diff --git a/Example_configs.md b/Example_configs.md index 0cfb2486..c782c30e 100644 --- a/Example_configs.md +++ b/Example_configs.md @@ -7,7 +7,6 @@ kernelrelease: 4.19.91-26.al7.x86_64 target: alinux output: module: /tmp/falco_alinux_4.19.91-26.al7.x86_64.ko - probe: /tmp/falco_alinux_4.19.91-26.al7.x86_64.o driverversion: master ``` @@ -18,7 +17,6 @@ kernelrelease: 5.10.84-10.4.al8.x86_64 target: alinux output: module: /tmp/falco_alinux_4.19.91-26.al7.x86_64.ko - probe: /tmp/falco_alinux_4.19.91-26.al7.x86_64.o driverversion: master ``` @@ -29,7 +27,6 @@ kernelrelease: 5.14.0-162.12.1.el9_1.x86_64 target: almalinux output: module: /tmp/falco_almalinux_5.14.0-162.12.1.el9_1.x86_64.ko - probe: /tmp/falco_almalinux_5.14.0-162.12.1.el9_1.x86_64.o driverversion: master ``` @@ -50,7 +47,6 @@ kernelrelease: 4.14.171-136.231.amzn2.x86_64 target: amazonlinux2 output: module: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.ko - probe: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.o driverversion: master ``` @@ -61,13 +57,12 @@ kernelrelease: 5.10.96-90.460.amzn2022.x86_64 target: amazonlinux2022 output: module: /tmp/falco_amazonlinux2022_5.10.96-90.460.amzn2022.x86_64.ko - probe: /tmp/falco_amazonlinux2022_5.10.96-90.460.amzn2022.x86_64.o driverversion: master ``` ## archlinux -Example configuration file to build both the Kernel module and eBPF probe for Archlinux. +Example configuration file to build both the Kernel module for Archlinux. Note: archlinux target uses the [Arch Linux Archive](https://wiki.archlinux.org/title/Arch_Linux_Archive) to fetch all ever supported kernel releases. For arm64, it uses an user-provided mirror, as no official mirror is available: http://tardis.tiny-vps.com/aarm/. @@ -79,7 +74,6 @@ kernelrelease: 6.0.6.arch1-1 target: arch output: module: /tmp/falco-arch.ko - probe: /tmp/falco-arch.o driverversion: master builderimage: ${ARCH_BUILD_IMAGE_HERE} ``` @@ -119,14 +113,13 @@ driverversion: master ## debian -Example configuration file to build both the Kernel module and eBPF probe for Debian. +Example configuration file to build both the Kernel module for Debian. ```yaml kernelrelease: 4.19.0-6-amd64 kernelversion: 1 output: module: /tmp/falco-debian.ko - probe: /tmp/falco-debian.o target: debian driverversion: master ``` @@ -144,7 +137,7 @@ driverversion: master ## flatcar -Example configuration file to build both the Kernel module and eBPF probe for Flatcar. +Example configuration file to build both the Kernel module for Flatcar. The Flatcar release version needs to be provided in the `kernelrelease` field instead of the kernel version; moreover, kernelconfigdata must be provided. @@ -153,13 +146,12 @@ kernelrelease: 3185.0.0 target: flatcar output: module: /tmp/falco-flatcar-3185.0.0.ko - probe: /tmp/falco-flatcar-3185.0.0.o driverversion: master kernelconfigdata: Q09ORklHX0ZBTk9USUZZPXkKQ09ORklHX0t... ``` ## minikube -Example configuration file to build both the Kernel module and eBPF probe for Minikube. +Example configuration file to build both the Kernel module for Minikube. ```yaml kernelversion: 1_1.26.0 kernelrelease: 5.10.57 @@ -167,7 +159,6 @@ target: minikube architecture: amd64 output: module: /tmp/falco_minikube_5.10.57_1_1.26.0.ko - probe: /tmp/falco_minikube_5.10.57_1_1.26.0.o kernelconfigdata: Q09ORklHX0ZBTk9USUZZPXkKQ09ORklHX0t... ``` @@ -221,7 +212,6 @@ kernelrelease: 4.18.0-372.9.1.el8.x86_64 target: redhat output: module: /tmp/falco-redhat8.ko - probe: /tmp/falco-redhat8.o driverversion: master builderimage: redhat/ubi8:rhel8_driverkit ``` @@ -254,7 +244,6 @@ kernelrelease: 5.14.0-70.13.1.el9_0.x86_64 target: redhat output: module: /tmp/falco-redhat9.ko - probe: /tmp/falco-redhat9.o driverversion: master builderimage: docker.io/redhat/ubi9:rhel9_driverkit ``` @@ -300,12 +289,11 @@ kernelrelease: 5.14.0-162.18.1.el9_1.x86_64 target: rocky output: module: /tmp/falco_almalinux_5.14.0-162.18.1.el9_1.x86_64.ko - probe: /tmp/falco_almalinux_5.14.0-162.18.1.el9_1.x86_64.o driverversion: master ``` ## ubuntu -Example configuration file to build both the Kernel module and eBPF probe for Ubuntu (works with any flavor!). +Example configuration file to build both the Kernel module for Ubuntu (works with any flavor!). ```yaml kernelrelease: 5.0.0-1021-aws-5.0 @@ -313,13 +301,12 @@ kernelversion: 24~18.04.1 target: ubuntu output: module: /tmp/falco-ubuntu-generic.ko - probe: /tmp/falco-ubuntu-generic.o driverversion: master ``` ## ubuntu-aws -Example configuration file to build both the Kernel module and eBPF probe for Ubuntu AWS. +Example configuration file to build both the Kernel module for Ubuntu AWS. ```yaml kernelrelease: 4.15.0-1057-aws @@ -327,7 +314,6 @@ kernelversion: 59 target: ubuntu-aws output: module: /tmp/falco-ubuntu-aws.ko - probe: /tmp/falco-ubuntu-aws.o driverversion: master ``` @@ -335,7 +321,7 @@ driverversion: master > and should not be used in new configs. ## ubuntu-generic -Example configuration file to build both the Kernel module and eBPF probe for Ubuntu generic. +Example configuration file to build both the Kernel module for Ubuntu generic. ```yaml kernelrelease: 4.15.0-72-generic @@ -343,7 +329,6 @@ kernelversion: 81 target: ubuntu-generic output: module: /tmp/falco-ubuntu-generic.ko - probe: /tmp/falco-ubuntu-generic.o driverversion: master ``` @@ -362,7 +347,6 @@ kernelversion: 1 target: vanilla output: module: /tmp/falco-vanilla.ko - probe: /tmp/falco-vanilla.o driverversion: 0de226085cc4603c45ebb6883ca4cacae0bd25b2 ``` diff --git a/README.md b/README.md index 61b7fda5..afda056b 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ [![Go Report Card](https://goreportcard.com/badge/github.com/falcosecurity/driverkit?style=for-the-badge)](https://goreportcard.com/report/github.com/falcosecurity/driverkit) [![Docker pulls](https://img.shields.io/docker/pulls/falcosecurity/driverkit?style=for-the-badge)](https://hub.docker.com/r/falcosecurity/driverkit) -A command line tool that can be used to build the [Falco](https://github.com/falcosecurity/falco) kernel module and eBPF probe. +A command line tool that can be used to build the [Falco](https://github.com/falcosecurity/falco) kernel module. ## Glossary @@ -85,7 +85,6 @@ kernelversion: 59 target: ubuntu-aws output: module: /tmp/falco-ubuntu-aws.ko - probe: /tmp/falco-ubuntu-aws.o driverversion: master ``` diff --git a/cmd/cli_test.go b/cmd/cli_test.go index 949b78d3..7615dab6 100644 --- a/cmd/cli_test.go +++ b/cmd/cli_test.go @@ -130,7 +130,6 @@ var tests = []testCase{ "ubuntu-aws", "--output-module", "/tmp/falco-ubuntu-aws.ko", - "--output-probe", "/tmp/falco-ubuntu-aws.o", "--loglevel", "debug", @@ -144,7 +143,6 @@ var tests = []testCase{ env: map[string]string{ "DRIVERKIT_KERNELVERSION": "59", "DRIVERKIT_OUTPUT_MODULE": "/tmp/falco-ubuntu-aws.ko", - "DRIVERKIT_OUTPUT_PROBE": "/tmp/falco-ubuntu-aws.o", }, args: []string{ "docker", diff --git a/cmd/docker.go b/cmd/docker.go index a99e9f6b..23fbb436 100644 --- a/cmd/docker.go +++ b/cmd/docker.go @@ -16,6 +16,7 @@ package cmd import ( "bytes" + "github.com/falcosecurity/driverkit/pkg/driverbuilder" "github.com/falcosecurity/driverkit/pkg/driverbuilder/builder" "github.com/spf13/cobra" @@ -26,7 +27,7 @@ import ( func NewDockerCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command { dockerCmd := &cobra.Command{ Use: "docker", - Short: "Build Falco kernel modules and eBPF probes against a docker daemon.", + Short: "Build Falco kernel modules against a docker daemon.", RunE: func(c *cobra.Command, args []string) error { configOpts.Printer.Logger.Info("starting build", configOpts.Printer.Logger.Args("processor", c.Name())) diff --git a/cmd/kubernetes.go b/cmd/kubernetes.go index 0859543f..8765117e 100644 --- a/cmd/kubernetes.go +++ b/cmd/kubernetes.go @@ -31,7 +31,7 @@ import ( func NewKubernetesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command { kubernetesCmd := &cobra.Command{ Use: "kubernetes", - Short: "Build Falco kernel modules and eBPF probes against a Kubernetes cluster.", + Short: "Build Falco kernel modules against a Kubernetes cluster.", Aliases: []string{"k8s"}, } diff --git a/cmd/kubernetes_in_cluster.go b/cmd/kubernetes_in_cluster.go index 31a1e81f..7cfba031 100644 --- a/cmd/kubernetes_in_cluster.go +++ b/cmd/kubernetes_in_cluster.go @@ -29,7 +29,7 @@ import ( func NewKubernetesInClusterCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command { kubernetesInClusterCmd := &cobra.Command{ Use: "kubernetes-in-cluster", - Short: "Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.", + Short: "Build Falco kernel modules against a Kubernetes cluster inside a Kubernetes cluster.", Aliases: []string{"k8s-ic"}, } diff --git a/cmd/local.go b/cmd/local.go index 05913688..4a730325 100644 --- a/cmd/local.go +++ b/cmd/local.go @@ -20,7 +20,7 @@ func NewLocalCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pf opts := localCmdOptions{} localCmd := &cobra.Command{ Use: "local", - Short: "Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.", + Short: "Build Falco kernel modules in local env with local kernel sources and gcc/clang.", RunE: func(c *cobra.Command, args []string) error { configOpts.Printer.Logger.Info("starting build", configOpts.Printer.Logger.Args("processor", c.Name())) diff --git a/cmd/root.go b/cmd/root.go index 6348575a..ce1c5f35 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -49,7 +49,6 @@ func persistentValidateFunc(rootCommand *RootCmd, configOpts *ConfigOptions, roo } nested := map[string]string{ // handle nested options in config file "output-module": "output.module", - "output-probe": "output.probe", } rootCommand.c.Flags().VisitAll(func(f *pflag.Flag) { if name := f.Name; !skip[name] { @@ -109,7 +108,7 @@ type RootCmd struct { func NewRootCmd(configOpts *ConfigOptions, rootOpts *RootOptions) *RootCmd { rootCmd := &cobra.Command{ Use: "driverkit", - Short: "A command line tool to build Falco kernel modules and eBPF probes.", + Short: "A command line tool to build Falco kernel modules.", ValidArgs: validProcessors, ArgAliases: aliasProcessors, Args: cobra.OnlyValidArgs, diff --git a/cmd/root_options.go b/cmd/root_options.go index 3793db6f..d8a2c297 100644 --- a/cmd/root_options.go +++ b/cmd/root_options.go @@ -16,12 +16,13 @@ package cmd import ( "errors" - "github.com/falcosecurity/falcoctl/pkg/output" - "github.com/spf13/pflag" "os" "runtime" "strings" + "github.com/falcosecurity/falcoctl/pkg/output" + "github.com/spf13/pflag" + "github.com/creasty/defaults" "github.com/falcosecurity/driverkit/pkg/driverbuilder/builder" "github.com/falcosecurity/driverkit/pkg/kernelrelease" @@ -29,14 +30,13 @@ import ( "github.com/go-playground/validator/v10" ) -// OutputOptions wraps the two drivers that driverkit builds. +// OutputOptions wraps the driver that driverkit builds. type OutputOptions struct { - Module string `validate:"required_without=Probe,filepath,omitempty,endswith=.ko" name:"output module path"` - Probe string `validate:"required_without=Module,filepath,omitempty,endswith=.o" name:"output probe path"` + Module string `validate:"required,filepath,omitempty,endswith=.ko" name:"output module path"` } func (oo *OutputOptions) HasOutputs() bool { - return oo.Module != "" || oo.Probe != "" + return oo.Module != "" } type RepoOptions struct { @@ -90,17 +90,17 @@ func (ro *RootOptions) Validate() []error { errors.As(err, &errs) errArr := []error{} for _, e := range errs { - // Translate each error one at a time + // Translate each error one at a time. errArr = append(errArr, errors.New(e.Translate(validate.T))) } return errArr } - // check that the kernel versions supports at least one of probe and module + // check that the kernel versions supports the module. kr := kernelrelease.FromString(ro.KernelRelease) kr.Architecture = kernelrelease.Architecture(ro.Architecture) - if !kr.SupportsModule() && !kr.SupportsProbe() { - return []error{errors.New("both module and probe are not supported by given options")} + if !kr.SupportsModule() { + return []error{errors.New("module is not supported by given options")} } return nil @@ -108,7 +108,6 @@ func (ro *RootOptions) Validate() []error { func (ro *RootOptions) AddFlags(flags *pflag.FlagSet, targets []string) { flags.StringVar(&ro.Output.Module, "output-module", ro.Output.Module, "filepath where to save the resulting kernel module") - flags.StringVar(&ro.Output.Probe, "output-probe", ro.Output.Probe, "filepath where to save the resulting eBPF probe") flags.StringVar(&ro.Architecture, "architecture", runtime.GOARCH, "target architecture for the built driver, one of "+kernelrelease.SupportedArchs.String()) flags.StringVar(&ro.DriverVersion, "driverversion", ro.DriverVersion, "driver version as a git commit hash or as a git tag") flags.StringVar(&ro.KernelVersion, "kernelversion", ro.KernelVersion, "kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v'") @@ -117,7 +116,7 @@ func (ro *RootOptions) AddFlags(flags *pflag.FlagSet, targets []string) { flags.StringVar(&ro.KernelConfigData, "kernelconfigdata", ro.KernelConfigData, "base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc") flags.StringVar(&ro.ModuleDeviceName, "moduledevicename", ro.ModuleDeviceName, "kernel module device name (the default is falco, so the device will be under /dev/falco*)") flags.StringVar(&ro.ModuleDriverName, "moduledrivername", ro.ModuleDriverName, "kernel module driver name, i.e. the name you see when you check installed modules via lsmod") - flags.StringVar(&ro.BuilderImage, "builderimage", ro.BuilderImage, "docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.") + flags.StringVar(&ro.BuilderImage, "builderimage", ro.BuilderImage, "docker image to be used to build the kernel module. If not provided, an automatically selected image will be used.") flags.StringSliceVar(&ro.BuilderRepos, "builderrepo", ro.BuilderRepos, "list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:, name:, arch: , tag: , gcc_versions: [ ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'.") flags.StringVar(&ro.GCCVersion, "gccversion", ro.GCCVersion, "enforce a specific gcc version