diff --git a/docker/falco/docker-entrypoint.sh b/docker/falco/docker-entrypoint.sh index 8e852fd16f9..38f99ecf9f1 100755 --- a/docker/falco/docker-entrypoint.sh +++ b/docker/falco/docker-entrypoint.sh @@ -32,7 +32,7 @@ if [[ -z "${SKIP_DRIVER_LOADER}" ]] && [[ -z "${SKIP_MODULE_LOAD}" ]]; then ln -s "$i" "/usr/src/$base" done - /usr/bin/falco-driver-loader + /usr/bin/falco-driver-loader ${FALCO_DRIVER_LOADER_ARGS} fi exec "$@" \ No newline at end of file diff --git a/docker/local/docker-entrypoint.sh b/docker/local/docker-entrypoint.sh index 9fc6192709b..4285fa76008 100755 --- a/docker/local/docker-entrypoint.sh +++ b/docker/local/docker-entrypoint.sh @@ -28,7 +28,7 @@ if [[ -z "${SKIP_DRIVER_LOADER}" ]]; then ln -s "$i" "/usr/src/$base" done - /usr/bin/falco-driver-loader + /usr/bin/falco-driver-loader ${FALCO_DRIVER_LOADER_ARGS} fi exec "$@" diff --git a/scripts/falco-driver-loader b/scripts/falco-driver-loader index be727e97457..2643563d899 100755 --- a/scripts/falco-driver-loader +++ b/scripts/falco-driver-loader @@ -158,15 +158,18 @@ load_kernel_module_compile() { echo "make CC=${CURRENT_GCC} \$@" >> /tmp/falco-dkms-make chmod +x /tmp/falco-dkms-make if dkms install --directive="MAKE='/tmp/falco-dkms-make'" -m "${DRIVER_NAME}" -v "${DRIVER_VERSION}" -k "${KERNEL_RELEASE}" 2>/dev/null; then - echo "* ${DRIVER_NAME} module installed in dkms, trying to insmod" - if insmod "/var/lib/dkms/${DRIVER_NAME}/${DRIVER_VERSION}/${KERNEL_RELEASE}/${ARCH}/module/${DRIVER_NAME}.ko" > /dev/null 2>&1; then - echo "* Success: ${DRIVER_NAME} module found and loaded in dkms" + echo "* ${DRIVER_NAME} module installed in dkms, trying to insmod" + if OUTPUT="$(insmod "/var/lib/dkms/${DRIVER_NAME}/${DRIVER_VERSION}/${KERNEL_RELEASE}/${ARCH}/module/${DRIVER_NAME}.ko" "${MODULE_ARGS[@]}" 2>&1)"; then + echo "* Success: ${DRIVER_NAME} module found and loaded in dkms with arguments '${MODULE_ARGS[@]}'" exit 0 - elif insmod "/var/lib/dkms/${DRIVER_NAME}/${DRIVER_VERSION}/${KERNEL_RELEASE}/${ARCH}/module/${DRIVER_NAME}.ko.xz" > /dev/null 2>&1; then - echo "* Success: ${DRIVER_NAME} module found and loaded in dkms (xz)" + else + echo "* Unable to insmod ${DRIVER_NAME} module with arguments '${MODULE_ARGS[@]}': ${OUTPUT}" + fi + if OUTPUT="$(insmod "/var/lib/dkms/${DRIVER_NAME}/${DRIVER_VERSION}/${KERNEL_RELEASE}/${ARCH}/module/${DRIVER_NAME}.ko.xz" "${MODULE_ARGS[@]}" 2>&1)"; then + echo "* Success: ${DRIVER_NAME} module found and loaded in dkms with arguments '${MODULE_ARGS[@]}' (xz)" exit 0 else - echo "* Unable to insmod ${DRIVER_NAME} module" + echo "* Unable to insmod ${DRIVER_NAME} module with arguments '${MODULE_ARGS[@]}' (xz): ${OUTPUT}" fi else DKMS_LOG="/var/lib/dkms/${DRIVER_NAME}/${DRIVER_VERSION}/build/make.log" @@ -192,8 +195,14 @@ load_kernel_module_download() { echo "* Trying to download prebuilt module from ${URL}" if curl -L --create-dirs "${FALCO_DRIVER_CURL_OPTIONS}" -o "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" "${URL}"; then echo "* Download succeeded" - insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" && echo "* Success: ${DRIVER_NAME} module