Falco Container Plugin fails to load/not included in the image
Summary
I am deploying falco:0.43.1 with the upstream helm chart and I am running into the following error:
Mon Sep 22 17:33:16 2025: Runtime error: cannot load plugin /usr/share/falco/plugins/libcontainer.so: can't load plugin dynamic library: /usr/share/falco/plugins/libcontainer.so: cannot open shared object file: No such file or directory. Exiting.It would be helpful if we could get this added into this image as it is included in the upstream image by default.
Steps to reproduce
With the following values.yaml:
image:
registry: registry1.dso.mil
repository: ironbank/opensource/falcosecurity/falco
tag: 0.41.3
pullPolicy: IfNotPresentrun:
helm install falco falcosecurity/falco \
--create-namespace \
--namespace falco --values values.yamlWhat is the current bug behavior?
Falco pod fails to come up:
falco Mon Sep 22 20:09:20 2025: System info: Linux version 6.10.14-linuxkit (root@buildkitsandbox) (gcc (Alpine 13.2.1_git20240309) 13.2.1 20240309, GNU ld (GNU Binutils) 2.42) #1 SMP Wed Sep 3 15:35:15 UTC 2025
falco Mon Sep 22 20:09:20 2025: Loading plugin 'container' from file /usr/share/falco/plugins/libcontainer.so
falco Mon Sep 22 20:09:20 2025: Runtime error: cannot load plugin /usr/share/falco/plugins/libcontainer.so: can't load plugin dynamic library: /usr/share/falco/plugins/libcontainer.so: cannot open shared object file: No such file or directory. Exiting. What is the expected correct behavior?
Falco pod should come up successfully.
Possible fixes
This is usually baked into the falco upstream image and should be included in this build. I was able to fix the Dockerfile locally by adding in the following line to the Dockerfile:
COPY --from=upstream /usr/share/falco/ /usr/share/falco/Tasks
-
Bug has been identified and corrected within the container
Please read the Iron Bank Documentation for more info