Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

new: ship falcoctl bundled with Falco #2345

Merged
merged 20 commits into from
Jan 25, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
fce8959
new(cmake): added a cmake module to enforce the download and installa…
FedeDP Jan 10, 2023
a9d9eff
update(scripts): added a falcoctl systemd service.
FedeDP Jan 10, 2023
8486e9d
chore(scripts): updated falcoctl service.
FedeDP Jan 11, 2023
a11baaf
update(cmake,scripts): updated falcoctl to 0.3.0-rc1.
FedeDP Jan 18, 2023
57bb323
new(scripts): add a falco.target that consists of falco-X.service units.
FedeDP Jan 19, 2023
8d296d7
update(scripts): multiple renamings to falcoctl service + fixed descr…
FedeDP Jan 19, 2023
52f2f93
update(cmake): bumped falcoctl to 0.3.0-rc2.
FedeDP Jan 20, 2023
96720a6
fix(scripts): some small fixes around falco and falcoctl systemd serv…
FedeDP Jan 20, 2023
8dd76a2
chore(scripts): small fixes to systemd units.
FedeDP Jan 23, 2023
c07c7c9
chore: fix cmake file copy
Andreagit97 Jan 23, 2023
468eefb
scripts: remove falco.target and use require falcoctl with `Wants=`
Andreagit97 Jan 23, 2023
abb2078
docs: fix some comments
Andreagit97 Jan 23, 2023
086d78c
cleanup: rename plugin unit into custom unit
Andreagit97 Jan 23, 2023
ef4a089
chore: couple of small fixes.
FedeDP Jan 24, 2023
72540f5
update(cmake): bumped falcoctl to latest version.
FedeDP Jan 24, 2023
ad449df
fix: create directory for systemd scripts
Andreagit97 Jan 24, 2023
02a1b3c
update: add `falco` alias to kmod unit
Andreagit97 Jan 24, 2023
7c4f1de
chore: bump rules and falcoctl
Andreagit97 Jan 25, 2023
a62bdd0
tests: fix rule paths
Andreagit97 Jan 25, 2023
79b55ca
chore: bump libs version
Andreagit97 Jan 25, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -228,5 +228,7 @@ if(NOT MUSL_OPTIMIZED_BUILD)
include(plugins)
endif()

include(falcoctl)
jasondellaluce marked this conversation as resolved.
Show resolved Hide resolved

# Packages configuration
include(CPackConfig)
5 changes: 3 additions & 2 deletions cmake/cpack/CMakeCPackOptions.cmake
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
if(CPACK_GENERATOR MATCHES "DEB" OR CPACK_GENERATOR MATCHES "RPM")
list(APPEND CPACK_INSTALL_COMMANDS "mkdir -p _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp -r scripts/systemd/falco-kmod-inject.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-kmod-inject.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-kmod.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-modern-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-plugin.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-custom.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falcoctl-artifact-follow.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system")
endif()

if(CPACK_GENERATOR MATCHES "TGZ")
Expand Down
36 changes: 36 additions & 0 deletions cmake/modules/falcoctl.cmake
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
#
# Copyright (C) 2023 The Falco Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
#

include(ExternalProject)

string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} FALCOCTL_SYSTEM_NAME)

set(FALCOCTL_VERSION "0.3.0-rc5")

if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
set(FALCOCTL_SYSTEM_PROC_GO "amd64")
set(FALCOCTL_HASH "012b4a45dccc3f62d2574f5481e154585ff8cb0c43d40ad9a7f49a057b311621")
else() # aarch64
set(FALCOCTL_SYSTEM_PROC_GO "arm64")
set(FALCOCTL_HASH "e35a225c51ce45d1b53a3392caee60e1eeea9a1c885d43d63b2be16cc1b66c7a")
endif()

ExternalProject_Add(
falcoctl
URL "https://github.com/falcosecurity/falcoctl/releases/download/v${FALCOCTL_VERSION}/falcoctl_${FALCOCTL_VERSION}_${FALCOCTL_SYSTEM_NAME}_${FALCOCTL_SYSTEM_PROC_GO}.tar.gz"
URL_HASH "SHA256=${FALCOCTL_HASH}"
CONFIGURE_COMMAND ""
BUILD_COMMAND ""
INSTALL_COMMAND "")

install(PROGRAMS "${PROJECT_BINARY_DIR}/falcoctl-prefix/src/falcoctl/falcoctl" DESTINATION "${FALCO_BIN_DIR}" COMPONENT "${FALCO_COMPONENT_NAME}")
4 changes: 2 additions & 2 deletions cmake/modules/falcosecurity-libs.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@ else()
# In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable -
# ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..`
if(NOT FALCOSECURITY_LIBS_VERSION)
set(FALCOSECURITY_LIBS_VERSION "0.10.1")
set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=8439d52afd57c313b2c067a780ef8667e87669d16929f588681322acf1e52f14")
set(FALCOSECURITY_LIBS_VERSION "0.10.2")
set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=6191114dc315c4f49c7e49613aa50c4e30140312997ffaec99e0041f5539f738")
endif()