for the build") @@ -139,7 +138,6 @@ func (ro *RootOptions) Log(printer *output.Printer) { printer.Logger.Debug("running with options", printer.Logger.Args( "output-module", ro.Output.Module, - "output-probe", ro.Output.Probe, "driverversion", ro.DriverVersion, "kernelrelease", ro.KernelRelease, "kernelversion", ro.KernelVersion, @@ -165,7 +163,6 @@ func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build { Architecture: ro.Architecture, KernelConfigData: kernelConfigData, ModuleFilePath: ro.Output.Module, - ProbeFilePath: ro.Output.Probe, ModuleDriverName: ro.ModuleDriverName, ModuleDeviceName: ro.ModuleDeviceName, GCCVersion: ro.GCCVersion, @@ -209,11 +206,6 @@ func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build { printer.Logger.Warn("skipping build attempt of module for unsupported kernel release", printer.Logger.Args("kernelrelease", kr.String())) } - if len(build.ProbeFilePath) > 0 && !kr.SupportsProbe() { - build.ProbeFilePath = "" - printer.Logger.Warn("skipping build attempt of probe for unsupported kernel release", - printer.Logger.Args("kernelrelease", kr.String())) - } return build } diff --git a/cmd/testdata/configs/1.yaml b/cmd/testdata/configs/1.yaml index 0f2d41e0..98cd8d76 100644 --- a/cmd/testdata/configs/1.yaml +++ b/cmd/testdata/configs/1.yaml @@ -3,5 +3,4 @@ kernelversion: 59 target: ubuntu-aws output: module: /tmp/falco-ubuntu-aws.ko - probe: /tmp/falco-ubuntu-aws.o driverversion: master diff --git a/cmd/testdata/configs/2.yaml b/cmd/testdata/configs/2.yaml index ca6d01fc..9260a15a 100644 --- a/cmd/testdata/configs/2.yaml +++ b/cmd/testdata/configs/2.yaml @@ -7,5 +7,4 @@ kernelurls: [ target: ubuntu-aws output: module: /tmp/falco-ubuntu-aws.ko - probe: /tmp/falco-ubuntu-aws.o driverversion: master diff --git a/cmd/testdata/docker-from-config-debug.txt b/cmd/testdata/docker-from-config-debug.txt index 17ed232c..4a5824f5 100644 --- a/cmd/testdata/docker-from-config-debug.txt +++ b/cmd/testdata/docker-from-config-debug.txt @@ -1,7 +1,6 @@ INFO using config file file: testdata/configs/1.yaml DEBUG running with options ├ output-module: /tmp/falco-ubuntu-aws.ko - ├ output-probe: /tmp/falco-ubuntu-aws.o ├ driverversion: master ├ kernelrelease: 4.15.0-1057-aws ├ kernelversion: 59 diff --git a/cmd/testdata/docker-override-from-config-debug.txt b/cmd/testdata/docker-override-from-config-debug.txt index 8f4d5bfa..04a46363 100644 --- a/cmd/testdata/docker-override-from-config-debug.txt +++ b/cmd/testdata/docker-override-from-config-debug.txt @@ -1,7 +1,6 @@ INFO using config file file: testdata/configs/1.yaml DEBUG running with options ├ output-module: /tmp/override.ko - ├ output-probe: /tmp/falco-ubuntu-aws.o ├ driverversion: master ├ kernelrelease: 4.15.0-1057-aws ├ kernelversion: 229 diff --git a/cmd/testdata/docker-override-urls-from-config-debug.txt b/cmd/testdata/docker-override-urls-from-config-debug.txt index a97c8abd..b2520100 100644 --- a/cmd/testdata/docker-override-urls-from-config-debug.txt +++ b/cmd/testdata/docker-override-urls-from-config-debug.txt @@ -1,7 +1,6 @@ INFO using config file file: testdata/configs/2.yaml DEBUG running with options ├ output-module: /tmp/falco-ubuntu-aws.ko - ├ output-probe: /tmp/falco-ubuntu-aws.o ├ driverversion: master ├ kernelrelease: 4.15.0-1057-aws ├ kernelversion: 59 diff --git a/cmd/testdata/docker-related-target-debug.txt b/cmd/testdata/docker-related-target-debug.txt index 3d3212dc..d5c67027 100644 --- a/cmd/testdata/docker-related-target-debug.txt +++ b/cmd/testdata/docker-related-target-debug.txt @@ -1,7 +1,6 @@ DEBUG running without a configuration file DEBUG running with options ├ output-module: /tmp/falco-ubuntu-azure.ko - ├ output-probe: /tmp/falco-ubuntu-aws.o ├ driverversion: master ├ kernelrelease: 4.15.0-1057-azure ├ kernelversion: 62 diff --git a/cmd/testdata/docker-with-flags-debug.txt b/cmd/testdata/docker-with-flags-debug.txt index cd954024..caccd4f5 100644 --- a/cmd/testdata/docker-with-flags-debug.txt +++ b/cmd/testdata/docker-with-flags-debug.txt @@ -1,7 +1,6 @@ DEBUG running without a configuration file DEBUG running with options ├ output-module: /tmp/falco-ubuntu-aws.ko - ├ output-probe: /tmp/falco-ubuntu-aws.o ├ driverversion: master ├ kernelrelease: 4.15.0-1057-aws ├ kernelversion: 59 diff --git a/cmd/testdata/dockernoopts.txt b/cmd/testdata/dockernoopts.txt index 763f754f..7c2069fc 100644 --- a/cmd/testdata/dockernoopts.txt +++ b/cmd/testdata/dockernoopts.txt @@ -1,7 +1,4 @@ ERROR error validating build options err: kernel release is a required field ERROR error validating build options err: target is a required field -ERROR error validating build options - └ err: output module path is required when probe is missing -ERROR error validating build options - └ err: output probe path is required when module is missing +ERROR error validating build options err: output module path is a required field ERROR error executing driverkit err: exiting for validation errors diff --git a/cmd/testdata/templates/commands.txt b/cmd/testdata/templates/commands.txt index 89eaee27..7356dbb8 100644 --- a/cmd/testdata/templates/commands.txt +++ b/cmd/testdata/templates/commands.txt @@ -1,8 +1,8 @@ Available Commands: completion Generates completion scripts. - docker Build Falco kernel modules and eBPF probes against a docker daemon. + docker Build Falco kernel modules against a docker daemon. help Help about any command images List builder images - kubernetes Build Falco kernel modules and eBPF probes against a Kubernetes cluster. - kubernetes-in-cluster Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster. - local Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang. \ No newline at end of file + kubernetes Build Falco kernel modules against a Kubernetes cluster. + kubernetes-in-cluster Build Falco kernel modules against a Kubernetes cluster inside a Kubernetes cluster. + local Build Falco kernel modules in local env with local kernel sources and gcc/clang. \ No newline at end of file diff --git a/cmd/testdata/templates/desc.txt b/cmd/testdata/templates/desc.txt index c47961bb..59dc9670 100644 --- a/cmd/testdata/templates/desc.txt +++ b/cmd/testdata/templates/desc.txt @@ -1 +1 @@ -A command line tool to build Falco kernel modules and eBPF probes. \ No newline at end of file +A command line tool to build Falco kernel modules. \ No newline at end of file diff --git a/cmd/testdata/templates/flags.txt b/cmd/testdata/templates/flags.txt index 2129531c..7fbb7b2d 100644 --- a/cmd/testdata/templates/flags.txt +++ b/cmd/testdata/templates/flags.txt @@ -1,6 +1,6 @@ Flags: --architecture string target architecture for the built driver, one of {{ .Architectures }} (default "{{ .CurrentArch }}") - --builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used. + --builderimage string docker image to be used to build the kernel module. If not provided, an automatically selected image will be used. --builderrepo strings list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:, name:, arch: , tag: , gcc_versions: [ ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder]) -c, --config string config file path (default $HOME/.driverkit.yaml if exists) --driverversion string driver version as a git commit hash or as a git tag (default "master") @@ -15,7 +15,6 @@ Flags: --moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco") --moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco") --output-module string filepath where to save the resulting kernel module - --output-probe string filepath where to save the resulting eBPF probe --proxy string the proxy to use to download data --registry-name string registry name to which authenticate --registry-password string registry password diff --git a/docs/builder.md b/docs/builder.md index 663fe720..67d15503 100644 --- a/docs/builder.md +++ b/docs/builder.md @@ -136,7 +136,7 @@ export KERNELDIR=/tmp/kernel ``` Once you have those, based on what that kernel can do and based on what was configured -by the user, the build script will build the kernel module driver and/or the eBPF probe driver. +by the user, the build script will build the kernel module driver. Example build template for archlinux: ```bash set -xeuo pipefail @@ -152,12 +152,6 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} ``` How does this work? @@ -165,7 +159,6 @@ How does this work? If the user specifies: - `c.Build.ModuleFilePath` you will need to build the kernel module and save it in /tmp/driver/falco.ko` -- `c.Build.ProbeFilePath` you will need to build the eBPF probe and save it in /tmp/driver/probe.o` The `/tmp/driver` MUST be interpolated from the `DriverDirectory` constant from [`builders.go`](/pkg/driverbuilder/builder/builders.go). diff --git a/docs/driverkit.md b/docs/driverkit.md index 9611c354..a7ed9246 100644 --- a/docs/driverkit.md +++ b/docs/driverkit.md @@ -1,6 +1,6 @@ ## driverkit -A command line tool to build Falco kernel modules and eBPF probes. +A command line tool to build Falco kernel modules. ``` driverkit @@ -10,7 +10,7 @@ driverkit ``` --architecture string target architecture for the built driver, one of [amd64,arm64] (default "amd64") - --builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used. + --builderimage string docker image to be used to build the kernel module. If not provided, an automatically selected image will be used. --builderrepo strings list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:, name:, arch: , tag: , gcc_versions: [ ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder]) -c, --config string config file path (default $HOME/.driverkit.yaml if exists) --driverversion string driver version as a git commit hash or as a git tag (default "master") @@ -25,7 +25,6 @@ driverkit --moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco") --moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco") --output-module string filepath where to save the resulting kernel module - --output-probe string filepath where to save the resulting eBPF probe --proxy string the proxy to use to download data --registry-name string registry name to which authenticate --registry-password string registry password @@ -40,9 +39,9 @@ driverkit ### SEE ALSO * [driverkit completion](driverkit_completion.md) - Generates completion scripts. -* [driverkit docker](driverkit_docker.md) - Build Falco kernel modules and eBPF probes against a docker daemon. +* [driverkit docker](driverkit_docker.md) - Build Falco kernel modules against a docker daemon. * [driverkit images](driverkit_images.md) - List builder images -* [driverkit kubernetes](driverkit_kubernetes.md) - Build Falco kernel modules and eBPF probes against a Kubernetes cluster. -* [driverkit kubernetes-in-cluster](driverkit_kubernetes-in-cluster.md) - Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster. -* [driverkit local](driverkit_local.md) - Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang. +* [driverkit kubernetes](driverkit_kubernetes.md) - Build Falco kernel modules against a Kubernetes cluster. +* [driverkit kubernetes-in-cluster](driverkit_kubernetes-in-cluster.md) - Build Falco kernel modules against a Kubernetes cluster inside a Kubernetes cluster. +* [driverkit local](driverkit_local.md) - Build Falco kernel modules in local env with local kernel sources and gcc/clang. diff --git a/docs/driverkit_completion.md b/docs/driverkit_completion.md index b2fdbfb8..bbf3d49d 100644 --- a/docs/driverkit_completion.md +++ b/docs/driverkit_completion.md @@ -29,5 +29,5 @@ driverkit completion (bash|zsh|fish|help) [flags] ### SEE ALSO -* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules and eBPF probes. +* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules. diff --git a/docs/driverkit_docker.md b/docs/driverkit_docker.md index f500e257..af2aff1b 100644 --- a/docs/driverkit_docker.md +++ b/docs/driverkit_docker.md @@ -1,6 +1,6 @@ ## driverkit docker -Build Falco kernel modules and eBPF probes against a docker daemon. +Build Falco kernel modules against a docker daemon. ``` driverkit docker [flags] @@ -10,7 +10,7 @@ driverkit docker [flags] ``` --architecture string target architecture for the built driver, one of [amd64,arm64] (default "amd64") - --builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used. + --builderimage string docker image to be used to build the kernel module. If not provided, an automatically selected image will be used. --builderrepo strings list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:, name:, arch: , tag: , gcc_versions: [ ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder]) -c, --config string config file path (default $HOME/.driverkit.yaml if exists) --driverversion string driver version as a git commit hash or as a git tag (default "master") @@ -25,7 +25,6 @@ driverkit docker [flags] --moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco") --moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco") --output-module string filepath where to save the resulting kernel module - --output-probe string filepath where to save the resulting eBPF probe --proxy string the proxy to use to download data --registry-name string registry name to which authenticate --registry-password string registry password @@ -39,5 +38,5 @@ driverkit docker [flags] ### SEE ALSO -* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules and eBPF probes. +* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules. diff --git a/docs/driverkit_images.md b/docs/driverkit_images.md index 541de565..1a8db001 100644 --- a/docs/driverkit_images.md +++ b/docs/driverkit_images.md @@ -10,7 +10,7 @@ driverkit images [flags] ``` --architecture string target architecture for the built driver, one of [amd64,arm64] (default "amd64") - --builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used. + --builderimage string docker image to be used to build the kernel module. If not provided, an automatically selected image will be used. --builderrepo strings list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:, name:, arch: , tag: , gcc_versions: [ ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder]) -c, --config string config file path (default $HOME/.driverkit.yaml if exists) --driverversion string driver version as a git commit hash or as a git tag (default "master") @@ -25,7 +25,6 @@ driverkit images [flags] --moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco") --moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco") --output-module string filepath where to save the resulting kernel module - --output-probe string filepath where to save the resulting eBPF probe --proxy string the proxy to use to download data --registry-name string registry name to which authenticate --registry-password string registry password @@ -39,5 +38,5 @@ driverkit images [flags] ### SEE ALSO -* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules and eBPF probes. +* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules. diff --git a/docs/driverkit_kubernetes-in-cluster.md b/docs/driverkit_kubernetes-in-cluster.md index 5a95597a..e52df4c3 100644 --- a/docs/driverkit_kubernetes-in-cluster.md +++ b/docs/driverkit_kubernetes-in-cluster.md @@ -1,6 +1,6 @@ ## driverkit kubernetes-in-cluster -Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster. +Build Falco kernel modules against a Kubernetes cluster inside a Kubernetes cluster. ``` driverkit kubernetes-in-cluster [flags] @@ -10,7 +10,7 @@ driverkit kubernetes-in-cluster [flags] ``` --architecture string target architecture for the built driver, one of [amd64,arm64] (default "amd64") - --builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used. + --builderimage string docker image to be used to build the kernel module. If not provided, an automatically selected image will be used. --builderrepo strings list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:, name:, arch: , tag: , gcc_versions: [ ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder]) -c, --config string config file path (default $HOME/.driverkit.yaml if exists) --driverversion string driver version as a git commit hash or as a git tag (default "master") @@ -27,7 +27,6 @@ driverkit kubernetes-in-cluster [flags] --moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco") -n, --namespace string If present, the namespace scope for the pods and its config (default "default") --output-module string filepath where to save the resulting kernel module - --output-probe string filepath where to save the resulting eBPF probe --proxy string the proxy to use to download data --registry-name string registry name to which authenticate --registry-password string registry password @@ -42,5 +41,5 @@ driverkit kubernetes-in-cluster [flags] ### SEE ALSO -* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules and eBPF probes. +* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules. diff --git a/docs/driverkit_kubernetes.md b/docs/driverkit_kubernetes.md index 5cb28798..f4099f3b 100644 --- a/docs/driverkit_kubernetes.md +++ b/docs/driverkit_kubernetes.md @@ -1,6 +1,6 @@ ## driverkit kubernetes -Build Falco kernel modules and eBPF probes against a Kubernetes cluster. +Build Falco kernel modules against a Kubernetes cluster. ``` driverkit kubernetes [flags] @@ -13,7 +13,7 @@ driverkit kubernetes [flags] --as string username to impersonate for the operation, user could be a regular user or a service account in a namespace --as-group stringArray group to impersonate for the operation, this flag can be repeated to specify multiple groups --as-uid string uID to impersonate for the operation - --builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used. + --builderimage string docker image to be used to build the kernel module. If not provided, an automatically selected image will be used. --builderrepo strings list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:, name:, arch: , tag: , gcc_versions: [ ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder]) --cache-dir string default cache directory (default "$HOME/.kube/cache") --certificate-authority string path to a cert file for the certificate authority @@ -39,7 +39,6 @@ driverkit kubernetes [flags] --moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco") -n, --namespace string If present, the namespace scope for the pods and its config (default "default") --output-module string filepath where to save the resulting kernel module - --output-probe string filepath where to save the resulting eBPF probe --proxy string the proxy to use to download data --registry-name string registry name to which authenticate --registry-password string registry password @@ -59,5 +58,5 @@ driverkit kubernetes [flags] ### SEE ALSO -* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules and eBPF probes. +* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules. diff --git a/docs/driverkit_local.md b/docs/driverkit_local.md index d7a1bf10..85d5fda9 100644 --- a/docs/driverkit_local.md +++ b/docs/driverkit_local.md @@ -1,6 +1,6 @@ ## driverkit local -Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang. +Build Falco kernel modules in local env with local kernel sources and gcc/clang. ``` driverkit local [flags] @@ -22,7 +22,6 @@ driverkit local [flags] --moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco") --moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco") --output-module string filepath where to save the resulting kernel module - --output-probe string filepath where to save the resulting eBPF probe --repo-name string repository github name (default "libs") --repo-org string repository github organization (default "falcosecurity") --src-dir string Enforce usage of local source dir to build drivers. @@ -32,5 +31,5 @@ driverkit local [flags] ### SEE ALSO -* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules and eBPF probes. +* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules. diff --git a/pkg/driverbuilder/builder/build.go b/pkg/driverbuilder/builder/build.go index 650b0a48..11d0fd29 100644 --- a/pkg/driverbuilder/builder/build.go +++ b/pkg/driverbuilder/builder/build.go @@ -17,9 +17,10 @@ package builder import ( "context" "fmt" - "github.com/falcosecurity/falcoctl/pkg/output" "strings" + "github.com/falcosecurity/falcoctl/pkg/output" + "github.com/falcosecurity/driverkit/pkg/kernelrelease" "oras.land/oras-go/v2/registry/remote/auth" ) @@ -35,7 +36,6 @@ type Build struct { DriverVersion string Architecture string ModuleFilePath string - ProbeFilePath string ModuleDriverName string ModuleDeviceName string BuilderImage string diff --git a/pkg/driverbuilder/builder/builders.go b/pkg/driverbuilder/builder/builders.go index ed51df37..ab659281 100644 --- a/pkg/driverbuilder/builder/builders.go +++ b/pkg/driverbuilder/builder/builders.go @@ -19,13 +19,14 @@ import ( _ "embed" "errors" "fmt" - "github.com/falcosecurity/falcoctl/pkg/output" "net/http" "net/url" "path" "strings" "text/template" + "github.com/falcosecurity/falcoctl/pkg/output" + "github.com/blang/semver/v4" "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) @@ -41,7 +42,6 @@ const ( -DENABLE_DRIVERS_TESTS=Off \ -DDRIVER_NAME=%s \ -DPROBE_NAME=%s \ - -DBUILD_BPF=On \ -DDRIVER_VERSION=%s \ -DPROBE_VERSION=%s \ -DGIT_COMMIT=%s \ @@ -56,7 +56,7 @@ var libsDownloadTemplate string var HeadersNotFoundErr = errors.New("kernel headers not found") -// Config contains all the configurations needed to build the kernel module or the eBPF probe. +// Config contains all the configurations needed to build the kernel module. type Config struct { DriverName string DeviceName string @@ -68,16 +68,11 @@ func (c Config) ToDriverFullPath() string { return path.Join(DriverDirectory, "build", "driver", fmt.Sprintf("%s.ko", c.DriverName)) } -func (c Config) ToProbeFullPath() string { - return path.Join(DriverDirectory, "build", "driver", "bpf", "probe.o") -} - type commonTemplateData struct { DriverBuildDir string ModuleDriverName string ModuleFullPath string BuildModule bool - BuildProbe bool GCCVersion string CmakeCmd string } @@ -383,7 +378,6 @@ func (c Config) toTemplateData(b Builder, kr kernelrelease.KernelRelease) common ModuleDriverName: c.DriverName, ModuleFullPath: c.ToDriverFullPath(), BuildModule: len(c.ModuleFilePath) > 0, - BuildProbe: len(c.ProbeFilePath) > 0, GCCVersion: c.GCCVersion, CmakeCmd: fmt.Sprintf(cmakeCmdFmt, c.DriverName, diff --git a/pkg/driverbuilder/builder/local.go b/pkg/driverbuilder/builder/local.go index 9d8ac77b..07267411 100644 --- a/pkg/driverbuilder/builder/local.go +++ b/pkg/driverbuilder/builder/local.go @@ -3,8 +3,9 @@ package builder import ( _ "embed" "fmt" - "github.com/falcosecurity/driverkit/pkg/kernelrelease" "path/filepath" + + "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) // NOTE: since this is only used by local build, @@ -60,7 +61,6 @@ func (l *LocalBuilder) TemplateData(c Config, kr kernelrelease.KernelRelease) in ModuleDriverName: c.DriverName, ModuleFullPath: l.GetModuleFullPath(c, kr), BuildModule: len(c.ModuleFilePath) > 0, - BuildProbe: len(c.ProbeFilePath) > 0, GCCVersion: l.GccPath, CmakeCmd: fmt.Sprintf(cmakeCmdFmt, c.DriverName, @@ -90,13 +90,6 @@ func (l *LocalBuilder) GetModuleFullPath(c Config, kr kernelrelease.KernelReleas return c.ToDriverFullPath() } -func (l *LocalBuilder) GetProbeFullPath(c Config) string { - if l.SrcDir != "" { - return filepath.Join(l.SrcDir, "bpf", "probe.o") - } - return c.ToProbeFullPath() -} - func (l *LocalBuilder) GetDriverBuildDir() string { driverBuildDir := DriverDirectory if l.SrcDir != "" { diff --git a/pkg/driverbuilder/builder/templates/alinux.sh b/pkg/driverbuilder/builder/templates/alinux.sh index 75208d2a..9854b05d 100644 --- a/pkg/driverbuilder/builder/templates/alinux.sh +++ b/pkg/driverbuilder/builder/templates/alinux.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/almalinux.sh b/pkg/driverbuilder/builder/templates/almalinux.sh index 75208d2a..9854b05d 100644 --- a/pkg/driverbuilder/builder/templates/almalinux.sh +++ b/pkg/driverbuilder/builder/templates/almalinux.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/amazonlinux.sh b/pkg/driverbuilder/builder/templates/amazonlinux.sh index 4997a47d..2a85c072 100644 --- a/pkg/driverbuilder/builder/templates/amazonlinux.sh +++ b/pkg/driverbuilder/builder/templates/amazonlinux.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/archlinux.sh b/pkg/driverbuilder/builder/templates/archlinux.sh index 75208d2a..9854b05d 100644 --- a/pkg/driverbuilder/builder/templates/archlinux.sh +++ b/pkg/driverbuilder/builder/templates/archlinux.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/centos.sh b/pkg/driverbuilder/builder/templates/centos.sh index e620a82a..8ed69da3 100644 --- a/pkg/driverbuilder/builder/templates/centos.sh +++ b/pkg/driverbuilder/builder/templates/centos.sh @@ -34,9 +34,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/debian.sh b/pkg/driverbuilder/builder/templates/debian.sh index 75208d2a..9854b05d 100644 --- a/pkg/driverbuilder/builder/templates/debian.sh +++ b/pkg/driverbuilder/builder/templates/debian.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/fedora.sh b/pkg/driverbuilder/builder/templates/fedora.sh index 75208d2a..9854b05d 100644 --- a/pkg/driverbuilder/builder/templates/fedora.sh +++ b/pkg/driverbuilder/builder/templates/fedora.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/flatcar.sh b/pkg/driverbuilder/builder/templates/flatcar.sh index 75208d2a..9854b05d 100644 --- a/pkg/driverbuilder/builder/templates/flatcar.sh +++ b/pkg/driverbuilder/builder/templates/flatcar.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/local.sh b/pkg/driverbuilder/builder/templates/local.sh index ce344d3d..aab7a942 100644 --- a/pkg/driverbuilder/builder/templates/local.sh +++ b/pkg/driverbuilder/builder/templates/local.sh @@ -22,7 +22,7 @@ # set -xeo pipefail -{{ if or .BuildProbe (and .BuildModule (not .UseDKMS)) }} +{{ if and .BuildModule (not .UseDKMS) }} cd {{ .DriverBuildDir }} {{ if .DownloadSrc }} echo "* Configuring sources with cmake" @@ -58,23 +58,3 @@ strip -g {{ .ModuleFullPath }} modinfo {{ .ModuleFullPath }} {{ end }} {{ end }} - -{{ if .BuildProbe }} -echo "* Building eBPF probe" -if [ ! -d /sys/kernel/debug/tracing ]; then - echo "* Mounting debugfs" - # Do not fail if this fails. - mount -t debugfs nodev /sys/kernel/debug || : -fi - -{{ if .DownloadSrc }} -# Build the eBPF probe - cmake configured -make bpf -ls -l driver/bpf/probe.o -{{ else }} -# Build the eBPF probe - preconfigured sources -cd bpf -make -ls -l probe.o -{{ end }} -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/opensuse.sh b/pkg/driverbuilder/builder/templates/opensuse.sh index 75208d2a..9854b05d 100644 --- a/pkg/driverbuilder/builder/templates/opensuse.sh +++ b/pkg/driverbuilder/builder/templates/opensuse.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/oracle.sh b/pkg/driverbuilder/builder/templates/oracle.sh index 75208d2a..9854b05d 100644 --- a/pkg/driverbuilder/builder/templates/oracle.sh +++ b/pkg/driverbuilder/builder/templates/oracle.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/photonos.sh b/pkg/driverbuilder/builder/templates/photonos.sh index 75208d2a..9854b05d 100644 --- a/pkg/driverbuilder/builder/templates/photonos.sh +++ b/pkg/driverbuilder/builder/templates/photonos.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/redhat.sh b/pkg/driverbuilder/builder/templates/redhat.sh index 75208d2a..9854b05d 100644 --- a/pkg/driverbuilder/builder/templates/redhat.sh +++ b/pkg/driverbuilder/builder/templates/redhat.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/rocky.sh b/pkg/driverbuilder/builder/templates/rocky.sh index 75208d2a..9854b05d 100644 --- a/pkg/driverbuilder/builder/templates/rocky.sh +++ b/pkg/driverbuilder/builder/templates/rocky.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/sles.sh b/pkg/driverbuilder/builder/templates/sles.sh index 75208d2a..9854b05d 100644 --- a/pkg/driverbuilder/builder/templates/sles.sh +++ b/pkg/driverbuilder/builder/templates/sles.