From 39cd436ee257d2b5d14f42ae1132f63c490c2404 Mon Sep 17 00:00:00 2001
From: rcohencyberarmor <rcohen@armosec.io>
Date: Sun, 25 Dec 2022 02:53:51 +0200
Subject: [PATCH] build kernel object with armo image

---
 .github/workflows/build.yaml       | 18 ++++++++++++++----
 kernel/Dockerfile_build_kernel_obj | 10 ++++++++++
 kernel/entrypoint.sh               |  8 ++++++++
 3 files changed, 32 insertions(+), 4 deletions(-)
 create mode 100644 kernel/Dockerfile_build_kernel_obj
 create mode 100755 kernel/entrypoint.sh

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 5f711b7..03b65ad 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -65,10 +65,14 @@ jobs:
         id: image-version
         run: echo '::set-output name=IMAGE_VERSION::v0.0.${{ github.run_number }}'
 
-      - name: Set image name
-        id: image-name
+      - name: Set userspace image name
+        id: image-name-userspace
         run: echo '::set-output name=IMAGE_NAME::quay.io/${{ github.repository_owner }}/sneeffer'
       
+      - name: Set kernelspace image name
+        id: image-name-kernelspace
+        run: echo '::set-output name=IMAGE_NAME::quay.io/${{ github.repository_owner }}/sneeffer-kernel'
+      
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
 
@@ -81,7 +85,13 @@ jobs:
           QUAY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
         run: docker login -u="${QUAY_USERNAME}" -p="${QUAY_PASSWORD}" quay.io
 
-      - name: Build the Docker image
+      - name: Build the kernel space Docker image
+        
+        run: docker buildx build . --file ./kernel/Dockerfile_build_kernel_obj --tag ${{ steps.image-name-kernelspace.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --tag ${{ steps.image-name-kernelspace.outputs.IMAGE_NAME }}:latest --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }} --push
+
+      - name: Build the userspace Docker image
 
-        run: docker buildx build . --file ./Dockerfile --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:latest --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }} --push
+        run: docker buildx build . --file ./Dockerfile --tag ${{ steps.image-name-userspace.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --tag ${{ steps.image-name-userspace.outputs.IMAGE_NAME }}:latest --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }} --push
+
+      
 
diff --git a/kernel/Dockerfile_build_kernel_obj b/kernel/Dockerfile_build_kernel_obj
new file mode 100644
index 0000000..b8d0feb
--- /dev/null
+++ b/kernel/Dockerfile_build_kernel_obj
@@ -0,0 +1,10 @@
+FROM ubuntu:latest as builder
+
+RUN apt update && apt install git curl llvm clang cmake make libelf-dev golang-go -y
+
+RUN git clone https://github.com/falcosecurity/libs.git /etc/falco-libs
+WORKDIR /etc/falco-libs
+RUN git checkout 5a02ca746cda9866d574061fc61c146dae906526
+COPY ./kernel/entrypoint.sh /etc/entrypoint.sh
+
+ENTRYPOINT ["/etc/entrypoint.sh"]
\ No newline at end of file
diff --git a/kernel/entrypoint.sh b/kernel/entrypoint.sh
new file mode 100755
index 0000000..1613996
--- /dev/null
+++ b/kernel/entrypoint.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+set -x
+
+apt install linux-headers-$(uname -r) -y
+mkdir /etc/falco-libs/build && cd /etc/falco-libs/build
+cmake -DBUILD_BPF=true -DINSTALL_GTEST=OFF ../
+make bpf 
+cp /etc/falco-libs/build/driver/bpf/probe.o /root/.falco/falco-bpf.o
\ No newline at end of file