Polite request for a driver for amazon linux2 driver / 5.4.214-120.368.amzn2.x86_6

[dwgillies-bluescape]

Describe the bug

We are supporting a fedramp product and nessus scans are showing "high" and "critical" vulnerabilities in amazon linux which must be fixed by November 15th, 2022 and November 22nd, 2022 (30-day deadline to fix security vulnerabilities). We are running falco 2.0 at the suggestion of falco developers on a separate ticket, to get faster driver updates.

However, our kernel is 5.4.214-120.368.amzn2.x86_6 and there are not drivers available for it (yet). If someone could kindly compile & upload a set of drivers for the #368 kernel, we would really appreciate it. The #368 kernel has several vulnerability patches and existing kernels must be updated before Nov 22, 2022 to remain in compliance. In fact, all fedramp vendors would probably appreciate drivers for this new kernel in addition to us! Thanks!

How to reproduce it

launch falco 2.0 helm chart on linux 5.4.214-120.368.amzn2.x86_6, see it crash-loop :

* Looking for a falco module locally (kernel 5.4.214-120.368.amzn2.x86_64)
* Trying to download a prebuilt falco module from https://download.falco.org/driver/2.0.0%2Bdriver/x86_64/falco_amazonlinux2_5.4.214-120.368.amzn2.x86_64_1.ko
curl: (22) The requested URL returned error: 404 
Unable to find a prebuilt falco module
* Trying to dkms install falco module with GCC /usr/bin/gcc
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"

Creating symlink /var/lib/dkms/falco/2.0.0+driver/source ->
                 /usr/src/falco-2.0.0+driver

DKMS: add completed.
* Running dkms build failed, couldn't find /var/lib/dkms/falco/2.0.0+driver/build/make.log (with GCC /usr/bin/gcc)
* Trying to dkms install falco module with GCC /usr/bin/gcc-8
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"

  initContainers:
    - name: falco-driver-loader
      image: docker.io/falcosecurity/falco-driver-loader:0.32.2
...
  containers:
    - name: falco
      image: docker.io/falcosecurity/falco-no-driver:0.32.2
      args:

Expected behaviour

Drivers are hopefully found after new ones are compiled.

Screenshots

Environment

Kubernetes 1.21, falco 2.0.

• Falco version:

• System info:

• Cloud provider or hardware configuration:
• OS:

• Kernel:

• Installation method:

Additional context

[FedeDP]

Hi!
Thanks for this bug report!
The kernel itself has been discovered on monday by our kernel-crawler (you can look for it here: https://falcosecurity.github.io/kernel-crawler/?arch=x86_64&target=AmazonLinux2), but the automatic integration to build new drivers failed; we already fixed the issue and we are waiting on next monday to when the automation will be triggered once again!
Hopefully you will see the driver available next tuesday!

[FedeDP]

The driver is now available: 5.4.214-120.368

[FedeDP]

This can be closed, right? @dwgillies-bluescape :)

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[poiana]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

[poiana]

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community.
/close

[poiana]

@poiana: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.