-
Notifications
You must be signed in to change notification settings - Fork 902
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERROR: Error: Initialization issues during scap_init
#3323
Comments
Hi! Thanks for reporting this issue; i don't have an answer, this seems really weird; since at every restart Falco is using the same driver (ie: modern ebpf one in this case), perhaps it is a timing issue with something else on the system? /milestone 0.40.0 |
@FedeDP FYI I removed the
|
IMO we should enable a more verbose log |
I encountered the same issue in a similar environment, and switching to eBPF mode instead of modern_eBPF was the only solution that helped. I tried enabling debug logs, but they didn’t provide any insight. Additionally, it’s worth noting that in an EKS cluster with 4 nodes, only 1 node failed to start Falco in modern_eBPF mode (although the kernel version is the same on all nodes) |
Seeing a very similar behavior here:
This is a very vanilla helm installation with the following values: customRules:
rules-override.yaml: |-
- macro: user_known_contact_k8s_api_server_activities
condition: |-
container.image.repository = registry.k8s.io/node-problem-detector/node-problem-detector
or
proc.name startswith node-problem-de
or
container.image.repository = ghcr.io/roobre/ktemplate
or
container.image.repository = ghcr.io/k8up-io/k8up
or
container.name startswith k8up
override:
condition: replace
- macro: user_known_stand_streams_redirect_activities
condition: |-
container.image.repository = ghcr.io/fluxcd/kustomize-controller
or
(container.name startswith crocochrome and proc.name = chromium)
override:
condition: replace
- macro: known_drop_and_execute_activities
condition: |-
(container.image.repository = ghcr.io/flaresolverr/flaresolverr and proc.name = chromedriver)
override:
condition: replace
- macro: user_read_sensitive_file_containers
condition: |-
container.id = host
override:
condition: replace
- list: user_known_packet_socket_binaries
items:
- speaker # metallb
- bfdd # also metallb
override:
items: append
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: null
memory: 512Mi
falcosidekick:
enabled: true
replicaCount: 1
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
memory: 64Mi
config:
existingSecret: creds Using the default image shipped in the chart dependencies:
- name: falco
repository: https://falcosecurity.github.io/charts
version: 4.11.1
Also attaching |
Describe the bug
After the POD restarted 8 times it worked.
ERROR:
Error: Initialization issues during scap_init
Just Install it, details are below.
Expected behaviour
it should not need to restart to able to work
Screenshots
Environment
Falco version: 0.38.2 (x86_64)
Linux version 5.10.223-212.873.amzn2.x86_64 (mockbuild@ip-10-0-60-177) (gcc10-gcc (GCC) 10.5.0 20230707 (Red Hat 10.5.0-1), GNU ld version 2.35.2-9.amzn2.0.1) Digwatch compiler #1 SMP Wed Aug 7 16:53:32 UTC 2024
AWS Linux 2
5.10
EKS 1.29
values.yaml
->Additional context
I saw many other folks reporting this here, but it's not clear why this happened and how to fix it if there is a fix.
The text was updated successfully, but these errors were encountered: