当我这样做时,我试图在 ECS 中运行 docker 容器,但出现以下错误。任务定义https://github.com/sysdiglabs/falco-aws-firelens-integration/blob/master/ecs/falco/task-definition.json但对其进行了修改以采用最新的"image": "falcosecurity/falco:latest"
我什至尝试登录实例并运行 docker 命令
docker run -i -t --name falco --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro falcosecurity/falco:latest
我去同样的错误。
Status: Downloaded newer image for falcosecurity/falco:latest
* Setting up /usr/src links from host
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Trying to dkms install falco module
* Running dkms build failed, couldn't find /var/lib/dkms/falco/96bd9bc560f67742738eb7255aeb4d03046b8045/build/make.log
* Trying to load a system falco driver, if present
* Trying to find locally a prebuilt falco module for kernel 4.14.173-137.229.amzn2.x86_64, if present
Detected an unsupported target system, please get in touch with the Falco community
2020-05-29T17:27:28+0000: Falco initialized with configuration file /etc/falco/falco.yaml
2020-05-29T17:27:28+0000: Loading rules from file /etc/falco/falco_rules.yaml:
2020-05-29T17:27:28+0000: Loading rules from file /etc/falco/falco_rules.local.yaml:
2020-05-29T17:27:28+0000: Loading rules from file /etc/falco/k8s_audit_rules.yaml:
2020-05-29T17:27:29+0000: Unable to load the driver. Exiting.
2020-05-29T17:27:29+0000: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.
操作系统详情
[ec2-user@ip-172-xxxx-xxx-xxx ~]$ cat /etc/system-release
Amazon Linux release 2 (Karoo)
[ec2-user@ip-172-xxxx-xxx-xxx ~]$ cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"