EKS version 1.20.4 Not Supported - Getting "Runtime error: error opening device /host/dev/falco0"

[nitzango]

EKS version 1.20.4-eks-6b7464
Latest chart version: 0.28.1

* Setting up /usr/src links from host
 * Running falco-driver-loader for: falco version=0.28.1, driver version=5c0b863ddade7a45568c0ac97d037422c9efb750
 * Running falco-driver-loader with: driver=module, compile=yes, download=yes
 * Unloading falco module, if present
 * Trying to load a system falco module, if present
 * Looking for a falco module locally (kernel 5.4.117-58.216.amzn2.x86_64)
 * Trying to download a prebuilt falco module from https://download.falco.org/driver/5c0b863ddade7a45568c0ac97d037422c9efb750/falco_amazonlinux2_5.4.11758.216.amzn2.x86_64_1.ko
 curl: (22) The requested URL returned error: 404 Unable to find a prebuilt falco module
 * Trying to dkms install falco module with GCC /usr/bin/gcc DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
 * Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr
 /bin/gcc)
 * Trying to dkms install falco module with GCC /usr/bin/gcc-8 DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
 * Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr/bin/gcc-8)
 * Trying to dkms install falco module with GCC /usr/bin/gcc-6 DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
 * Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr/bin/gcc-6)
 * Trying to dkms install falco module with GCC /usr/bin/gcc-5 DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
 * Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr/bin/gcc-5)
 Consider compiling your own falco driver and loading it or getting in touch with the Falco community
 Thu May 27 08:26:28 2021: Falco version 0.28.1 (driver version 5c0b863ddade7a45568c0ac97d037422c9efb750)
 Thu May 27 08:26:28 2021: Falco initialized with configuration file /etc/falco/falco.yaml
 Thu May 27 08:26:28 2021: Loading rules from file /etc/falco/falco_rules.yaml:
 Thu May 27 08:26:28 2021: Loading rules from file /etc/falco/falco_rules.local.yaml:
 Thu May 27 08:26:29 2021: Unable to load the driver.
 Thu May 27 08:26:29 2021: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.

Might be related to:
falcosecurity/falco#1078

Thanks

[johnvandeweghe]

I'm getting the same on a new cluster I spun up today running v1.18.9-eks-d1db3c

* Setting up /usr/src links from host
* Running falco-driver-loader for: falco version=0.28.1, driver version=5c0b863ddade7a45568c0ac97d037422c9efb750
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Trying to load a system falco module, if present
* Looking for a falco module locally (kernel 4.14.232-176.381.amzn2.x86_64)
* Trying to download a prebuilt falco module from https://download.falco.org/driver/5c0b863ddade7a45568c0ac97d037422c9efb750/falco_amazonlinux2_4.14.232-176.381.amzn2.x86_64_1.ko
curl: (22) The requested URL returned error: 404
Unable to find a prebuilt falco module
* Trying to dkms install falco module with GCC /usr/bin/gcc
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr/bin/gcc)
* Trying to dkms install falco module with GCC /usr/bin/gcc-8
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr/bin/gcc-8)
* Trying to dkms install falco module with GCC /usr/bin/gcc-6
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr/bin/gcc-6)
* Trying to dkms install falco module with GCC /usr/bin/gcc-5
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr/bin/gcc-5)
Consider compiling your own falco driver and loading it or getting in touch with the Falco community
Tue Jun  1 20:46:54 2021: Falco version 0.28.1 (driver version 5c0b863ddade7a45568c0ac97d037422c9efb750)
Tue Jun  1 20:46:54 2021: Falco initialized with configuration file /etc/falco/falco.yaml
Tue Jun  1 20:46:54 2021: Loading rules from file /etc/falco/falco_rules.yaml:
Tue Jun  1 20:46:55 2021: Loading rules from file /etc/falco/falco_rules.local.yaml:
Tue Jun  1 20:46:55 2021: Unable to load the driver.
Tue Jun  1 20:46:55 2021: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.

[rams3sh]

I am facing the same issue with normal local installation using helm in minikube.

Below my output from the terminal :-

rams3sh@system:~/falco$ helm install falco falcosecurity/falco
NAME: falco
LAST DEPLOYED: Wed Jun  2 13:19:45 2021
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Falco agents are spinning up on each node in your cluster. After a few
seconds, they are going to start monitoring your containers looking for
security issues.


No further action should be required.


