New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kmod gets compiled for the wrong kernel version #3164
Comments
HI @johananl ! Thanks for opening this issue!
Oh yep, that makes sense.
The latter overlaps a bit with your request since we will then automatically set KERNELDIR (and As a side note, falcoctl driver loader is still designed around building drivers for the running kernel; if you instead want a generic solution, you should rely on driverkit itself: https://github.com/falcosecurity/driverkit |
Thanks for the quick response @FedeDP! I don't have a strong opinion on how to specify the kernel version, I was just looking for some deterministic way to get Falco working for an explicit kernel version (which might not be the running version at times). What would be the best way to achieve that? |
Yep, then i think it would be better to use driverkit for that, as previously stated. NOTE: we can still support |
I was thinking: isn't
that in your example resolves to:
It feels weird that |
I'm no expert around DKMS, but what I'm observing in terms of its behavior is that the |
Mmmh seeing the man page for dkms states:
and
As far as i know,
|
FWIW, I've already worked around the problem in my specific use case so I've opened this issue only for the sake of improving the Falco UX, especially given that I was the one who originally asked to add support for explicit kernel releases so I do feel some responsibility here :-) My bottom line is, if explicit releases are supported, the behavior should be predictable rather than surprising. I'll leave it to you to decide how to proceed, but happy to provide more input/feedback if that helps. |
I fully agree! Still trying to understand why EDIT: i strongly believe we should not be doing anything special for |
Oh wait, you are using |
I was, yes, but I've observed the same behavior with |
Found this: ntop/PF_RING#487 and this: ntop/PF_RING@08d3f9d. Perhaps we miss that |
I can't invest more time in this at the moment @FedeDP. As far as I'm concerned we can close the issue since this specific problem is no longer affecting my use case. I opened it mainly to alert you guys to the fact that we may have a bug here, so I'll leave it up to you to decide if it's worth looking into. Thank you for your help! 🙏 |
Thanks for reporting anyway! |
/milestone TBD |
Describe the bug
In #2728 we've added two flags to
falco-driver-loader
which allow specifying the kernel release and kernel version for which the driver should be compiled.However, turns out that in order for a kmod to be compiled correctly, we also have to populate the
--kernelsourcedir
DKMS flag. Failing to do so results in the kmod being installed under the correct path but compiled for the currently-running kernel.My apologies for the oversight!
How to reproduce it
Install the required packages for a kernel other than the one your Linux instance is currently running as well as the relevant kernel headers:
Don't reboot into the new kernel.
Compile the kmod driver for the newly-installed kernel:
Check the kernel version in the resulting .ko file:
Output:
Expected behaviour
The expected output is
5.15.0-1059-azure
, however the actual version is the currently-running kernel.Screenshots
Environment
Additional context
This problem can be solved by passing
--kernelsourcedir /usr/src/linux-headers-${kernel_release}
to DKMS. In current Falco (v0.37.1) this can be done by setting theKERNELDIR
env var. In Falco v0.36 this is probably unsupported sincefalco-driver-loader
doesn't pass this flag to DKMS.Is there any value in backporting a fix to v0.36, or should we address this only for Falco v0.37 and above?
The text was updated successfully, but these errors were encountered: