falcosecurity · poiana · Dec 11, 2023 · Nov 9, 2023 · Nov 9, 2023 · Nov 10, 2023
diff --git a/cmake/modules/falcoctl.cmake b/cmake/modules/falcoctl.cmake
@@ -16,14 +16,14 @@ include(ExternalProject)
 
 string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} FALCOCTL_SYSTEM_NAME)
 
-set(FALCOCTL_VERSION "0.6.2")
+set(FALCOCTL_VERSION "0.7.0-beta4")
 
 if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
     set(FALCOCTL_SYSTEM_PROC_GO "amd64")
-    set(FALCOCTL_HASH "2d06d7577dbae91fb085f71477ff6e22076a815978bddd036984fa077236a515")
+    set(FALCOCTL_HASH "16b431cdd918e1b001e687a9318c3b9ed24e630e55893f88b1db69e530aec905")
 else() # aarch64
     set(FALCOCTL_SYSTEM_PROC_GO "arm64")
-    set(FALCOCTL_HASH "0b711a1b3499f479d999f4f4d2c94fc4f0bc23a2506711b613e6eedb0593631b")
+    set(FALCOCTL_HASH "ab614c900e8813bf873762fe99fc1f902b154f0f520faff7231919369ef3c984")
 endif()
 
 ExternalProject_Add(

diff --git a/docker/driver-loader-legacy/docker-entrypoint.sh b/docker/driver-loader-legacy/docker-entrypoint.sh
@@ -18,6 +18,28 @@
 #
 
 
+print_usage() {
+	echo ""
+	echo "Usage:"
+	echo "  falco-driver-loader [driver] [options]"
-	echo "  falco-driver-loader [driver] [options]"
+	echo "  falco-driver-loader [driver] [options]"
-	echo "  falco-driver-loader [driver] [options]"
+	echo "  falco-driver-loader [driver] [options]"
+	echo ""
+	echo "Available drivers:"
+	echo "  kmod           kernel module (default)"
+	echo "  ebpf           eBPF probe"
+	echo ""
+	echo "Options:"
+	echo "  --help         show this help message"
+	echo "  --clean        try to remove an already present driver installation"
+	echo "  --compile      try to compile the driver locally (default true)"
+	echo "  --download     try to download a prebuilt driver (default true)"
+	echo "  --print-env    skip execution and print env variables for other tools to consume"
+	echo ""
+	echo "Environment variables:"
+	echo "  FALCOCTL_DRIVER_REPOS             specify different URL(s) where to look for prebuilt Falco drivers (comma separated)"
+	echo "  FALCOCTL_DRIVER_NAME              specify a different name for the driver"
+	echo ""
+}
+
 echo "* Setting up /usr/src links from host"
 
 for i in "$HOST_ROOT/usr/src"/*
@@ -26,4 +48,64 @@ do
     ln -s "$i" "/usr/src/$base"
 done
 
-/usr/bin/falco-driver-loader "$@"
+ENABLE_COMPILE="false"
+ENABLE_DOWNLOAD="false"
+has_driver=
+has_opts=
+while test $# -gt 0; do
+	case "$1" in
+		kmod|ebpf)
+			if [ -n "$has_driver" ]; then
+				>&2 echo "Only one driver per invocation"
+				print_usage
+				exit 1
+			else
+				/usr/bin/falcoctl driver config "--type $1"
+				has_driver="true"
+			fi
+			;;
+		-h|--help)
+			print_usage
+			exit 0
+			;;
+		--clean)
+			/usr/bin/falcoctl driver cleanup
+			exit 0
+			;;
+		--compile)
+			ENABLE_COMPILE="true"
+			has_opts="true"
+			;;
+		--download)
+			ENABLE_DOWNLOAD="true"
+			has_opts="true"
+			;;
+		--source-only)
+		    >&2 echo "Support dropped in Falco 0.37.0."
+			print_usage
+			exit 1
+			;;
+		--print-env)
+			/usr/bin/falcoctl driver printenv
+			exit 0
+			;;
+		--*)
+			>&2 echo "Unknown option: $1"
+			print_usage
+			exit 1
+			;;
+		*)
+			>&2 echo "Unknown driver: $1"
+			print_usage
+			exit 1
+			;;
+	esac
+    shift
+done
+
+if [ -z "$has_opts" ]; then
+	ENABLE_COMPILE="true"
+	ENABLE_DOWNLOAD="true"
+fi
+
+/usr/bin/falcoctl driver install --compile=$ENABLE_COMPILE --download=$ENABLE_DOWNLOAD
diff --git a/docker/driver-loader/docker-entrypoint.sh b/docker/driver-loader/docker-entrypoint.sh
@@ -18,6 +18,28 @@
 #
 