# cd /path/to/build && cmake /path/to/source
Expand Down
14 changes: 7 additions & 7 deletions cmake/modules/rules.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ include(ExternalProject)

# falco_rules.yaml
set(FALCOSECURITY_RULES_FALCO_VERSION "falco-rules-0.1.0")
set(FALCOSECURITY_RULES_FALCO_CHECKSUM "SHA256=f909a996213ab659ef9f958ae64b16c83dca0035525cc044d4dc074250e8b152")
set(FALCOSECURITY_RULES_FALCO_PATH "${PROJECT_BINARY_DIR}/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/rules/falco_rules.yaml")
set(FALCOSECURITY_RULES_FALCO_CHECKSUM "SHA256=0d3705a4650f09d10e7831b16e7af59c1da34ff19e788896e9ee77010014db4d")
set(FALCOSECURITY_RULES_FALCO_PATH "${PROJECT_BINARY_DIR}/falcosecurity-rules-falco-prefix/src/falcosecurity-rules-falco/falco_rules.yaml")
ExternalProject_Add(
falcosecurity-rules-falco
URL "https://github.com/falcosecurity/rules/archive/${FALCOSECURITY_RULES_FALCO_VERSION}.tar.gz"
URL "https://download.falco.org/rules/${FALCOSECURITY_RULES_FALCO_VERSION}.tar.gz"
URL_HASH "${FALCOSECURITY_RULES_FALCO_CHECKSUM}"
CONFIGURE_COMMAND ""
BUILD_COMMAND ""
Expand All @@ -30,11 +30,11 @@ ExternalProject_Add(

# application_rules.yaml
set(FALCOSECURITY_RULES_APPLICATION_VERSION "application-rules-0.1.0")
set(FALCOSECURITY_RULES_APPLICATION_CHECKSUM "SHA256=33fcdc121cedb8e49c735c7948ede7d9427fd61962914fc3b66fe3d94d331cbf")
set(FALCOSECURITY_RULES_APPLICATION_PATH "${PROJECT_BINARY_DIR}/falcosecurity-rules-application-prefix/src/falcosecurity-rules-application/rules/application_rules.yaml")
set(FALCOSECURITY_RULES_APPLICATION_CHECKSUM "SHA256=cf45c1a6997799610a7724ba7a2ceaa64a3bdc73d26cdfe06adb3f43e2321278")
set(FALCOSECURITY_RULES_APPLICATION_PATH "${PROJECT_BINARY_DIR}/falcosecurity-rules-application-prefix/src/falcosecurity-rules-application/application_rules.yaml")
ExternalProject_Add(
falcosecurity-rules-application
URL "https://github.com/falcosecurity/rules/archive/${FALCOSECURITY_RULES_APPLICATION_VERSION}.tar.gz"
URL "https://download.falco.org/rules/${FALCOSECURITY_RULES_APPLICATION_VERSION}.tar.gz"
URL_HASH "${FALCOSECURITY_RULES_APPLICATION_CHECKSUM}"
CONFIGURE_COMMAND ""
BUILD_COMMAND ""
Expand Down Expand Up @@ -88,4 +88,4 @@ else() # Default Falco installation
COMPONENT "${FALCO_COMPONENT_NAME}")

install(DIRECTORY DESTINATION "${FALCO_ETC_DIR}/rules.d" COMPONENT "${FALCO_COMPONENT_NAME}")
endif()
endif()
23 changes: 13 additions & 10 deletions scripts/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -16,16 +16,19 @@
#

# Systemd
file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod-inject.service"
DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd")
file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod.service"
DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd")
file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-bpf.service"
DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd")
file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-modern-bpf.service"
DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd")
file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-plugin.service"
DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd")
file(MAKE_DIRECTORY ${PROJECT_BINARY_DIR}/scripts/systemd)
configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod-inject.service"
"${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY)
configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-kmod.service"
"${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY)
configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-bpf.service"
"${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY)
configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-modern-bpf.service"
"${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY)
configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falco-custom.service"
"${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY)
configure_file("${PROJECT_SOURCE_DIR}/scripts/systemd/falcoctl-artifact-follow.service"
"${PROJECT_BINARY_DIR}/scripts/systemd" COPYONLY)

