github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-18 16:07:21 +00:00
Code Issues Projects Releases Wiki Activity

chore(userspace): small round of review-induced fixes.

Browse Source 
Also, properly warn the user that deprecated CLI options will be ignored
when the new `engine` configuration key is in use.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro
2023-11-23 15:56:38 +01:00
committed by poiana
parent b92e0d6134
commit 0368de5229
3 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
falco.yaml
View File

@@ -318,7 +318,7 @@ engine:
drop_failed_exit: false
ebpf:
# path to the elf file to load.
probe: /path/to/probe.o
probe: /root/.falco/falco-bpf.o
buf_size_preset: 4
drop_failed_exit: false
modern-ebpf:
@@ -326,12 +326,12 @@ engine:
buf_size_preset: 4
drop_failed_exit: false
replay:
# path to the capture file to replay.
capture_file: /path/to/file.scap
# path to the capture file to replay (eg: /path/to/file.scap)
capture_file: ""
gvisor:
# A Falco-compatible configuration file can be generated with
# '--gvisor-generate-config' and utilized for both runsc and Falco.
config: /path/to/gvisor_config.yaml
config: ""
# Set gVisor root directory for storage of container state when used
# in conjunction with 'gvisor.config'. The 'gvisor.root' to be passed
# is the one usually passed to 'runsc --root' flag.

2
userspace/falco/app/actions/helpers_inspector.cpp
View File

@@ -36,7 +36,7 @@ falco::app::run_result falco::app::actions::open_offline_inspector(falco::app::s
try
{
s.offline_inspector->open_savefile(s.config->m_replay.m_capture_file);
falco_logger::log(falco_logger::level::INFO, "Reading system call events from file: " + s.config->m_replay.m_capture_file + "\n");
falco_logger::log(falco_logger::level::INFO, "Replaying events from the capture file: " + s.config->m_replay.m_capture_file + "\n");
return run_result::ok();
}
catch (sinsp_exception &e)

11
userspace/falco/app/actions/load_config.cpp
View File

@@ -33,6 +33,9 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s)
// at least one change in the default config we don't allow to use the command line options.
if(s.config->m_changes_in_engine_config)
{
falco_logger::log(falco_logger::level::WARNING,
"Since the new 'engine' config key is being used, deprecated CLI options "
"[-e,-g,--gvisor-config,--nodriver,--modern-bpf] and FALCO_BPF_PROBE environment variable will be ignored.\n");
return run_result::ok();
}
@@ -54,7 +57,7 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s)
}
else if (s.options.modern_bpf)
{
falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--modern-bpf' cmdline option is deprecated and will be removed in Falco 0.38!\n");
falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--modern-bpf' command line option is deprecated and will be removed in Falco 0.38!\n");
s.config->m_engine_mode = engine_kind_t::MODERN_EBPF;
s.config->m_modern_ebpf.m_drop_failed_exit = s.config->m_syscall_drop_failed_exit;
s.config->m_modern_ebpf.m_buf_size_preset = s.config->m_syscall_buf_size_preset;
@@ -62,19 +65,19 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s)
}
if (!s.options.gvisor_config.empty())
{
falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-g,--gvisor-config' cmdline option is deprecated and will be removed in Falco 0.38!\n");
falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-g,--gvisor-config' command line option is deprecated and will be removed in Falco 0.38!\n");
s.config->m_engine_mode = engine_kind_t::GVISOR;
s.config->m_gvisor.m_config = s.options.gvisor_config;
s.config->m_gvisor.m_root = s.options.gvisor_root;
}
if (s.options.nodriver)
{
falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--nodriver' cmdline option is deprecated and will be removed in Falco 0.38!\n");
falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--nodriver' command line option is deprecated and will be removed in Falco 0.38!\n");
s.config->m_engine_mode = engine_kind_t::NONE;
}
if (!s.options.capture_file.empty())
{
falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-e' cmdline option is deprecated and will be removed in Falco 0.38!\n");
falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-e' command line option is deprecated and will be removed in Falco 0.38!\n");
s.config->m_engine_mode = engine_kind_t::REPLAY;
s.config->m_replay.m_capture_file = s.options.capture_file;
}