smijolovic
commented
4 years ago /kind documentation
Closed smijolovic closed 4 years ago
smijolovic
commented
4 years ago /kind documentation
fntlnz
commented
4 years ago Hi @smijolovic thanks for opening this - I believe that our documentation contains what you are asking for:
Documentation to use eBPF support in Falco (no need to be OS specific)
Documentation on how to build the eBPF driver from source, it also have a specific section for CentOS
If you think that we are missing something please be more specific, and contributions are welcome! Documentation changes are the best way to get started in the Falco project.
smijolovic
commented
4 years ago Thank you for the clarity! 'FALCO_BPF_PROBE="/location/of/probe.o" falco' did the trick.
leodido
commented
4 years ago Perfect :)
/close
On Tue, 14 Apr 2020 at 13:39, smijolovic notifications@github.com wrote:
Thank you for the clarity! 'FALCO_BPF_PROBE="/location/of/probe.o" falco' did the trick.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/falcosecurity/falco/issues/1132#issuecomment-613390892, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA5J44XJRECRIAC237B4ITRMRDO7ANCNFSM4MDMDOPQ .
-- L.
poiana
commented
4 years ago @leodido: Closing this issue.
Falco documentation clearly details the steps to build and load the kernel driver (falco-probe.ko).
It states how to build the alternative bpf driver (probe.o), but does not detail the process of how that driver is loaded/installed.
Politely requesting the procedure for the installation on a CentOS host, and for it to be added to the build from source documentation.