Allow specifying explicit kernel release and version for falco-driver-loader

[johananl]

Motivation

I'm installing Falco using Ansible as part of a Packer build which results in a VM image. As part of the build process I'm updating the kernel to a newer version. When running falco-driver-loader --compile module, the module is compiled and installed for the running kernel:

falco/scripts/falco-driver-loader

Line 679 in fbcb971

KERNEL_RELEASE=$(uname -r)

falco/scripts/falco-driver-loader

Line 685 in fbcb971

KERNEL_VERSION=$(uname -v | sed 's/#\([[:digit:]]\+\).*/\1/')

However, since the kernel version was updated but the VM hadn't been rebooted since the update, the result is that the kmod isn't compiled for the kernel version that is used in practice when creating VMs from the image.

One way to solve the problem is to explicitly specify the kernel release and kernel version when running falco-driver-loader. However, the script doesn't currently support this.

Feature

Maybe it makes sense to add the following two argument to falco-driver-loader and default to the current behavior if either of the vars isn't specified:

• KERNEL_RELEASE
• KERNEL_VERSION

I'm happy to open PR if this sounds like a good idea.

Alternatives

I could try to insert a reboot to my image building process, however this would be suboptimal. In addition, I imagine many Falco users rely on automation for installing Falco and therefore may benefit from being able to explicitly specify the kernel for which to compile the driver. As my use case demonstrates, the assumption that Falco is used with the currently-running kernel isn't always true.

Additional context

Whatever gets decided, we should ensure the functionality works for both kmod and BPF modes.