Closed eminaktas closed 1 year ago
Hi!
If you upgraded the running kernel, Falco driver needs to be upgraded as well (ie: rebuilt).
For the moment, we are not able to provide prebuilt drivers for linux 5.10+, but things will change once https://github.com/falcosecurity/test-infra/pull/868 is merged.
Moreover, as you can see, your kernel is actually discovered by kernel-crawler: https://falcosecurity.github.io/kernel-crawler/?arch=x86_64&target=Ubuntu (search for 5.15.0-46
).
Btw this is more of an issue with Falco than with driverkit, i will transfer it.
On top of what @FedeDP said, I'd also add that pre-built drivers are made available on a best-effort basis, and we support the driver versions of the last 3 releases. This means that starting from Falco 0.33 (available in few days), you'll have to build your kernel module manually. I suggest trying to update to Falco 0.33.0 once it's out, if that's an option for you. Updates about the upcoming release can be found here, in our official communication channels, and during our community calls.
For 5.13.0-39-generic
, upgrading the kernel header to current version fixed the issue: (Thanks to @terylt)
# install the headers
$ sudo apt install linux-headers-$(uname -r)
# ensure correct headers placed there
$ ls /usr/src/
It doesn't need a reboot. But I think this is not a right way to do. It would better to download pre-compiled driver from download.falco.org
.
I think people have open similar issues:
Maybe we should move this issue to troubleshooting guide (if there already) for awareness. Wdyt?
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
/remove-lifecycle rotten
Hi! We do now support building drivers for kernels > 5.10 ;) Is this still an issue?
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Provide feedback via https://github.com/falcosecurity/community. /close
@poiana: Closing this issue.
Describe the bug
Falco stops working after kernel upgrade.
How to reproduce it
Falco was runnnig in a virtual machine with 5.13.0-39-generic kernel version. After, we upgraded the kernel version to 5.15.0-46-generic. Then pods started to failing.
Expected behaviour
We expected to see that Falco should be able to load the kernel driver from
/lib/modules
. However, it couldn't and tries to download it from the this site:https://download.falco.org/driver/3aa7a83bf7b9e6229a3824e3fd1f4452d1e95cb4/falco_ubuntu-generic_5.15.0-46-generic_49.ko
Environment
The versions are taken from a working Falco which was still running on 5.13.0-30-generic kernel.
Additional context