command "falco-driver-loader module" does not install prebuilt-falco-module to /lib/modules #2431
Comments
|
I confirm the prebuilt drivers for both ebpf and kmod exist: See here. They should be correctly installed. |
|
sure, in my case they are downloaded to /root/.falco/4.0.0+driver/x86_64/falco_ubuntu-generic_5.15.0-60-generic_66.ko. But "modprobe falco" fails, because modules should be placed somewhere in /lib/modules/... if i compile the module dmks placed it into /lib/modules/5.15.0-60-generic/updates/dkms/falco.ko and "modprobe falco" is working correctly |
|
so are the prebuilt modules intentionally placed into the home-directory? i would like to understand why? is there any advantage? |
|
I've stumbled into the same problem making it hard to automate / install falco in |
|
we are using ansible for deploying falco. We have additional tasks for compiling the module with "falco-driver-loader --compile module" and enabling/starting the systemd-services. But it would be nice to just use the precompiled module (if it would be placed into the right directory, but this is what this issue is about...) |
|
See also #2574. |
|
Closing it in favor of #2574 |
Describe the bug
After installing Falco via. APT-Repo without DIALOG we run the command "falco-driver-loader module". This downloads the prebuilt module, copies it to /root/.falco/4.0.0+driver/x86_64/falco_ubuntu-generic_5.15.0-60-generic_66.ko and loads it from this location. "systemctl start falco-kmod" fails, because it expects it to load from /lib/modules/5.15.0-60-generic/updates/dkms/falco.ko, but it does not exists.
After deleting /root/.falco/4.0.0+driver/x86_64/falco_ubuntu-generic_5.15.0-60-generic_66.ko and running "falco-driver-loader module --compile" the module /lib/modules/5.15.0-60-generic/updates/dkms/falco.ko exists and "systemctl start falco-kmod" is successful
How to reproduce it
Expected behaviour
If running "falco-driver-loader module" to download precompiled module it should be placed to /lib/modules/...
Falco version:
Falco version: 0.34.1
Libs version: 0.10.4
Plugin API: 2.0.0
Engine: 16
Driver:
API version: 3.0.0
Schema version: 2.0.0
Default driver: 4.0.0+driver
System info:
Thu Feb 23 13:41:06 2023: Falco version: 0.34.1 (x86_64)
Thu Feb 23 13:41:06 2023: Falco initialized with configuration file: /etc/falco/falco.yaml
Thu Feb 23 13:41:06 2023: Loading rules from file /etc/falco/falco_rules.yaml
Thu Feb 23 13:41:07 2023: Loading rules from file /etc/falco/falco_rules.local.yaml
{
"machine": "x86_64",
"nodename": "k8scp-0",
"release": "5.15.0-60-generic",
"sysname": "Linux",
"version": "Add community links to README. #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023"
}
Cloud provider or hardware configuration:
Virtual Machine / Proxmox
OS:
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
Kernel:
Linux k8scp-0 5.15.0-60-generic Add community links to README. #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Installation method:
DEB
The text was updated successfully, but these errors were encountered: