Load/unload kernel module on start/stop (#459)

* Load/unload kernel module on start/stop When falco is started, load the kernel module. (The falco binary also will do a modprobe if it can't open the inspector, as a backup). When falco is stopped, unload the kernel module. This fixes #418. * Put script execute line in right place.
falcosecurity · Nov 6, 2018 · 32f8e30 · 32f8e30
1 parent 6eac49e
commit 32f8e30
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/scripts/debian/falco b/scripts/debian/falco
@@ -65,6 +65,9 @@ do_start()
 	#   2 if daemon could not be started
 	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
 		|| return 1
+	if [ ! -d /sys/module/falco_probe ]; then
+		/sbin/modprobe falco-probe || exit 1
+	fi
 	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
 		$DAEMON_ARGS \
 		|| return 2
@@ -94,6 +97,7 @@ do_stop()
 	# sleep for some time.
 	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
 	[ "$?" = 2 ] && return 2
+	/sbin/rmmod falco-probe
 	# Many daemons don't delete their pidfiles when they exit.
 	rm -f $PIDFILE
 	return "$RETVAL"

diff --git a/scripts/rpm/falco b/scripts/rpm/falco
@@ -1,3 +1,5 @@
+#!/bin/sh
+
 #
 # Copyright (C) 2016-2018 Draios Inc dba Sysdig.
 #
@@ -16,7 +18,6 @@
 # limitations under the License.
 #
 
-#!/bin/sh
 #
 # falco syscall monitoring agent
 #
@@ -53,6 +54,9 @@ start() {
     # [ -f $config ] || exit 6
     echo -n $"Starting $prog: "
     daemon $exec --daemon --pidfile=$pidfile
+    if [ ! -d /sys/module/falco_probe ]; then
+        /sbin/modprobe falco-probe || return $?
+    fi
     retval=$?
     echo
     [ $retval -eq 0 ] && touch $lockfile
@@ -64,6 +68,7 @@ stop() {
     killproc -p $pidfile
     retval=$?
     echo
+    /sbin/rmmod falco-probe
     [ $retval -eq 0 ] && rm -f $lockfile
     return $retval
 }