Update to falco 0.40.0, adjust as needed to build libs on alpine

Dockerfile.driver.alpine.amd64

@@ -0,0 +1,78 @@
+# syntax = docker/dockerfile:1.0-experimental
+#
+# Copyright (C) 2022 IBM Corporation.
+#
+# Authors:
+# Frederico Araujo <[email protected]>
+# Teryl Taylor <[email protected]>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG FALCO_VER
+ARG FALCO_LIBS_VER
+ARG ALPINE_VER
+
+#-----------------------
+# Stage: mods
+#-----------------------
+FROM sysflowtelemetry/alpine:mods-${FALCO_LIBS_VER}-${FALCO_VER}-${ALPINE_VER} AS mods
+
+#-----------------------
+# Stage: driver
+#-----------------------
+FROM alpine:${ALPINE_VER}  AS driver 
+
+RUN apk add \
+    g++ \
+    gcc \
+    cmake \
+    make \
+    bash \
+    perl \
+    linux-headers \
+    autoconf \
+    automake \
+    m4 \
+    libtool \
+    patch \
+    binutils \
+    flex \
+    bison \
+    wget \
+    patch \
+    curl \
+    clang \
+    llvm \
+    xz  \
+    bc
+
+# environment and args
+ARG INSTALL_PATH=/usr/local/sysflow
+ARG DRIVER_PACKAGE_NAME=falco
+ENV DRIVER_NAME=falco
+ENV DRIVERS_REPO="https://download.falco.org/driver"
+ENV HOST_ROOT=/host
+ENV HOME=/root
+ARG FALCOCTL_VERSION
+
+#install falcoctl
+RUN curl --fail -LS "https://github.com/falcosecurity/falcoctl/releases/download/v${FALCOCTL_VERSION}/falcoctl_${FALCOCTL_VERSION}_linux_amd64.tar.gz" | tar -xz  && \
+		install -o root -g root -m 0755 falcoctl /usr/bin/falcoctl &&  mkdir -p /etc/falco/ && touch /etc/falco/falco.yaml
+
+# copy resources
+COPY --from=mods ${INSTALL_PATH}/modules/bin/docker-entry-ubi.sh /docker-entrypoint.sh
+COPY --from=mods ${INSTALL_PATH}/modules/bin/docker-entrypoint.sh ${INSTALL_PATH}/modules/bin/docker-entrypoint.sh
+COPY --from=mods /usr/src/falco-* /usr/src/
+COPY --from=mods /usr/sbin/dkms /usr/sbin/dkms
+
+ENTRYPOINT ["/docker-entrypoint.sh"]

Makefile

@@ -104,7 +104,7 @@ init:
 build: init docker-base-build docker-mods-build docker-driver-build docker-libs-build docker-collector-build docker-runtime-build
 
 .PHONY: build/musl
-build/musl: init docker-base-build/musl docker-mods-build/musl docker-driver-build docker-libs-build/musl docker-collector-build/musl docker-runtime-build/musl
+build/musl: init docker-base-build/musl docker-mods-build/musl docker-driver-build/musl docker-libs-build/musl docker-collector-build/musl docker-runtime-build/musl
 
 .PHONY: docker-base-build
 docker-base-build:
@@ -126,6 +126,10 @@ docker-mods-build/musl:
 docker-driver-build:
 	( DOCKER_BUILDKIT=1 docker build --secret id=rhuser,src=$(shell pwd)/scripts/build/rhuser --secret id=rhpassword,src=$(shell pwd)/scripts/build/rhpassword --build-arg MAKE_JOBS=${MAKE_JOBS} --build-arg FALCOCTL_VERSION=${FALCOCTL_VERSION} --build-arg UBI_VER=${UBI_VERSION} --build-arg FALCO_VER=${FALCO_VERSION} --build-arg FALCO_LIBS_VER=${FALCO_LIBS_VERSION} --target driver -t sysflowtelemetry/ubi:driver-${FALCO_LIBS_VERSION}-${FALCO_VERSION}-${UBI_VERSION} -f Dockerfile.driver.amd64 . )
 
