how to get a new driver release?

[dwgillies-bluescape]

How do I get a new driver into falco? It is failing with :

• Trying to download a prebuilt falco module from https://download.falco.org/driver/17f5df52a7d9ed6bb12d3b1768460def8439936d/falco_amazonlinux2_5.4.201-111.359.amzn2.x86_64_1.ko

[poiana]

@dwgillies-bluescape: There is not a label identifying the kind of this issue. Please specify it either using /kind <group> or manually from the side menu.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[jasondellaluce]

This driver seems to come from an older commit hash, did you try running the latest version of Falco? Since the last few Falco releases, we are supporting more kernel versions in our drivers.

[dwgillies-bluescape]

Nope, sorry, still no good. We have a govcloud service and are forced by an amazon security advisory to use the very latest Amazon Linux 2, so we rebuilt our AMI on roughly Aug 5th, and are now looking for :

* Looking for a falco module locally (kernel 5.4.204-113.362.amzn2.x86_64)
* Trying to download a prebuilt falco module from https://download.falco.org/driver/2.0.0%2Bdriver/x86_64/falco_amazonlinux2_5.4.204-113.362.amzn2.x86_64_1.ko

I just tried the falco:0.32.2 and falco:latest docker images, and the driver compilation has only advanced up to amazonlinux2_5.4.196, so it's 8 versions behind:

This is one of the first times we are forced to upgrade our kernel by a nessus scan / admazon security advisory. If these advisories come out periodically, and falco is always a month or two behind on amazon linux, then we will have to look for something more up-to-date than falco to monitor our cluster, regrettably. To run a govcloud cluster you must fix serious security flaws in 30d or less.

[dwgillies-bluescape]

@dwgillies-bluescape: There is not a label identifying the kind of this issue. Please specify it either using /kind <group> or manually from the side menu.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@poiana I cannot edit the Issue label BTW.

[dwgillies-bluescape]

Hi, our code is working again, from the driver built at 10:57 GMT today. Thank you for helping us in this matter.

2022-08-12T10:57:23.000Z        3.8 MB         [falco_amazonlinux2_5.4.204-113.362.amzn2.x86_64_1.ko](https://download.falco.org/driver/2.0.0%2Bdriver/x86_64/falco_amazonlinux2_5.4.204-113.362.amzn2.x86_64_1.ko)
2022-08-12T10:57:22.000Z        4.7 MB         [falco_amazonlinux2_5.4.204-113.362.amzn2.x86_64_1.o](https://download.falco.org/driver/2.0.0%2Bdriver/x86_64/falco_amazonlinux2_5.4.204-113.362.amzn2.x86_64_1.o)

[jasondellaluce]

@dwgillies-bluescape great to hear you solved your issue. Can we close this?

For the future I think this kind of issue is more suitable for falcosecurity/falco or falcosecurity/test-infra. Also, we provide kernel driver builds in a best-effort way, and it's almost impossible to have a perfect build matrix with all the most up-to-date kernel flavor versions. falcosecurity/kernel-crawler, of which @FedeDP is a top contributor, mitigates this a lot but sometimes is not enough. If update kernel version very frequently, I would suggest building the drivers on your own. The community is happy to help if you need guidance on this.

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[poiana]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

[poiana]

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community. /close

[poiana]

@poiana: Closing this issue.

In response to [this](https://github.com/falcosecurity/falco-website/issues/662#issuecomment-1376982081): >Rotten issues close after 30d of inactivity. > >Reopen the issue with `/reopen`. > >Mark the issue as fresh with `/remove-lifecycle rotten`. > >Provide feedback via https://github.com/falcosecurity/community. >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.