Implement Google COS operating system...

thought-machine / falco-probes

Automated build and mirror of eBPF kernel probes for use as a driver with the Falco runtime security agent (https://falco.org/)

Apache License 2.0

16 stars 4 forks source link

Implement Google COS operating system... #56

Closed markchalloner closed 1 year ago

markchalloner commented 1 year ago

... also add hashes to all third party modules.

markchalloner commented 1 year ago

Note, I changed googlecos to cos throughout as this code was building the probe with name falco_googlecos_<release>_<version>.o, however falco-driver-loader uses the /etc/os-release ID variable (cos in Google COS) when building/loading the probe:

...
* Trying to compile the eBPF probe (falco_cos_5.15.65_1.o)
...
* eBPF probe located in /root/.falco/3.0.1+driver/x86_64/falco_cos_5.15.65_1.o
...

markchalloner commented 1 year ago

Slight change to method of writing files into the volume to avoid some command injection 😨

andrewnicolalde commented 1 year ago

👀

markchalloner commented 1 year ago

@sHesl and/or @steakunderscore. Any additional feedback or happy to get this merged in?

Thanks