Support for Azure Linux

falcosecurity / falco

Cloud Native Runtime Security

https://falco.org

Apache License 2.0

7.16k stars 884 forks source link

Support for Azure Linux #2673

Closed tspearconquest closed 11 months ago

tspearconquest commented 1 year ago

Motivation

We are considering standing up some AKS node pools running Azure Linux instead of Ubuntu in our AKS clusters where Falco is already running. I wanted to check here ahead of time if there is already support. I searched open and closed issues but didn't find anything related.

Feature

If support exists for Azure Linux, please document it. If not, please add support and documentation.

Alternatives

Testing to see if it works. Even in the absence of "official" support, having it work, and knowing in what configurations it does/does not work will be helpful for other users.

Additional context

Azure Linux is the new name for what used to be called CBL Mariner, or just Mariner.

jasondellaluce commented 1 year ago

@FedeDP do you know the status of this with Driverkit and the driver loader?

FedeDP commented 1 year ago

We don't support it. We support ubuntu-azure flavor; never heard of Azure linux before. @tspearconquest can you drop a link to the Azure Linux repo?

Luckily enough we have modern bpf now; it should work just fine if the requirements are met.

tspearconquest commented 1 year ago

https://github.com/microsoft/CBL-Mariner

jemag commented 1 year ago

Been running modern-bpf for a couple weeks on AzureLinux and no issue so far.

tspearconquest commented 1 year ago

Thank you @jemag!

We can close this out as far as I'm concerned, unless @FedeDP would like to document that (at least) the modern BPF probe works there. As long as modern-bpf is supported, I think Falco should consider that "good enough" and call it a supported OS.

WDYT?

Andreagit97 commented 1 year ago

the modern probe should support almost all OS in the wild unless they apply some strange patch directly in the kernel :( so yes we can consider AzureLinux as a supported OS by the modern probe :) I don't remember if we have a place with all OS supported by the modern probe but I don't think so because as I said it should work on almost all machines that support its requirements. We need to keep a list of supported OS for old drivers where we have to build custom drivers for each distro

Andreagit97 commented 11 months ago

i will close it, if there are other issues, please re-open this :)