Copy link
Member Author

leogr commented May 18, 2020

@leogr yes the /etc is mounted on /etc/host with helm value Values.ebpf.settings.mountEtcVolume = true and i'm still seeing this error

Note that ebpf.settings.mountEtcVolume is not enough. Both .Values.ebpf.enabled and .Values.ebpf.settings.mountEtcVolume have to be enabled (see https://github.com/helm/charts/blob/11465c8be7ad5bee3b08553038aa5695d444cafd/stable/falco/templates/daemonset.yaml#L118). But by doing so, `falco-driver-loader will load the eBPF probe instead of the kernel module.
Have you tried with both enabled?

@usamaahmadkhan
Copy link

yes both enabled.

@leogr leogr mentioned this issue May 20, 2020
Merged
@leogr
Copy link
Member Author

leogr commented May 21, 2020

yes both enabled.

Hey @usamaahmadkhan
at this point I'm not sure your issue is related to this. I will investigate more.

@leogr leogr self-assigned this May 21, 2020
@leogr
Copy link
Member Author

leogr commented May 26, 2020
edited
Loading

It seems to me all TODOs have been done

@leogr leogr closed this as completed May 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@leogr leogr

Labels
kind/documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@leogr @maxgio92 @usamaahmadkhan