search

thought-machine / falco-probes

Automated build and mirror of eBPF kernel probes for use as a driver with the Falco runtime security agent (https://falco.org/)
Apache License 2.0
16 stars 4 forks source link

Compilation fails for amazonlinux2 kernel-5.10 #43

Open sHesl opened 3 years ago

sHesl commented 3 years ago

Attempting to compile probes for amazonlinux2 kernel-5.10 errors. Patching driverkit to source packages for 5.10 and attempting a compilation also errors, suggesting an upstream issue. It is possible this will naturally resolve as/if a fix trickles through to us, otherwise, as 5.10 gets more widespread, we should look again at potential fixes in this repo.

VJftw commented 3 years ago

Something I noticed whilst adding support for Ubuntu kernels was that some of the most recent kernels (5.13+) would only build with the most recent version of Falco (0.30.0), so we may need to have some way of mapping which kernel versions are supported per Falco Driver version. Maybe version constraints are good for this (https://www.terraform.io/docs/language/expressions/version-constraints.html#version-constraint-syntax) e.g.

Falco 0.28.1 (5c0b863ddade7a45568c0ac97d037422c9efb750): >= 4.14.0, < 5.10.0
Falco 0.30.0 (3aa7a83bf7b9e6229a3824e3fd1f4452d1e95cb4): >= 4.14.0