 
+print_usage() {
+	echo ""
+	echo "Usage:"
+	echo "  falco-driver-loader [driver] [options]"
+	echo ""
+	echo "Available drivers:"
+	echo "  kmod           kernel module (default)"
+	echo "  ebpf           eBPF probe"
+	echo ""
+	echo "Options:"
+	echo "  --help         show this help message"
+	echo "  --clean        try to remove an already present driver installation"
+	echo "  --compile      try to compile the driver locally (default true)"
+	echo "  --download     try to download a prebuilt driver (default true)"
+	echo "  --print-env    skip execution and print env variables for other tools to consume"
+	echo ""
+	echo "Environment variables:"
+	echo "  FALCOCTL_DRIVER_REPOS             specify different URL(s) where to look for prebuilt Falco drivers (comma separated)"
+	echo "  FALCOCTL_DRIVER_NAME              specify a different name for the driver"
+	echo ""
+}
+
 echo "* Setting up /usr/src links from host"
 
 for i in "$HOST_ROOT/usr/src"/*
@@ -26,4 +48,64 @@ do
     ln -s "$i" "/usr/src/$base"
 done
 
-/usr/bin/falco-driver-loader "$@"
+ENABLE_COMPILE="false"
+ENABLE_DOWNLOAD="false"
+has_driver=
+has_opts=
+while test $# -gt 0; do
+	case "$1" in
+		kmod|ebpf)
+			if [ -n "$has_driver" ]; then
+				>&2 echo "Only one driver per invocation"
+				print_usage
+				exit 1
+			else
+				/usr/bin/falcoctl driver config "--type $1"
+				has_driver="true"
+			fi
+			;;
+		-h|--help)
+			print_usage
+			exit 0
+			;;
+		--clean)
+			/usr/bin/falcoctl driver cleanup
+			exit 0
+			;;
+		--compile)
+			ENABLE_COMPILE="true"
+			has_opts="true"
+			;;
+		--download)
+			ENABLE_DOWNLOAD="true"
+			has_opts="true"
+			;;
+		--source-only)
+		    >&2 echo "Support dropped in Falco 0.37.0."
+			print_usage
+			exit 1
+			;;
+		--print-env)
+			/usr/bin/falcoctl driver printenv
+			exit 0
+			;;
+		--*)
+			>&2 echo "Unknown option: $1"
+			print_usage
+			exit 1
+			;;
+		*)
+			>&2 echo "Unknown driver: $1"
+			print_usage
+			exit 1
+			;;
+	esac
+    shift
+done
+
+if [ -z "$has_opts" ]; then
+	ENABLE_COMPILE="true"
+	ENABLE_DOWNLOAD="true"
+fi
+
+/usr/bin/falcoctl driver install --compile=$ENABLE_COMPILE --download=$ENABLE_DOWNLOAD
diff --git a/docker/falco/docker-entrypoint.sh b/docker/falco/docker-entrypoint.sh
@@ -17,6 +17,29 @@
 # limitations under the License.
 #
 
+
+print_usage() {
+	echo ""
+	echo "Usage:"
+	echo "  falco-driver-loader [driver] [options]"
+	echo ""
+	echo "Available drivers:"
+	echo "  kmod           kernel module (default)"
+	echo "  ebpf           eBPF probe"
+	echo ""
+	echo "Options:"
+	echo "  --help         show this help message"
+	echo "  --clean        try to remove an already present driver installation"
+	echo "  --compile      try to compile the driver locally (default true)"
+	echo "  --download     try to download a prebuilt driver (default true)"
+	echo "  --print-env    skip execution and print env variables for other tools to consume"
+	echo ""
+	echo "Environment variables:"
+	echo "  FALCOCTL_DRIVER_REPOS             specify different URL(s) where to look for prebuilt Falco drivers (comma separated)"
+	echo "  FALCOCTL_DRIVER_NAME              specify a different name for the driver"
+	echo ""
+}
+
 # Set the SKIP_DRIVER_LOADER variable to skip loading the driver
 
 if [[ -z "${SKIP_DRIVER_LOADER}" ]]; then
@@ -29,9 +52,68 @@ if [[ -z "${SKIP_DRIVER_LOADER}" ]]; then
     done
 