Tip: 
You can easily forward Falco events to Slack, Kafka, AWS Lambda and more with falcosidekick. 
Full list of outputs: https://github.com/falcosecurity/charts/falcosidekick.
You can enable its deployment with `--set falcosidekick.enabled=true` or in your values.yaml. 
See: https://github.com/falcosecurity/charts/blob/master/falcosidekick/values.yaml for configuration values.
rams3sh@system:~/falco$ kubectl get pods 
NAME                                READY   STATUS             RESTARTS   AGE
falco-wzww2                         0/1     CrashLoopBackOff   1          17s
podwithsa                           1/1     Running            23         47d
rams3sh@system:~/falco$  kubectl logs -f falco-wzww2
* Setting up /usr/src links from host
* Running falco-driver-loader for: falco version=0.28.1, driver version=5c0b863ddade7a45568c0ac97d037422c9efb750
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Trying to load a system falco module, if present
* Looking for a falco module locally (kernel 5.8.0-53-generic)
* Trying to download a prebuilt falco module from https://download.falco.org/driver/5c0b863ddade7a45568c0ac97d037422c9efb750/falco_ubuntu-generic_5.8.0-53-generic_60.ko
* Download succeeded
insmod: ERROR: could not insert module /root/.falco/falco_ubuntu-generic_5.8.0-53-generic_60.ko: Operation not permitted
Wed Jun  2 07:50:05 2021: Falco version 0.28.1 (driver version 5c0b863ddade7a45568c0ac97d037422c9efb750)
Wed Jun  2 07:50:05 2021: Falco initialized with configuration file /etc/falco/falco.yaml
Wed Jun  2 07:50:05 2021: Loading rules from file /etc/falco/falco_rules.yaml:
Wed Jun  2 07:50:05 2021: Loading rules from file /etc/falco/falco_rules.local.yaml:
Wed Jun  2 07:50:05 2021: Unable to load the driver.
Wed Jun  2 07:50:05 2021: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.

[johnvandeweghe]

falcosecurity/test-infra#416

[johnvandeweghe]

falcosecurity/test-infra#417

[pabloopez]

hi guys,

I get the same error installing with Helm in eks v1.18.16-eks-7737de:

helm repo add falcosecurity https://falcosecurity.github.io/charts
helm repo update
helm install falco \
  --namespace falco \
  --create-namespace \
  --set falcosidekick.enabled=true \
  --set falcosidekick.webui.enabled=true \
  --set falco.jsonOutput=true \
  --set falco.httpOutput.enabled=true \
  --set falco.httpOutput.url=http://falcosidekick:2801 \
  --set auditLog.enabled=true \
falcosecurity/falco

It was working fine last week following the same steps. Let me know if I can provide any more info or test something. Logs below:

---logs for pod falco-w6nkx---
* Setting up /usr/src links from host
* Running falco-driver-loader for: falco version=0.28.1, driver version=5c0b863ddade7a45568c0ac97d037422c9efb750
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Trying to load a system falco module, if present
* Looking for a falco module locally (kernel 4.14.232-176.381.amzn2.x86_64)
* Trying to download a prebuilt falco module from https://download.falco.org/driver/5c0b863ddade7a45568c0ac97d037422c9efb750/falco_amazonlinux2_4.14.232-176.381.amzn2.x86_64_1.ko
curl: (22) The requested URL returned error: 404 
Unable to find a prebuilt falco module
* Trying to dkms install falco module with GCC /usr/bin/gcc
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr/bin/gcc)
* Trying to dkms install falco module with GCC /usr/bin/gcc-8
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr/bin/gcc-8)
* Trying to dkms install falco module with GCC /usr/bin/gcc-6
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr/bin/gcc-6)
* Trying to dkms install falco module with GCC /usr/bin/gcc-5
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr/bin/gcc-5)
Consider compiling your own falco driver and loading it or getting in touch with the Falco community
Wed Jun  2 21:35:27 2021: Falco version 0.28.1 (driver version 5c0b863ddade7a45568c0ac97d037422c9efb750)
Wed Jun  2 21:35:27 2021: Falco initialized with configuration file /etc/falco/falco.yaml
Wed Jun  2 21:35:27 2021: Loading rules from file /etc/falco/falco_rules.yaml:
Wed Jun  2 21:35:27 2021: Loading rules from file /etc/falco/falco_rules.local.yaml:
Wed Jun  2 21:35:27 2021: Loading rules from file /etc/falco/k8s_audit_rules.yaml:
Wed Jun  2 21:35:27 2021: Unable to load the driver.
Wed Jun  2 21:35:27 2021: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.

[aditya-gurjar]

I'm facing an identical issue using eks 1.18 version and 0.28.1 falco image tag (Attached logs for reference)

* Setting up /usr/src links from host
* Running falco-driver-loader for: falco version=0.28.1-22+62c995f, driver version=13ec67ebd23417273275296813066e07cb85bc91
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Trying to load a system falco module, if present
* Looking for a falco module locally (kernel 4.14.232-176.381.amzn2.x86_64)
* Trying to download a prebuilt falco module from https://download.falco.org/driver/13ec67ebd23417273275296813066e07cb85bc91/falco_amazonlinux2_4.14.232-176.381.amzn2.x86_64_1.ko
curl: (22) The requested URL returned error: 404 
Unable to find a prebuilt falco module
* Trying to dkms install falco module with GCC /usr/bin/gcc
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/13ec67ebd23417273275296813066e07cb85bc91/build/make.log (with GCC /usr/bin/gcc)
* Trying to dkms install falco module with GCC /usr/bin/gcc-8
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/13ec67ebd23417273275296813066e07cb85bc91/build/make.log (with GCC /usr/bin/gcc-8)
* Trying to dkms install falco module with GCC /usr/bin/gcc-6
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/13ec67ebd23417273275296813066e07cb85bc91/build/make.log (with GCC /usr/bin/gcc-6)
* Trying to dkms install falco module with GCC /usr/bin/gcc-5
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/13ec67ebd23417273275296813066e07cb85bc91/build/make.log (with GCC /usr/bin/gcc-5)
Consider compiling your own falco driver and loading it or getting in touch with the Falco community
Thu Jun  3 11:34:14 2021: Falco version 0.28.1-22+62c995f (driver version 13ec67ebd23417273275296813066e07cb85bc91)
Thu Jun  3 11:34:14 2021: Falco initialized with configuration file /etc/falco/falco.yaml
Thu Jun  3 11:34:14 2021: Loading rules from file /etc/falco/falco_rules.yaml:
Thu Jun  3 11:34:15 2021: Loading rules from file /etc/falco/falco_rules.local.yaml:
Thu Jun  3 11:34:15 2021: Unable to load the driver.
Thu Jun  3 11:34:15 2021: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.

[sergeyshaykhullin]

Getting same error, k3s 1.21.2 + local-path-provisioner

It might be invalid url for driver...

* Trying to download a prebuilt falco module from https://download.falco.org/driver/17f5df52a7d9ed6bb12d3b1768460def8439936d/falco_debian_4.19.0-5-amd64_1.ko
curl: (22) The requested URL returned error: 404

* Setting up /usr/src links from host
* Running falco-driver-loader for: falco version=0.29.0, driver version=17f5df52a7d9ed6bb12d3b1768460def8439936d
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Trying to load a system falco module, if present
* Looking for a falco module locally (kernel 4.19.0-5-amd64)
* Trying to download a prebuilt falco module from https://download.falco.org/driver/17f5df52a7d9ed6bb12d3b1768460def8439936d/falco_debian_4.19.0-5-amd64_1.ko
curl: (22) The requested URL returned error: 404
Unable to find a prebuilt falco module
* Trying to dkms install falco module with GCC /usr/bin/gcc
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/17f5df52a7d9ed6bb12d3b1768460def8439936d/build/make.log (with GCC /usr/bin/gcc)
* Trying to dkms install falco module with GCC /usr/bin/gcc-8
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/17f5df52a7d9ed6bb12d3b1768460def8439936d/build/make.log (with GCC /usr/bin/gcc-8)
* Trying to dkms install falco module with GCC /usr/bin/gcc-6
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/17f5df52a7d9ed6bb12d3b1768460def8439936d/build/make.log (with GCC /usr/bin/gcc-6)
* Trying to dkms install falco module with GCC /usr/bin/gcc-5
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/17f5df52a7d9ed6bb12d3b1768460def8439936d/build/make.log (with GCC /usr/bin/gcc-5)
Consider compiling your own falco driver and loading it or getting in touch with the Falco community
2021-06-26T12:13:43+0000: Falco version 0.29.0 (driver version 17f5df52a7d9ed6bb12d3b1768460def8439936d)
2021-06-26T12:13:43+0000: Falco initialized with configuration file /etc/falco/falco.yaml
2021-06-26T12:13:43+0000: Loading rules from file /etc/falco/falco_rules.yaml:
2021-06-26T12:13:44+0000: Loading rules from file /etc/falco/falco_rules.local.yaml:
2021-06-26T12:13:44+0000: Loading rules from file /etc/falco/k8s_audit_rules.yaml:
2021-06-26T12:13:44+0000: Unable to load the driver.
2021-06-26T12:13:44+0000: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.

[sotoiwa]

If you can make changes to the host, I think you can install kernel headers on the host, and falco-driver-loader will build and install the kernel modules.

$ k -n falco logs falco-4xfzb
* Setting up /usr/src links from host
* Running falco-driver-loader for: falco version=0.29.1, driver version=17f5df52a7d9ed6bb12d3b1768460def8439936d
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Trying to load a system falco module, if present
* Looking for a falco module locally (kernel 5.4.129-62.227.amzn2.x86_64)
* Trying to download a prebuilt falco module from https://download.falco.org/driver/17f5df52a7d9ed6bb12d3b1768460def8439936d/falco_amazonlinux2_5.4.129-62.227.amzn2.x86_64_1.ko
curl: (22) The requested URL returned error: 404 
Unable to find a prebuilt falco module
* Trying to dkms install falco module with GCC /usr/bin/gcc
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"

Kernel preparation unnecessary for this kernel.  Skipping...

