github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-27 18:40:22 +00:00
Code Issues Projects Releases Wiki Activity

new(userspace/falco): allow entirely disabling plugin hostinfo support.

Browse Source 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro 2024-11-22 09:23:59 +01:00 committed by poiana
parent 9f29444b17
commit 211eea6abb
5 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
falco.yaml
View File

@ -480,6 +480,10 @@ plugins:
- name: json - name: json
library_path: libjson.so library_path: libjson.so
# Uncomment to disable host info support for source plugins
# that DO NOT generate raw events from the libscap event table,
# dropping the `hostPath` volume requirement for them.
# plugins_hostinfo: false
########################## ##########################
# Falco outputs settings # # Falco outputs settings #

6
userspace/falco/app/actions/helpers_inspector.cpp
View File

@ -61,9 +61,15 @@ falco::app::run_result falco::app::actions::open_live_inspector(falco::app::stat
falco_logger::log( falco_logger::log(
falco_logger::level::INFO, falco_logger::level::INFO,
"Opening '" + source + "' source with plugin '" + cfg->m_name + "'"); "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
if(s.config->m_plugins_hostinfo) {
inspector->open_plugin(cfg->m_name, inspector->open_plugin(cfg->m_name,
cfg->m_open_params, cfg->m_open_params,
sinsp_plugin_platform::SINSP_PLATFORM_HOSTINFO); sinsp_plugin_platform::SINSP_PLATFORM_HOSTINFO);
} else {
inspector->open_plugin(cfg->m_name,
cfg->m_open_params,
sinsp_plugin_platform::SINSP_PLATFORM_GENERIC);
}
return run_result::ok(); return run_result::ok();
} }
} }

3
userspace/falco/config_json_schema.h
View File

@ -44,6 +44,9 @@ const char config_schema_string[] = LONG_STRING_CONST(
"watch_config_files": { "watch_config_files": {
"type": "boolean" "type": "boolean"
}, },
"plugins_hostinfo": {
"type": "boolean"
},
"rules_files": { "rules_files": {
"type": "array", "type": "array",
"items": { "items": {

3
userspace/falco/configuration.cpp
View File

@ -96,6 +96,7 @@ falco_configuration::falco_configuration():
m_metrics_flags(0), m_metrics_flags(0),
m_metrics_convert_memory_to_mb(true), m_metrics_convert_memory_to_mb(true),
m_metrics_include_empty_values(false), m_metrics_include_empty_values(false),
m_plugins_hostinfo(true),
m_container_engines_mask(0), m_container_engines_mask(0),
m_container_engines_disable_cri_async(false), m_container_engines_disable_cri_async(false),
m_container_engines_cri_socket_paths({"/run/containerd/containerd.sock", m_container_engines_cri_socket_paths({"/run/containerd/containerd.sock",
@ -616,6 +617,8 @@ void falco_configuration::load_yaml(const std::string &config_name) {
m_metrics_include_empty_values = m_metrics_include_empty_values =
m_config.get_scalar<bool>("metrics.include_empty_values", false); m_config.get_scalar<bool>("metrics.include_empty_values", false);
m_plugins_hostinfo = m_config.get_scalar<bool>("plugins_hostinfo", true);
m_config.get_sequence<std::vector<rule_selection_config>>(m_rules_selection, "rules"); m_config.get_sequence<std::vector<rule_selection_config>>(m_rules_selection, "rules");
m_config.get_sequence<std::vector<append_output_config>>(m_append_output, "append_output"); m_config.get_sequence<std::vector<append_output_config>>(m_append_output, "append_output");

1
userspace/falco/configuration.h
View File

@ -193,6 +193,7 @@ public:
bool m_metrics_convert_memory_to_mb; bool m_metrics_convert_memory_to_mb;
bool m_metrics_include_empty_values; bool m_metrics_include_empty_values;
std::vector<plugin_config> m_plugins; std::vector<plugin_config> m_plugins;
bool m_plugins_hostinfo;
// container engines // container engines
uint64_t m_container_engines_mask; uint64_t m_container_engines_mask;