+.PHONY: docker-driver-build/musl
+docker-driver-build/musl:
+	( DOCKER_BUILDKIT=1 docker build --no-cache --build-arg ALPINE_VER=${ALPINE_VERSION} --build-arg UBI_VER=${UBI_VERSION} --build-arg FALCO_VER=${FALCO_VERSION} --build-arg FALCOCTL_VERSION=${FALCOCTL_VERSION} --build-arg FALCO_LIBS_VER=${FALCO_LIBS_VERSION} --build-arg FALCO_LIBS_DRIVER_VER=${FALCO_LIBS_DRIVER_VERSION} --target driver -t sysflowtelemetry/alpine:driver-${FALCO_LIBS_VERSION}-${FALCO_VERSION}-${UBI_VERSION} -f Dockerfile.driver.alpine.amd64 . )
+
 .PHONY: docker-libs-build
 docker-libs-build:
 	( DOCKER_BUILDKIT=1 docker build --build-arg UBI_VER=${UBI_VERSION} --build-arg ARCH=${ARCH} --build-arg FALCO_VER=${FALCO_VERSION} --build-arg FALCO_LIBS_VER=${FALCO_LIBS_VERSION} --build-arg FALCO_LIBS_DRIVER_VER=${FALCO_LIBS_DRIVER_VERSION} --target libs -t sysflowtelemetry/sf-collector-libs:${SYSFLOW_VERSION} -f Dockerfile . )
@@ -148,7 +152,7 @@ docker-runtime-build:
 
 .PHONY: docker-runtime-build/musl
 docker-runtime-build/musl:
-	( DOCKER_BUILDKIT=1 docker build --build-arg ARCH=${ARCH} --build-arg RUNTIME_IMAGE=${RUNTIME_IMAGE} --build-arg ALPINE_VER=${ALPINE_VERSION} --build-arg UBI_VER=${UBI_VERSION} --build-arg FALCO_VER=${FALCO_VERSION} --build-arg FALCO_LIBS_VER=${FALCO_LIBS_VERSION} --build-arg FALCO_LIBS_DRIVER_VER=${FALCO_LIBS_DRIVER_VERSION} --target runtime -t sysflowtelemetry/sf-collector-musl:${SYSFLOW_VERSION} -f Dockerfile.musl . )
+	( DOCKER_BUILDKIT=1 docker build --build-arg ARCH=${ARCH} --build-arg RUNTIME_IMAGE=alpine --build-arg ALPINE_VER=${ALPINE_VERSION} --build-arg UBI_VER=${UBI_VERSION} --build-arg FALCO_VER=${FALCO_VERSION} --build-arg FALCO_LIBS_VER=${FALCO_LIBS_VERSION} --build-arg FALCO_LIBS_DRIVER_VER=${FALCO_LIBS_DRIVER_VERSION} --target runtime -t sysflowtelemetry/sf-collector-musl:${SYSFLOW_VERSION} -f Dockerfile.musl . )
 
 .PHONY: docker-driver-build/musl/s390x
 docker-driver-build/musl/s390x:

makefile.manifest.inc

@@ -16,12 +16,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-SYSFLOW_VERSION?=0.7.0
+SYSFLOW_VERSION?=0.8.0-dev
 SYSFLOW_BUILD_NUMBER?=1
-FALCO_VERSION=0.39.1
-FALCO_LIBS_VERSION=0.18.1
-FALCO_LIBS_DRIVER_VERSION=7.3.0+driver
-FALCOCTL_VERSION=0.10.0
+FALCO_VERSION=0.40.0
+FALCO_LIBS_VERSION=0.20.0
+FALCO_LIBS_DRIVER_VERSION=8.0.0+driver
+FALCOCTL_VERSION=0.11.0
 AVRO_VERSION=release-1.11.0
 ELF_VERSION=v0.189
 GLOG_VERSION=v0.6.0

modules/Makefile

@@ -104,6 +104,7 @@ falcolibs/package:
 	mkdir -p include/curl && cp curl-prefix/src/curl/include/curl/*.h include/curl && \
 	mkdir -p include/driver && cp driver/src/*h include/driver && cp ../driver/*h include/driver && \
 	mkdir -p include/userspace/libsinsp && cp ../userspace/libsinsp/*.h include/userspace/libsinsp && \
+	mkdir -p include/userspace/libsinsp/sinsp_filter_transformers && cp ../userspace/libsinsp/sinsp_filter_transformers/*.h include/userspace/libsinsp/sinsp_filter_transformers/ && \
 	mkdir -p include/userspace/libsinsp/container_engine && cp ../userspace/libsinsp/container_engine/*.h include/userspace/libsinsp/container_engine/ && \
 	mkdir -p include/userspace/libsinsp/filter && cp ../userspace/libsinsp/filter/*.h include/userspace/libsinsp/filter/ && \
 	mkdir -p include/userspace/libsinsp/events && cp ../userspace/libsinsp/events/*.h include/userspace/libsinsp/events/ && \
@@ -122,15 +123,15 @@ falcolibs/package:
 	cp tbb-prefix/src/tbb/lib_release/libtbb.a lib/ && \
 	cp jsoncpp-prefix/src/lib/libjsoncpp.a lib/ && \
 	cp -r jsoncpp-prefix/src/include/json  include/ && \
-	cp -r c-ares-prefix/src/c-ares/target/include/*.h include/ && \
+	cp -r c-ares-prefix/src/c-ares/include/*.h include/ && \
 	cp libpman/*.a lib/ && \
 	cp libsinsp/*.a lib/ && \
 	find libscap -name '*.a' -exec cp '{}' lib \; && \
-	cp ../../falco/docker/falco/docker-entrypoint.sh bin/ && \
+	cp ../../falco/docker/driver-loader-buster/docker-entrypoint.sh bin/ && \
     cp re2-prefix/build/libre2.a lib/ && \
 	cp grpc-prefix/src/grpc/*.a lib/ && \
 	find grpc-prefix/src/grpc/third_party/abseil-cpp -name '*.a' -exec cp '{}' lib \; && \
-	cp c-ares-prefix/src/c-ares/target/lib/libcares.a lib/ && \
+	cp c-ares-prefix/src/c-ares/lib/libcares.a lib/ && \
 	cp curl-prefix/src/curl/lib/.libs/libcurl.a lib/ && \
 	cp openssl-prefix/src/openssl/target/lib/*.a lib/ && \
 	cp zlib-prefix/src/zlib/libz.a lib/libz.a

