plugins icon indicating copy to clipboard operation
plugins copied to clipboard

Published 20 hours ago verified publisher icon falcosecurity

Document the required glibc version for wide compatibilty

Open leogr opened this issue 3 years ago • 41 comments

What to document

Plugins authors must build their plugins using the same glibs version we use in Falco. We have to document that.

/cc @jasondellaluce

leogr avatar Feb 16 '22 18:02 leogr

Thanks! FYI, I use the following Dockerfile to ensure that I have the same glibc as the one in Falco:

# Use the same base image as falco to ensure compatibility with glibc version
FROM golang:buster as builder

# Cache go modules so they won't be downloaded at each build
COPY go.mod go.sum /src/
RUN cd /src && go mod download

COPY ./ /src
RUN cd /src && make -C falco-plugin

# Use the following command to get the built files:
# DOCKER_BUILDKIT=1 docker build -f falco-plugin/Dockerfile --output=falco-plugin/ .
FROM scratch AS deploy-source
COPY --from=builder /src/falco-plugin/*.so /

alban avatar Feb 17 '22 15:02 alban

Btw, to build and publish our plugins, we currently use this :point_down: https://github.com/falcosecurity/test-infra/blob/master/images/build-plugins/Dockerfile#L6

leogr avatar Feb 17 '22 16:02 leogr

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana avatar May 18 '22 18:05 poiana

/remove-lifecycle stale

jasondellaluce avatar May 21 '22 14:05 jasondellaluce

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana avatar Aug 19 '22 15:08 poiana

/remove-lifecycle stale

@falcosecurity/falco-maintainers Shall we do the same for Falco?

leogr avatar Aug 19 '22 16:08 leogr

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana avatar Nov 17 '22 21:11 poiana

/remove-lifecycle stal

leogr avatar Nov 23 '22 11:11 leogr

cc @vjjmiras

leogr avatar Nov 23 '22 11:11 leogr

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

poiana avatar Dec 23 '22 15:12 poiana

/remove-lifecycle rotten

vjjmiras avatar Dec 23 '22 15:12 vjjmiras

cc @vjjmiras

I wasn't aware of this issue. I'll take care of it.

vjjmiras avatar Dec 23 '22 15:12 vjjmiras

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana avatar Mar 23 '23 15:03 poiana

/remove-lifecycle stale

FedeDP avatar Mar 23 '23 16:03 FedeDP

/help

cc @therealbobo @Andreagit97

leogr avatar Apr 27 '23 08:04 leogr

@leogr: This request has been marked as needing help from a contributor.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed by commenting with the /remove-help command.

In response to this:

/help

cc @therealbobo @Andreagit97

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

poiana avatar Apr 27 '23 08:04 poiana

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana avatar Jul 26 '23 13:07 poiana

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

poiana avatar Aug 25 '23 13:08 poiana

/remove-lifecycle rotten

Andreagit97 avatar Aug 25 '23 14:08 Andreagit97

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana avatar Nov 23 '23 15:11 poiana

/remove-lifecycle stale

Andreagit97 avatar Nov 24 '23 16:11 Andreagit97

/assign leogr /assign LucaGuerra

leogr avatar Nov 28 '23 15:11 leogr

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana avatar Feb 26 '24 21:02 poiana

/remove-lifecycle stale

leogr avatar Feb 29 '24 16:02 leogr

For the record, recently we upgraded golang in our CI, and broke the glibc compatibility.

@LucaGuerra and I are investigating.

leogr avatar May 21 '24 14:05 leogr

For the record, recently we upgraded golang in our CI, and broke the glibc compatibility.

@LucaGuerra and I are investigating.

Fix: https://github.com/falcosecurity/plugins/pull/497/files

leogr avatar May 21 '24 14:05 leogr

Update (as discussed with @LucaGuerra):

At the time of writing, Falco requires GLIBC 2.17 or newer (this is, however, not officially documented yet)

For plugins shipped with this repository, based on the current CI builder (using the golang:1.22-bullseye image :point_down: ) the minimum guaranteed compatibility is with GLIBC 2.31. However, most plugins need a reduced set of GLIBC symbols and are usually compatible with older versions of GLIBC.

https://github.com/falcosecurity/plugins/blob/512f1ff3611cfb60b30712cd1b542eec97239764/.github/workflows/reusable_build_packages.yaml#L21-L23

❯ docker run --rm -it golang:1.22-bullseye sh
# /lib/x86_64-linux-gnu/libc.so.6
GNU C Library (Debian GLIBC 2.31-13+deb11u10) stable release version 2.31.
Copyright (C) 2020 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 10.2.1 20210110.
libc ABIs: UNIQUE IFUNC ABSOLUTE
For bug reporting instructions, please see:
<http://www.debian.org/Bugs/>.

leogr avatar May 22 '24 16:05 leogr

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

poiana avatar Aug 20 '24 22:08 poiana

/remove-lifecycle stale

leogr avatar Aug 21 '24 10:08 leogr