Home

Awesome

Falcosecurity kernel-crawler

Falco Infra Repository Incubating License

Latest Architectures

It is a tool used to crawl supported kernels by multiple distros, and generate a driverkit-like config json.
Output json can be found, for each supported architecture, on gh pages: https://falcosecurity.github.io/kernel-crawler/:

A weekly github action workflow will open a PR on this repo to update the json.
As soon as the PR is merged and the json updated, a prow job will create a PR on test-infra to generate the new Driverkit configs from the updated json.

Usage

Helper text and options:

Main:

Usage: kernel-crawler [OPTIONS] COMMAND [ARGS]...

Options:
    --debug / --no-debug
    --help                Show this message and exit.

Commands:
    crawl

Crawl command:

Usage: kernel-crawler crawl [OPTIONS]

Options:
    --distro [alinux|almalinux|amazonlinux|amazonlinux2|amazonlinux2022|amazonlinux2023|arch|bottlerocket|centos|debian|fedora|flatcar|minikube|ol|opensuse|photon|redhat|rocky|talos|ubuntu|*]
    --version TEXT
    --arch [x86_64|aarch64]
    --image TEXT                    Option is required when distro is Redhat.
    --help                          Show this message and exit.

CI Usage

To better suit the CI usage, a Github composite action has been developed.
Therefore, running kernel-crawler in your Github workflow is as easy as adding this step:

- name: Crawl kernels
  uses: falcosecurity/kernel-crawler@main
  with:
    # Desired architecture. Either x86_64 or aarch64.
    # Default: 'x86_64'.
    arch: 'aarch64'
    
    # Desired distro.
    # Refer to crawl command helper message (above) to check supported distros.
    # Default: '*'.
    distro: 'ubuntu'

NOTE: Since we don't use annotated tags, one cannot use eg: falcosecurity/kernel-crawler@v0, but only either exact tag name, branch name or commit hash.

Docker image

A docker image is provided for releases, by a GitHub Actions workflow: falcosecurity/kernel-crawler:latest. You can also build it yourself, by issuing:

docker build -t falcosecurity/kernel_crawler -f docker/Dockerfile .

from project root.

Install

To install the project, a simple pip3 install . from project root is enough.

Examples

kernel-crawler crawl --distro=AmazonLinux2
kernel-crawler crawl --distro=*
:exclamation: Note: Passing --image argument is supported with --distro=*
kernel-crawler crawl --distro=Redhat --image=redhat/ubi8:registered