loaded" - exit $? + if OUTPUT="$(insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" "${MODULE_ARGS[@]}")"; then + echo "* Success: ${DRIVER_NAME} module loaded with arguments '${MODULE_ARGS[@]}'" + exit 0 + else + EXIT=$? + echo "* Unable to insmod ${DRIVER_NAME} module with arguments '${MODULE_ARGS[@]}': ${OUTPUT}" + exit $EXIT + fi else >&2 echo "Download failed, consider compiling your own ${DRIVER_NAME} module and loading it or getting in touch with the Falco community" exit 1 @@ -243,10 +252,12 @@ load_kernel_module() { echo "* Trying to load a system ${DRIVER_NAME} driver, if present" - if modprobe "${DRIVER_NAME}" > /dev/null 2>&1; then - echo "* Success: ${DRIVER_NAME} module found and loaded with modprobe" + if OUTPUT="$(modprobe "${DRIVER_NAME}" "${MODULE_ARGS[@]}" 2>&1)"; then + echo "* Success: ${DRIVER_NAME} module found and loaded with modprobe and arguments '${MODULE_ARGS[@]}'" exit 0 - fi + else + echo "* Unable to modprobe ${DRIVER_NAME} module with arguments '${MODULE_ARGS[@]}': ${OUTPUT}" + fi echo "* Trying to find locally a prebuilt ${DRIVER_NAME} module for kernel ${KERNEL_RELEASE}, if present" @@ -257,8 +268,15 @@ load_kernel_module() { if [ -f "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" ]; then echo "* Found a prebuilt module at ${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}, loading it" - insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" && echo "* Success: ${DRIVER_NAME} module loaded" - exit $? + + if OUTPUT="$(insmod "${HOME}/.falco/${FALCO_KERNEL_MODULE_FILENAME}" "${MODULE_ARGS[@]}")"; then + echo "* Success: ${DRIVER_NAME} module loaded with arguments '${MODULE_ARGS[@]}'" + exit 0 + else + EXIT=$? + echo "* Unable to insmod ${DRIVER_NAME} module with arguments '${MODULE_ARGS[@]}': ${OUTPUT}" + exit $EXIT + fi fi if [ -n "$ENABLE_DOWNLOAD" ]; then @@ -462,10 +480,11 @@ print_usage() { echo " bpf eBPF probe" echo "" echo "Options:" - echo " --help show brief help" - echo " --compile try to compile the driver locally" - echo " --download try to download a prebuilt driver" - echo " --source-only skip execution and allow sourcing in another script" + echo " --help show brief help" + echo " --compile try to compile the driver locally" + echo " --download try to download a prebuilt driver" + echo " --source-only skip execution and allow sourcing in another script" + echo " --module-arg PARAM=VAL set module argument (flag can be repeated)" echo "" } @@ -495,6 +514,7 @@ fi ENABLE_COMPILE= ENABLE_DOWNLOAD= +MODULE_ARGS=( ) has_args= has_opts= @@ -530,6 +550,11 @@ while test $# -gt 0; do source_only="true" shift ;; + --module-arg) + shift + MODULE_ARGS+=( "$1" ) + shift + ;; --*) >&2 echo "Unknown option: $1" print_usage @@ -559,7 +584,7 @@ if [ -z "$source_only" ]; then exit 1 fi - echo "* Running falco-driver-loader with: driver=$DRIVER, compile=${ENABLE_COMPILE:-"no"}, download=${ENABLE_DOWNLOAD:-"no"}" + echo "* Running falco-driver-loader with: driver=$DRIVER, compile=${ENABLE_COMPILE:-"no"}, download=${ENABLE_DOWNLOAD:-"no"}, module_args=(${MODULE_ARGS[@]})" case $DRIVER in module) load_kernel_module