new(userspace/falco): allow entirely disabling plugin hostinfo support.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2025-08-27 10:28:54 +00:00 · 2024-11-22 09:23:59 +01:00 · 2024-11-22 09:23:59 +01:00 · 211eea6abb
commit 211eea6abb
parent 9f29444b17
5 changed files with 20 additions and 3 deletions
--- a/falco.yaml
+++ b/falco.yaml
@ -480,6 +480,10 @@ plugins:
  - name: json
    library_path: libjson.so

+# Uncomment to disable host info support for source plugins
+# that DO NOT generate raw events from the libscap event table,
+# dropping the `hostPath` volume requirement for them.
+# plugins_hostinfo: false

 ##########################
 # Falco outputs settings #
--- a/userspace/falco/app/actions/helpers_inspector.cpp
+++ b/userspace/falco/app/actions/helpers_inspector.cpp
@ -61,9 +61,15 @@ falco::app::run_result falco::app::actions::open_live_inspector(falco::app::stat
 					falco_logger::log(
 					        falco_logger::level::INFO,
 					        "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
+					if(s.config->m_plugins_hostinfo) {
 						inspector->open_plugin(cfg->m_name,
 						                       cfg->m_open_params,
 						                       sinsp_plugin_platform::SINSP_PLATFORM_HOSTINFO);
+					} else {
+						inspector->open_plugin(cfg->m_name,
+						                       cfg->m_open_params,
+						                       sinsp_plugin_platform::SINSP_PLATFORM_GENERIC);
+					}
 					return run_result::ok();
 				}
 			}
--- a/userspace/falco/config_json_schema.h
+++ b/userspace/falco/config_json_schema.h
@ -44,6 +44,9 @@ const char config_schema_string[] = LONG_STRING_CONST(
                "watch_config_files": {
                    "type": "boolean"
                },
+                "plugins_hostinfo": {
+                    "type": "boolean"
+                },
                "rules_files": {
                    "type": "array",
                    "items": {
--- a/userspace/falco/configuration.cpp
+++ b/userspace/falco/configuration.cpp
@ -96,6 +96,7 @@ falco_configuration::falco_configuration():
        m_metrics_flags(0),
        m_metrics_convert_memory_to_mb(true),
        m_metrics_include_empty_values(false),
+        m_plugins_hostinfo(true),
        m_container_engines_mask(0),
        m_container_engines_disable_cri_async(false),
        m_container_engines_cri_socket_paths({"/run/containerd/containerd.sock",
@ -616,6 +617,8 @@ void falco_configuration::load_yaml(const std::string &config_name) {
 	m_metrics_include_empty_values =
 	        m_config.get_scalar<bool>("metrics.include_empty_values", false);

+	m_plugins_hostinfo = m_config.get_scalar<bool>("plugins_hostinfo", true);
+
 	m_config.get_sequence<std::vector<rule_selection_config>>(m_rules_selection, "rules");
 	m_config.get_sequence<std::vector<append_output_config>>(m_append_output, "append_output");

--- a/userspace/falco/configuration.h
+++ b/userspace/falco/configuration.h
@ -193,6 +193,7 @@ public:
 	bool m_metrics_convert_memory_to_mb;
 	bool m_metrics_include_empty_values;
 	std::vector<plugin_config> m_plugins;
+	bool m_plugins_hostinfo;

 	// container engines
 	uint64_t m_container_engines_mask;