驅動程式 - Linux Device Driver(LDD) - Falco - 如何載入Modern BPF Driver



步驟如下:

# systemctl restart falco-modern-bpf.service
# systemctl status falco-modern-bpf.service
    ● falco-modern-bpf.service - Falco: Container Native Runtime Security with modern ebpf
         Loaded: loaded (/lib/systemd/system/falco-modern-bpf.service; enabled; vendor preset: enabled)
         Active: active (running) since Wed 2023-08-16 02:37:37 PDT; 1s ago
           Docs: https://falco.org/docs/
       Main PID: 4545 (falco)
          Tasks: 5 (limit: 4617)
         Memory: 12.2M
         CGroup: /system.slice/falco-modern-bpf.service
                 └─4545 /usr/bin/falco --pidfile=/var/run/falco.pid --modern-bpf

P.S. 啟動該service前,必須先確定falco driver已經載入成功(/dev/falco0)