     # convert the optional space-separated env variable FALCO_DRIVER_LOADER_OPTIONS to array, prevent 
-    # shell expansion and use it as argument list for falco-driver-loader
+    # shell expansion and use it as argument list for falcoctl
     read -a falco_driver_loader_option_arr <<< $FALCO_DRIVER_LOADER_OPTIONS
-    /usr/bin/falco-driver-loader "${falco_driver_loader_option_arr[@]}"
+
+    ENABLE_COMPILE="false"
+    ENABLE_DOWNLOAD="false"
+    has_driver=
+    has_opts=
+    for opt in "${falco_driver_loader_option_arr[@]}"
+        case "$1" in
+            kmod|ebpf)
+                if [ -n "$has_driver" ]; then
+                    >&2 echo "Only one driver per invocation"
+                    print_usage
+                    exit 1
+                else
+                    /usr/bin/falcoctl driver config "--type $opt"
+                    has_driver="true"
+                fi
+                ;;
+            -h|--help)
+                print_usage
+                exit 0
+                ;;    
+            --clean)
+                /usr/bin/falcoctl driver cleanup
+                exit 0
+                ;;
+            --compile)
+                ENABLE_COMPILE="true"
+                has_opts="true"
+                ;;
+            --download)
+                ENABLE_DOWNLOAD="true"
+                has_opts="true"
+                ;;
+            --source-only)
+                >&2 echo "Support dropped in Falco 0.37.0."
+                print_usage
+                exit 1
+                ;;    
+            --print-env)
+                /usr/bin/falcoctl driver printenv
+                exit 0
+                ;;
+            --*)
+                >&2 echo "Unknown option: $1"
+                print_usage
+                exit 1
+                ;;
+            *)
+                >&2 echo "Unknown driver: $1"
+                print_usage
+                exit 1
+                ;;
+        esac
+    done
+    if [ -z "$has_opts" ]; then
+        ENABLE_COMPILE="true"
+        ENABLE_DOWNLOAD="true"
+    fi
+    /usr/bin/falcoctl driver install --compile=$ENABLE_COMPILE --download=$ENABLE_DOWNLOAD
+
 fi
 
 exec "$@"
diff --git a/docker/no-driver/Dockerfile b/docker/no-driver/Dockerfile
@@ -15,7 +15,7 @@ RUN curl -L -o falco.tar.gz \
     tar -xvf falco.tar.gz && \
     rm -f falco.tar.gz && \
     mv falco-${FALCO_VERSION}-$(uname -m) falco && \
-    rm -rf /falco/usr/src/falco-* /falco/usr/bin/falco-driver-loader
+    rm -rf /falco/usr/src/falco-*
 
 RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /falco/etc/falco/falco.yaml > /falco/etc/falco/falco.yaml.new \
     && mv /falco/etc/falco/falco.yaml.new /falco/etc/falco/falco.yaml

diff --git a/docker/no-driver/Dockerfile.distroless b/docker/no-driver/Dockerfile.distroless
@@ -16,7 +16,7 @@ RUN FALCO_VERSION_URLENCODED=$(echo -n ${FALCO_VERSION}|jq -sRr @uri) && \
     tar -xvf falco.tar.gz && \
     rm -f falco.tar.gz && \
     mv falco-${FALCO_VERSION}-$(uname -m) falco && \
-    rm -rf /falco/usr/src/falco-* /falco/usr/bin/falco-driver-loader
+    rm -rf /falco/usr/src/falco-*
 
 RUN sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < /falco/etc/falco/falco.yaml > /falco/etc/falco/falco.yaml.new \
     && mv /falco/etc/falco/falco.yaml.new /falco/etc/falco/falco.yaml

diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt
@@ -41,17 +41,13 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
 	configure_file(rpm/postinstall.in rpm/postinstall COPYONLY)
 	configure_file(rpm/postuninstall.in rpm/postuninstall COPYONLY)
 	configure_file(rpm/preuninstall.in rpm/preuninstall COPYONLY)
-
-	# driver loader
-	configure_file(falco-driver-loader falco-driver-loader @ONLY)
-	install(PROGRAMS ${PROJECT_BINARY_DIR}/scripts/falco-driver-loader
-		DESTINATION ${FALCO_BIN_DIR} COMPONENT "${FALCO_COMPONENT_NAME}")
 endif()
 
 # Install Falcoctl config file
 if (NOT WIN32 AND NOT APPLE AND NOT EMSCRIPTEN AND NOT MUSL_OPTIMIZED_BUILD)
 	if(NOT DEFINED FALCOCTL_ETC_DIR)
 		set(FALCOCTL_ETC_DIR "${CMAKE_INSTALL_FULL_SYSCONFDIR}/falcoctl")
 	endif()
-	install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/falcoctl/falcoctl.yaml DESTINATION "${FALCOCTL_ETC_DIR}" COMPONENT "${FALCO_COMPONENT_NAME}")
+	configure_file(${CMAKE_CURRENT_SOURCE_DIR}/falcoctl/falcoctl.yaml.in ${PROJECT_BINARY_DIR}/scripts/falcoctl/falcoctl.yaml)
+	install(FILES ${PROJECT_BINARY_DIR}/scripts/falcoctl/falcoctl.yaml DESTINATION "${FALCOCTL_ETC_DIR}" COMPONENT "${FALCO_COMPONENT_NAME}")
 endif()