diff --git a/docker/README.md b/docker/README.md index cc58fe27570..503a568e8a5 100644 --- a/docker/README.md +++ b/docker/README.md @@ -7,6 +7,5 @@ This directory contains various ways to package Falco as a container and related | Name | Directory | Description | |---|---|---| | [falcosecurity/falco:latest](https://hub.docker.com/repository/docker/falcosecurity/falco), [falcosecurity/falco:_tag_](https://hub.docker.com/repository/docker/falcosecurity/falco), [falcosecurity/falco:master](https://hub.docker.com/repository/docker/falcosecurity/falco) | docker/falco | Falco (DEB built from git tag or from the master) with all the building toolchain. | -| _not yet published (experimental)_ | docker/ubi | Falco (built from RedHat's UBI base image) with the building toolchain. | | [falcosecurity/falco-driver-loader:latest](https://hub.docker.com/repository/docker/falcosecurity/falco-driver-loader), [falcosecurity/falco-driver-loader:_tag_](https://hub.docker.com/repository/docker/falcosecurity/falco-driver-loader), [falcosecurity/falco-driver-loader:master](https://hub.docker.com/repository/docker/falcosecurity/falco-driver-loader) | docker/driver-loader | `falco-driver-loader` as entrypoint with the building toolchain. | | [falcosecurity/falco-no-driver:latest](https://hub.docker.com/repository/docker/falcosecurity/falco-no-driver), [falcosecurity/falco-no-driver:_tag_](https://hub.docker.com/repository/docker/falcosecurity/falco-no-driver),[falcosecurity/falco-no-driver:master](https://hub.docker.com/repository/docker/falcosecurity/falco-no-driver) | docker/no-driver | Falco (TGZ built from git tag or from the master) without the building toolchain. | diff --git a/docker/ubi/Dockerfile b/docker/ubi/Dockerfile deleted file mode 100644 index 666ecdeb56a..00000000000 --- a/docker/ubi/Dockerfile +++ /dev/null @@ -1,46 +0,0 @@ -ARG UBI_VERSION=latest -FROM registry.access.redhat.com/ubi8/ubi:${UBI_VERSION} - -ARG FALCO_VERSION -RUN test -n "$FALCO_VERSION" || (echo "FALCO_VERSION not set" && false) -ENV FALCO_VERSION=${FALCO_VERSION} - -LABEL "name"="Falco Runtime Security" -LABEL "vendor"="Falco" -LABEL "version"="${FALCO_VERSION}" -LABEL "release"="${FALCO_VERSION}" -LABEL "ubi-version"="${UBI_VERSION}" -LABEL "summary"="Falco is a security policy engine that monitors system calls and cloud events, and fires alerts when security policies are violated." -LABEL "description"="Falco is a security policy engine that monitors system calls and cloud events, and fires alerts when security policies are violated." -LABEL "io.k8s.display-name"="Falco" -LABEL "io.k8s.description"="Falco is a security policy engine that monitors system calls and cloud events, and fires alerts when security policies are violated." -LABEL maintainer="cncf-falco-dev@lists.cncf.io" -LABEL org.opencontainers.image.source="https://github.com/falcosecurity/falco" -LABEL usage="docker run -i -t --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro -v /etc:/host/etc --name NAME IMAGE" - - -ENV HOST_ROOT /host -ENV HOME /root - -RUN dnf -y update && \ - dnf -y install \ - curl \ - make \ - cmake \ - gcc \ - llvm-toolset \ - clang \ - kmod \ - && dnf -y clean all ; rm -rf /var/cache/{dnf,yum} - -RUN mkdir /build && cd /build/ && curl --remote-name-all -L https://github.com/dell/dkms/archive/refs/tags/v3.0.3.tar.gz && \ - tar xvf v3.0.3.tar.gz && cd dkms-3.0.3 && make install-redhat && rm -rf /build - -RUN mkdir /deploy && cd /deploy/ && curl --remote-name-all -L https://download.falco.org/packages/bin/$(uname -m)/falco-${FALCO_VERSION}-$(uname -m).tar.gz && \ - cd / && tar --strip-components=1 -xvf /deploy/falco-${FALCO_VERSION}-$(uname -m).tar.gz && \ - rm -rf /deploy - -COPY ./docker-entrypoint.sh / - -ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["/usr/bin/falco"] diff --git a/docker/ubi/docker-entrypoint.sh b/docker/ubi/docker-entrypoint.sh deleted file mode 100755 index 8c4e1fd130b..00000000000 --- a/docker/ubi/docker-entrypoint.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2022 The Falco Authors. -# -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# Set the SKIP_DRIVER_LOADER variable to skip loading the driver - -if [[ -z "${SKIP_DRIVER_LOADER}" ]]; then - - # Required by dkms to find the required dependencies on RedHat UBI - rm -fr /usr/src/kernels/ && rm -fr /usr/src/debug/ - rm -fr /lib/modules && ln -s $HOST_ROOT/lib/modules /lib/modules - rm -fr /boot && ln -s $HOST_ROOT/boot /boot - - echo "* Setting up /usr/src links from host" - - for i in "$HOST_ROOT/usr/src"/* - do - base=$(basename "$i") - ln -s "$i" "/usr/src/$base" - done - - /usr/bin/falco-driver-loader -fi - -exec "$@"