# Debian
configure_file(debian/postinst.in debian/postinst)
Expand Down
62 changes: 38 additions & 24 deletions scripts/debian/postinst.in
Original file line number Diff line number Diff line change
Expand Up @@ -18,18 +18,32 @@

chosen_driver=

# Every time we call this script we want to stat from a clean state.
echo "[POST-INSTALL] Disable all possible 'falco' services:"
systemctl --system stop 'falco-kmod.service' || true
systemctl --system stop 'falco-bpf.service' || true
systemctl --system stop 'falco-modern-bpf.service' || true
systemctl --system stop 'falco-custom.service' || true
systemctl --system stop 'falcoctl-artifact-follow.service' || true
systemctl --system disable 'falco-kmod.service' || true
systemctl --system disable 'falco-bpf.service' || true
systemctl --system disable 'falco-modern-bpf.service' || true
systemctl --system disable 'falco-custom.service' || true
systemctl --system disable 'falcoctl-artifact-follow.service' || true

# unmask falcoctl if it was masked
systemctl --system unmask falcoctl-artifact-follow.service || true

if [ "$1" = "configure" ]; then
if [ -x /usr/bin/dialog ]; then
# If dialog is installed, create a dialog to let users choose the correct driver for them
CHOICE=$(dialog --clear --backtitle "Choose your preferred driver" --title "Falco drivers" --menu "Choose one of the following options:" 15 40 5 \
1 "Don't start" \
CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 55 4 \
1 "Manual configuration (no unit is started)" \
2 "Kmod" \
3 "eBPF" \
4 "Modern eBPF" \
5 "Plugin" \
2>&1 >/dev/tty)
if [ $? -eq 0 ]; then
case $CHOICE in
case $CHOICE in
2)
chosen_driver="kmod"
;;
Expand All @@ -39,17 +53,28 @@ if [ "$1" = "configure" ]; then
4)
chosen_driver="modern-bpf"
;;
5)
chosen_driver="plugin"
;;
esac
fi
clear
esac
if [ -n "$chosen_driver" ]; then
CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \
1 "Yes" \
2 "No" \
2>&1 >/dev/tty)
case $CHOICE in
2)
# we don't want falcoctl enabled, we mask it
systemctl --system mask falcoctl-artifact-follow.service || true
;;
esac
fi
clear
fi
fi

set -e

echo "[POST-INSTALL] Trigger deamon-reload:"
systemctl --system daemon-reload || true

# If needed, try to load/compile the driver through falco-driver-loader
case "$chosen_driver" in
"kmod")
Expand All @@ -64,21 +89,10 @@ esac

if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -n "$chosen_driver" ]; then
# we do this in 2 steps because `enable --now` is not always supported
echo "[POST-INSTALL] Enable 'falco-$chosen_driver.service':"
systemctl --system enable "falco-$chosen_driver.service" || true
echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':"
systemctl --system start "falco-$chosen_driver.service" || true
systemctl --system start "falco-$chosen_driver.service" || true
fi
fi

if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -d /run/systemd/system ]; then
echo "[POST-INSTALL] Trigger deamon-reload:"
systemctl --system daemon-reload || true
if [ -n "$chosen_driver" ]; then
echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:"
# restart falco on upgrade if service is already running
systemctl --system condrestart "falco-$chosen_driver.service" || true
fi
fi
fi
3 changes: 2 additions & 1 deletion scripts/debian/postrm.in
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,8 @@ if [ -d /run/systemd/system ] && [ "$1" = remove ]; then
systemctl --system disable 'falco-kmod.service' || true
systemctl --system disable 'falco-bpf.service' || true
systemctl --system disable 'falco-modern-bpf.service' || true
systemctl --system disable 'falco-plugin.service' || true
systemctl --system disable 'falco-custom.service' || true
systemctl --system disable 'falcoctl-artifact-follow.service' || true

echo "[POST-REMOVE] Trigger deamon-reload:"
systemctl --system daemon-reload || true
Expand Down
3 changes: 2 additions & 1 deletion scripts/debian/prerm.in
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ case "$1" in
systemctl --system stop 'falco-kmod.service' || true
systemctl --system stop 'falco-bpf.service' || true
systemctl --system stop 'falco-modern-bpf.service' || true
systemctl --system stop 'falco-plugin.service' || true
systemctl --system stop 'falco-custom.service' || true
systemctl --system stop 'falcoctl-artifact-follow.service' || true

echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'"
falco-driver-loader --clean
Expand Down
83 changes: 47 additions & 36 deletions scripts/rpm/postinstall.in
Original file line number Diff line number Diff line change
Expand Up @@ -17,39 +17,63 @@

chosen_driver=

# Every time we call this script we want to stat from a clean state.
echo "[POST-INSTALL] Disable all possible enabled 'falco' service:"
systemctl --system stop 'falco-kmod.service' || true
systemctl --system stop 'falco-bpf.service' || true
systemctl --system stop 'falco-modern-bpf.service' || true
systemctl --system stop 'falco-custom.service' || true
systemctl --system stop 'falcoctl-artifact-follow.service' || true
systemctl --system disable 'falco-kmod.service' || true
systemctl --system disable 'falco-bpf.service' || true
systemctl --system disable 'falco-modern-bpf.service' || true
systemctl --system disable 'falco-custom.service' || true
systemctl --system disable 'falcoctl-artifact-follow.service' || true