modules/falco-libs.x86_64.mri

@@ -92,6 +92,7 @@ addlib libscap_event_schema.a
 addlib libscap_platform.a
 addlib libscap_platform_util.a
 addlib libsinsp.a
+addlib libcontainerd_interface.a
 addlib libcri_v1alpha2.a
 addlib libcri_v1.a
 addlib libtbb.a

src/libs/processcontext.cpp

@@ -124,10 +124,10 @@ ProcessObj *ProcessContext::createProcess(sinsp_threadinfo *ti, sinsp_evt *ev,
     }
     i++;
   }
-  p->proc.uid = static_cast<int32_t>(mainthread->m_user.uid());
-  p->proc.gid = static_cast<int32_t>(mainthread->m_group.gid());
-  p->proc.userName = mainthread->m_user.name();
-  p->proc.groupName = mainthread->m_group.name();
+  p->proc.uid = static_cast<int32_t>(mainthread->get_user()->uid);
+  p->proc.gid = static_cast<int32_t>(mainthread->get_group()->gid);
+  p->proc.userName = mainthread->get_user()->name;
+  p->proc.groupName = mainthread->get_group()->name;
   ContainerObj *cont = m_containerCxt->getContainer(ti);
   if (cont != nullptr) {
     p->proc.containerId.set_string(cont->cont.id);
@@ -408,10 +408,10 @@ void ProcessContext::updateProcess(Process *proc, sinsp_evt *ev,
     i++;
   }
 
-  proc->uid = static_cast<int32_t>(mainthread->m_user.uid());
-  proc->gid = static_cast<int32_t>(mainthread->m_group.gid());
-  proc->userName = mainthread->m_user.name();
-  proc->groupName = mainthread->m_group.name();
+  proc->uid = static_cast<int32_t>(mainthread->get_user()->uid);
+  proc->gid = static_cast<int32_t>(mainthread->get_group()->gid);
+  proc->userName = mainthread->get_user()->name;
+  proc->groupName = mainthread->get_group()->name;
 }
 
 void ProcessContext::clearProcesses() {

src/libs/sysflowcontext.h

@@ -32,6 +32,7 @@
 #include <cstring>
 #include <ppm_events_public.h>
 #include <sinsp.h>
+#include <user.h>
 #include <unistd.h>
 
 #define DRIVER_LOG "DRIVER_LOG"

src/libs/utils.cpp

@@ -84,7 +84,7 @@ OID *utils::getOIDDelKey() {
 std::string utils::getUserName(context::SysFlowContext *cxt,
                                std::string &containerid, uint32_t uid) {
   scap_userinfo *user =
-      cxt->getInspector()->m_usergroup_manager.get_user(containerid, uid);
+      cxt->getInspector()->m_usergroup_manager->get_user(containerid, uid);
   if (user != nullptr) {
     return user->name;
   } else {
@@ -96,7 +96,7 @@ std::string utils::getUserName(context::SysFlowContext *cxt,
 std::string utils::getGroupName(context::SysFlowContext *cxt,
                                 std::string &containerid, uint32_t gid) {
   scap_groupinfo *group =
-      cxt->getInspector()->m_usergroup_manager.get_group(containerid, gid);
+      cxt->getInspector()->m_usergroup_manager->get_group(containerid, gid);
   if (group != nullptr) {
     return group->name;
   } else {