Building module:
cleaning build area...
'/tmp/falco-dkms-make'....
cleaning build area...

DKMS: build completed.

falco.ko:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/5.4.129-62.227.amzn2.x86_64/kernel/extra/

depmod....

DKMS: install completed.
* falco module installed in dkms, trying to insmod
* Success: falco module found and loaded in dkms
Tue Jul 20 23:21:29 2021: Falco version 0.29.1 (driver version 17f5df52a7d9ed6bb12d3b1768460def8439936d)
Tue Jul 20 23:21:29 2021: Falco initialized with configuration file /etc/falco/falco.yaml
Tue Jul 20 23:21:29 2021: Loading rules from file /etc/falco/falco_rules.yaml:
Tue Jul 20 23:21:30 2021: Loading rules from file /etc/falco/falco_rules.local.yaml:
Tue Jul 20 23:21:30 2021: Starting internal webserver, listening on port 8765

[phuongnq]

Do we have a schedule to update the driver link for AWS Linux kernel? In my case
I cannot see the following driver: https://download.falco.org/driver/17f5df52a7d9ed6bb12d3b1768460def8439936d/falco_amazonlinux2_5.4.129-63.229.amzn2.x86_64_1.ko

* Setting up /usr/src links from host
* Running falco-driver-loader for: falco version=0.29.1, driver version=17f5df52a7d9ed6bb12d3b1768460def8439936d
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Trying to load a system falco module, if present
* Looking for a falco module locally (kernel 5.4.129-63.229.amzn2.x86_64)
* Trying to download a prebuilt falco module from https://download.falco.org/driver/17f5df52a7d9ed6bb12d3b1768460def8439936d/falco_amazonlinux2_5.4.129-63.229.amzn2.x86_64_1.ko
curl: (22) The requested URL returned error: 404

[kav]

Seeing the same 404 on GKE for https://download.falco.org/driver/17f5df52a7d9ed6bb12d3b1768460def8439936d/falco_cos_5.4.89%2B_1.ko

Ah the answer for me is https://falco.org/docs/getting-started/third-party/production/#gke

[pnowy]

For GKE and helm chart what is needed is described here: https://github.com/falcosecurity/charts/tree/master/falco#using-falcosecuritydriver-loader-image-with-ebpf

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[frankgu968]

Any updates on this? We have deployed on EKS 1.20.4 and it is also throwing the 404 error because it cannot find the built driver modules.

[poiana]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

[poiana]

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community.
/close

[poiana]

@poiana: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[SznDevOps]

The same problem with eks control plane and nodes versions - v1.22.6-eks.
Tryed to reinstall falco with latest version, but it not help.

`$ k logs falco-z47ls -n falco
* Setting up /usr/src links from host
* Running falco-driver-loader for: falco version=0.31.1, driver version=b7eb0dd65226a8dc254d228c8d950d07bf3521d2
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Looking for a falco module locally (kernel 5.4.190-107.353.amzn2.x86_64)
* Trying to download a prebuilt falco module from https://download.falco.org/driver/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/falco_amazonlinux2_5.4.190-107.353.amzn2.x86_64_1.ko
curl: (22) The requested URL returned error: 404
Unable to find a prebuilt falco module
* Trying to dkms install falco module with GCC /usr/bin/gcc
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/make.log (with GCC /usr/bin/gcc)
* Trying to dkms install falco module with GCC /usr/bin/gcc-8
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/make.log (with GCC /usr/bin/gcc-8)
* Trying to dkms install falco module with GCC /usr/bin/gcc-6
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/make.log (with GCC /usr/bin/gcc-6)
* Trying to dkms install falco module with GCC /usr/bin/gcc-5
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/make.log (with GCC /usr/bin/gcc-5)
* Trying to load a system falco module, if present
Consider compiling your own falco driver and loading it or getting in touch with the Falco community
Fri May 27 13:27:56 2022: Falco version 0.31.1 (driver version b7eb0dd65226a8dc254d228c8d950d07bf3521d2)
Fri May 27 13:27:56 2022: Falco initialized with configuration file /etc/falco/falco.yaml
Fri May 27 13:27:56 2022: Loading rules from file /etc/falco/falco_rules.yaml:
Fri May 27 13:27:57 2022: Loading rules from file /etc/falco/falco_rules.local.yaml:
Fri May 27 13:27:57 2022: Unable to load the driver.
Fri May 27 13:27:57 2022: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.`