# unmask falcoctl if it was masked
systemctl --system unmask falcoctl-artifact-follow.service || true

if [ $1 -eq 1 ]; then
if [ -x /usr/bin/dialog ]; then
# If dialog is installed, create a dialog to let users choose the correct driver for them
CHOICE=$(dialog --clear --backtitle "Choose your preferred driver" --title "Falco drivers" --menu "Choose one of the following options:" 15 40 5 \
1 "Don't start" \
CHOICE=$(dialog --clear --title "Falco drivers" --menu "Choose your preferred driver:" 12 55 4 \
1 "Manual configuration (no unit is started)" \
2 "Kmod" \
3 "eBPF" \
4 "Modern eBPF" \
5 "Plugin" \
2>&1 >/dev/tty)
# When user presses cancel, go on as default (don't start)
if [ $? -eq 0 ]; then
case $CHOICE in
2)
chosen_driver="kmod"
;;
3)
chosen_driver="bpf"
;;
4)
chosen_driver="modern-bpf"
;;
5)
chosen_driver="plugin"
;;
esac
fi
clear
case $CHOICE in
2)
chosen_driver="kmod"
;;
3)
chosen_driver="bpf"
;;
4)
chosen_driver="modern-bpf"
;;
esac
if [ -n "$chosen_driver" ]; then
CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \
1 "Yes" \
2 "No" \
2>&1 >/dev/tty)
case $CHOICE in
2)
# we don't want falcoctl enabled, we mask it
systemctl --system mask falcoctl-artifact-follow.service || true
;;
esac
fi
clear
fi
fi

set -e

echo "[POST-INSTALL] Trigger deamon-reload:"
systemctl --system daemon-reload || true

# If needed, try to load/compile the driver through falco-driver-loader
case "$chosen_driver" in
"kmod")
Expand All @@ -71,25 +95,12 @@ esac
# `systemd-update-helper install-system-units <service>`
%systemd_post "falco-$chosen_driver.service"

# post install mirrored from .deb
if [ $1 -eq 1 ]; then
# post install/upgrade mirrored from .deb
if [ $1 -ge 1 ]; then
if [ -n "$chosen_driver" ]; then
echo "[POST-INSTALL] Enable 'falco-$chosen_driver.service':"
systemctl --system enable "falco-$chosen_driver.service" || true
echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':"
systemctl --system start "falco-$chosen_driver.service" || true
fi
fi

# post upgrade mirrored from .deb
if [ $1 -gt 1 ]; then
if [ -d /run/systemd/system ]; then
echo "[POST-INSTALL] Trigger deamon-reload:"
systemctl --system daemon-reload || true
if [ -n "$chosen_driver" ]; then
echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:"
# restart falco on upgrade if service is already running
systemctl --system condrestart "falco-$chosen_driver.service" || true
fi
fi
fi
3 changes: 2 additions & 1 deletion scripts/rpm/postuninstall.in
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ if [ -d /run/systemd/system ] && [ $1 -eq 0 ]; then
systemctl --system disable 'falco-kmod.service'|| true
systemctl --system disable 'falco-bpf.service' || true
systemctl --system disable 'falco-modern-bpf.service' || true
systemctl --system disable 'falco-plugin.service' || true
systemctl --system disable 'falco-custom.service' || true
systemctl --system disable 'falcoctl-artifact-follow.service' || true

echo "[POST-REMOVE] Trigger deamon-reload:"
systemctl --system daemon-reload || true
Expand Down
6 changes: 4 additions & 2 deletions scripts/rpm/preuninstall.in
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ echo "[PRE-REMOVE] Stop all Falco services:"
systemctl --system stop 'falco-kmod.service' || true
systemctl --system stop 'falco-bpf.service' || true
systemctl --system stop 'falco-modern-bpf.service' || true
systemctl --system stop 'falco-plugin.service' || true
systemctl --system stop 'falco-custom.service' || true
systemctl --system stop 'falcoctl-artifact-follow.service' || true

echo "[PRE-REMOVE] Call 'falco-driver-loader --clean:'"
falco-driver-loader --clean
Expand All @@ -36,4 +37,5 @@ falco-driver-loader --clean
%systemd_preun 'falco-kmod.service'
%systemd_preun 'falco-bpf.service'
%systemd_preun 'falco-modern-bpf.service'
%systemd_preun 'falco-plugin.service'
%systemd_preun 'falco-custom.service'
%systemd_preun 'falcoctl-artifact-follow.service'
Loading