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/ubuntu.sh b/pkg/driverbuilder/builder/templates/ubuntu.sh index a8730570..9854b05d 100644 --- a/pkg/driverbuilder/builder/templates/ubuntu.sh +++ b/pkg/driverbuilder/builder/templates/ubuntu.sh @@ -33,9 +33,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} diff --git a/pkg/driverbuilder/builder/templates/vanilla.sh b/pkg/driverbuilder/builder/templates/vanilla.sh index acd7896c..383af8f7 100644 --- a/pkg/driverbuilder/builder/templates/vanilla.sh +++ b/pkg/driverbuilder/builder/templates/vanilla.sh @@ -35,9 +35,3 @@ strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} - -{{ if .BuildProbe }} -# Build the eBPF probe -make bpf -ls -l driver/bpf/probe.o -{{ end }} diff --git a/pkg/driverbuilder/docker.go b/pkg/driverbuilder/docker.go index ffabec09..bd0990c4 100644 --- a/pkg/driverbuilder/docker.go +++ b/pkg/driverbuilder/docker.go @@ -323,13 +323,6 @@ chmod +x /driverkit/driverkit.sh bp.Logger.Info("kernel module available", bp.Logger.Args("path", b.ModuleFilePath)) } - if len(b.ProbeFilePath) > 0 { - if err := copyFromContainer(ctx, cli, cdata.ID, c.ToProbeFullPath(), b.ProbeFilePath); err != nil { - return err - } - bp.Logger.Info("eBPF probe available", bp.Logger.Args("path", b.ProbeFilePath)) - } - return nil } diff --git a/pkg/driverbuilder/kubernetes.go b/pkg/driverbuilder/kubernetes.go index 66d1a711..aef79880 100644 --- a/pkg/driverbuilder/kubernetes.go +++ b/pkg/driverbuilder/kubernetes.go @@ -20,11 +20,12 @@ import ( "encoding/base64" "errors" "fmt" - "github.com/falcosecurity/falcoctl/pkg/output" - "k8s.io/cli-runtime/pkg/genericiooptions" "os" "time" + "github.com/falcosecurity/falcoctl/pkg/output" + "k8s.io/cli-runtime/pkg/genericiooptions" + "github.com/falcosecurity/driverkit/pkg/signals" "github.com/falcosecurity/driverkit/pkg/driverbuilder/builder" @@ -127,10 +128,6 @@ func (bp *KubernetesBuildProcessor) Start(b *builder.Build) error { res = fmt.Sprintf("%s\n%s", "touch "+moduleLockFile, res) res = fmt.Sprintf("%s\n%s", res, "rm "+moduleLockFile) } - if c.ProbeFilePath != "" { - res = fmt.Sprintf("%s\n%s", "touch "+probeLockFile, res) - res = fmt.Sprintf("%s\n%s", res, "rm "+probeLockFile) - } // Append a script to the entrypoint to wait // for the module to be ready before exiting PID 1 @@ -258,10 +255,10 @@ func (bp *KubernetesBuildProcessor) Start(b *builder.Build) error { return err } defer podClient.Delete(ctx, pod.Name, metav1.DeleteOptions{}) - return bp.copyModuleAndProbeFromPodWithUID(ctx, c, b, namespace, string(uid)) + return bp.copyModuleFromPodWithUID(ctx, c, b, namespace, string(uid)) } -func (bp *KubernetesBuildProcessor) copyModuleAndProbeFromPodWithUID(ctx context.Context, c builder.Config, build *builder.Build, namespace string, falcoBuilderUID string) error { +func (bp *KubernetesBuildProcessor) copyModuleFromPodWithUID(ctx context.Context, c builder.Config, build *builder.Build, namespace string, falcoBuilderUID string) error { namespacedClient := bp.coreV1Client.Pods(namespace) watch, err := namespacedClient.Watch(ctx, metav1.ListOptions{ LabelSelector: fmt.Sprintf("%s=%s", falcoBuilderUIDLabel, falcoBuilderUID), @@ -288,7 +285,7 @@ func (bp *KubernetesBuildProcessor) copyModuleAndProbeFromPodWithUID(ctx context continue } if p.Status.Phase == corev1.PodRunning { - bp.Logger.Info("start downloading module and probe from pod", + bp.Logger.Info("start downloading module from pod", bp.Logger.Args(falcoBuilderUIDLabel, falcoBuilderUID)) if c.ModuleFilePath != "" { err = copySingleFileFromPod(c.ModuleFilePath, bp.coreV1Client, bp.clientConfig, p.Namespace, p.Name, c.ToDriverFullPath(), moduleLockFile) @@ -297,13 +294,6 @@ func (bp *KubernetesBuildProcessor) copyModuleAndProbeFromPodWithUID(ctx context } bp.Logger.Info("Kernel Module extraction successful") } - if c.ProbeFilePath != "" { - err = copySingleFileFromPod(c.ProbeFilePath, bp.coreV1Client, bp.clientConfig, p.Namespace, p.Name, c.ToProbeFullPath(), probeLockFile) - if err != nil { - return err - } - bp.Logger.Info("Probe Module extraction successful") - } err = unlockPod(bp.coreV1Client, bp.clientConfig, p) if err != nil { return err diff --git a/pkg/driverbuilder/local.go b/pkg/driverbuilder/local.go index 8bf4d31d..d39aff54 100644 --- a/pkg/driverbuilder/local.go +++ b/pkg/driverbuilder/local.go @@ -7,14 +7,15 @@ import ( _ "embed" "errors" "fmt" - "github.com/falcosecurity/driverkit/pkg/driverbuilder/builder" - "github.com/falcosecurity/falcoctl/pkg/output" "io" "os" "os/exec" "os/user" "path/filepath" "time" + + "github.com/falcosecurity/driverkit/pkg/driverbuilder/builder" + "github.com/falcosecurity/falcoctl/pkg/output" ) const ( @@ -155,9 +156,8 @@ func (lbp *LocalBuildProcessor) Start(b *builder.Build) error { vv.SrcDir = lbp.srcDir vv.UseDKMS = lbp.useDKMS - // Fetch paths were kmod and probe will be built + // Fetch paths were kmod will be built srcModulePath := vv.GetModuleFullPath(c, kr) - srcProbePath := vv.GetProbeFullPath(c) if len(lbp.srcDir) == 0 { lbp.Logger.Info("Downloading driver sources") @@ -177,9 +177,6 @@ func (lbp *LocalBuildProcessor) Start(b *builder.Build) error { if c.ModuleFilePath != "" { lbp.Logger.Info("Trying to dkms install module.", lbp.Logger.Args("gcc", gcc)) } - if c.ProbeFilePath != "" { - lbp.Logger.Info("Trying to build eBPF probe.") - } // Generate the build script from the builder driverkitScript, err := builder.Script(v, c, kr) @@ -201,25 +198,12 @@ func (lbp *LocalBuildProcessor) Start(b *builder.Build) error { lbp.DefaultText.Print(string(out)) } - // If we built the probe, disable its build for subsequent attempts (with other available gccs) - if c.ProbeFilePath != "" { - if _, err = os.Stat(srcProbePath); !os.IsNotExist(err) { - if err = copyDataToLocalPath(srcProbePath, c.ProbeFilePath); err != nil { - return err - } - lbp.Logger.Info("eBPF probe available.", lbp.Logger.Args("path", c.ProbeFilePath)) - c.ProbeFilePath = "" - } - } - // If we received an error, perhaps we just need to try another build for the kmod. // Check if we were able to build anything. if c.ModuleFilePath != "" { koFiles, err := filepath.Glob(srcModulePath) if err == nil && len(koFiles) > 0 { - // Since only kmod might need to get rebuilt - // with another gcc, break here if we actually built the kmod, - // since we already checked ebpf build status. + // Since only kmod might need to get rebuilt with another gcc, break here if we actually built the kmod. if err = copyDataToLocalPath(koFiles[0], c.ModuleFilePath); err != nil { return err } @@ -245,8 +229,8 @@ func (lbp *LocalBuildProcessor) Start(b *builder.Build) error { } } - if c.ModuleFilePath != "" || c.ProbeFilePath != "" { - return errors.New("failed to build all requested drivers") + if c.ModuleFilePath != "" { + return errors.New("failed to build requested driver") } return nil } diff --git a/pkg/driverbuilder/templates.go b/pkg/driverbuilder/templates.go index a413e231..620dd4d0 100644 --- a/pkg/driverbuilder/templates.go +++ b/pkg/driverbuilder/templates.go @@ -32,10 +32,9 @@ rm -f /tmp/download.lock ` const moduleLockFile = "/tmp/module.lock" -const probeLockFile = "/tmp/probe.lock" -// waitForLockAndCat MUST only output the file, any other output will break -// the download file itself because it goes trough stdout +// waitForLockAndCat MUST only output the file, any other output will break the download file itself because it goes +// through stdout. var waitForLockAndCat = ` while true; do if [ -f "$2" ]; then diff --git a/pkg/kernelrelease/kernelrelease.go b/pkg/kernelrelease/kernelrelease.go index aeca58d7..2b414b93 100644 --- a/pkg/kernelrelease/kernelrelease.go +++ b/pkg/kernelrelease/kernelrelease.go @@ -49,18 +49,10 @@ var supportedArchsSlice []string // is supported, depending on the architecture. // See compatibility matrix: https://falco.org/docs/event-sources/drivers/ var moduleMinKernelVersion = map[Architecture]semver.Version{ - ArchitectureAmd64: semver.MustParse("2.6.0"), + ArchitectureAmd64: semver.MustParse("3.10.0"), ArchitectureArm64: semver.MustParse("3.16.0"), } -// Represents the minimum kernel version for which building the probe -// is supported, depending on the architecture. -// See compatibility matrix: https://falco.org/docs/event-sources/drivers/ -var probeMinKernelVersion = map[Architecture]semver.Version{ - ArchitectureAmd64: semver.MustParse("4.14.0"), - ArchitectureArm64: semver.MustParse("4.17.0"), -} - func init() { i := 0 supportedArchsSlice = make([]string, len(SupportedArchs)) @@ -95,7 +87,7 @@ func (a Architecture) String() string { // NOTE: we cannot fetch Architecture from kernel string // because it is not always provided. // Instead, rely on the global option -// (it it set for builders in kernelReleaseFromBuildConfig()) +// (it is set for builders in kernelReleaseFromBuildConfig()) type KernelRelease struct { Fullversion string semver.Version @@ -143,10 +135,6 @@ func (k *KernelRelease) SupportsModule() bool { return k.GTE(moduleMinKernelVersion[k.Architecture]) } -func (k *KernelRelease) SupportsProbe() bool { - return k.GTE(probeMinKernelVersion[k.Architecture]) -} - func (k *KernelRelease) String() string { return fmt.Sprintf("%s%s", k.Fullversion, k.FullExtraversion) } diff --git a/pkg/kernelrelease/kernelrelease_test.go b/pkg/kernelrelease/kernelrelease_test.go index 84fb7788..a38f0bfb 100644 --- a/pkg/kernelrelease/kernelrelease_test.go +++ b/pkg/kernelrelease/kernelrelease_test.go @@ -290,8 +290,6 @@ func TestSupportsModule(t *testing.T) { Version: semver.Version{Major: 3, Minor: 15, Patch: 99}, Architecture: ArchitectureArm64, }, - } - supported := []KernelRelease{ { Version: semver.Version{Major: 2, Minor: 6, Patch: 0}, Architecture: ArchitectureAmd64, @@ -304,6 +302,8 @@ func TestSupportsModule(t *testing.T) { Version: semver.Version{Major: 3, Minor: 0, Patch: 0}, Architecture: ArchitectureAmd64, }, + } + supported := []KernelRelease{ { Version: semver.Version{Major: 5, Minor: 0, Patch: 0}, Architecture: ArchitectureAmd64, @@ -333,65 +333,3 @@ func TestSupportsModule(t *testing.T) { } } } - -func TestSupportsProbe(t *testing.T) { - unsupported := []KernelRelease{ - { - Version: semver.Version{Major: 4, Minor: 13, Patch: 0}, - Architecture: ArchitectureAmd64, - }, - { - Version: semver.Version{Major: 4, Minor: 13, Patch: 99}, - Architecture: ArchitectureAmd64, - }, - { - Version: semver.Version{Major: 4, Minor: 14, Patch: 0}, - Architecture: ArchitectureArm64, - }, - { - Version: semver.Version{Major: 4., Minor: 16, Patch: 0}, - Architecture: ArchitectureArm64, - }, - { - Version: semver.Version{Major: 4, Minor: 16, Patch: 99}, - Architecture: ArchitectureArm64, - }, - } - supported := []KernelRelease{ - { - Version: semver.Version{Major: 4, Minor: 14, Patch: 0}, - Architecture: ArchitectureAmd64, - }, - { - Version: semver.Version{Major: 4, Minor: 14, Patch: 1}, - Architecture: ArchitectureAmd64, - }, - { - Version: semver.Version{Major: 5, Minor: 0, Patch: 0}, - Architecture: ArchitectureAmd64, - }, - { - Version: semver.Version{Major: 4, Minor: 17, Patch: 0}, - Architecture: ArchitectureArm64, - }, - { - Version: semver.Version{Major: 4, Minor: 17, Patch: 1}, - Architecture: ArchitectureArm64, - }, - { - Version: semver.Version{Major: 5, Minor: 0, Patch: 0}, - Architecture: ArchitectureArm64, - }, - } - - for _, r := range unsupported { - if r.SupportsProbe() { - t.Errorf("building probe should not be supported in kernel version %s", r.String()) - } - } - for _, r := range supported { - if !r.SupportsProbe() { - t.Errorf("building probe should be supported in kernel version %s", r.String()) - } - } -} diff --git a/test/aarch64/configs/al2.yaml b/test/aarch64/configs/al2.yaml index 58f1d6fa..2173cd5f 100644 --- a/test/aarch64/configs/al2.yaml +++ b/test/aarch64/configs/al2.yaml @@ -7,4 +7,3 @@ kernelurls: [ architecture: arm64 output: module: /tmp/amazonlinux2_aarch64.ko - probe: /tmp/amazonlinux2_aarch64.o diff --git a/test/aarch64/configs/centos.yaml b/test/aarch64/configs/centos.yaml index 23617329..d0b3e449 100644 --- a/test/aarch64/configs/centos.yaml +++ b/test/aarch64/configs/centos.yaml @@ -7,4 +7,3 @@ kernelurls: [ architecture: arm64 output: module: /tmp/centos_aarch64.ko - probe: /tmp/centos_aarch64.o diff --git a/test/aarch64/configs/debian.yaml b/test/aarch64/configs/debian.yaml index 163d5795..524b8592 100644 --- a/test/aarch64/configs/debian.yaml +++ b/test/aarch64/configs/debian.yaml @@ -9,4 +9,3 @@ kernelurls: [ architecture: arm64 output: module: /tmp/debian_aarch64.ko - probe: /tmp/debian_aarch64.o diff --git a/test/x86_64/configs/al2.yaml b/test/x86_64/configs/al2.yaml index 9fdae385..89c0daf2 100644 --- a/test/x86_64/configs/al2.yaml +++ b/test/x86_64/configs/al2.yaml @@ -6,4 +6,3 @@ kernelurls: [ ] output: module: /tmp/amazonlinux2_x86_64.ko - probe: /tmp/amazonlinux2_x86_64.o diff --git a/test/x86_64/configs/debian.yaml b/test/x86_64/configs/debian.yaml index db1f989d..c87d36c8 100644 --- a/test/x86_64/configs/debian.yaml +++ b/test/x86_64/configs/debian.yaml @@ -8,4 +8,3 @@ kernelurls: [ ] output: module: /tmp/debian_x86_64.ko - probe: /tmp/debian_x86_64.o diff --git a/test/x86_64/configs/ubuntu.yaml b/test/x86_64/configs/ubuntu.yaml index 8e6fb93d..3065236a 100644 --- a/test/x86_64/configs/ubuntu.yaml +++ b/test/x86_64/configs/ubuntu.yaml @@ -7,4 +7,3 @@ kernelurls: [ ] output: module: /tmp/ubuntu_x86_64.ko - probe: /tmp/ubuntu_x86_64.o diff --git a/test/x86_64/configs/ubuntu_aws.yaml b/test/x86_64/configs/ubuntu_aws.yaml index 1485683c..255d2c2c 100644 --- a/test/x86_64/configs/ubuntu_aws.yaml +++ b/test/x86_64/configs/ubuntu_aws.yaml @@ -7,4 +7,3 @@ kernelurls: [ ] output: module: /tmp/ubuntu-aws_x86_64.ko - probe: /tmp/ubuntu-aws_x86_64.o diff --git a/validate/validate.go b/validate/validate.go index 7de87c5e..bbe2e91d 100644 --- a/validate/validate.go +++ b/validate/validate.go @@ -179,19 +179,6 @@ func init() { }, ) - V.RegisterTranslation( - "required_without", - T, - func(ut ut.Translator) error { - return ut.Add("required_without", "{0} is required when {1} is missing", true) - }, - func(ut ut.Translator, fe validator.FieldError) string { - t, _ := ut.T(fe.Tag(), fe.Field(), strings.ToLower(fe.Param())) - - return t - }, - ) - V.RegisterTranslation( "endswith", T,