github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-09 10:39:28 +00:00
Code Issues Projects Releases Wiki Activity

new: add some deprecation warnings

Browse Source 
Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
This commit is contained in:
Andrea Terzolo
2023-11-23 19:14:24 +01:00
committed by poiana
parent 715db9ddb4
commit 249ccf2f4b
2 changed files with 52 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
userspace/falco/app/actions/load_config.cpp
View File

@@ -29,18 +29,69 @@ using namespace falco::app::actions;
// applies legacy/in-deprecation options to the current state // applies legacy/in-deprecation options to the current state
static falco::app::run_result apply_deprecated_options(falco::app::state& s) static falco::app::run_result apply_deprecated_options(falco::app::state& s)
{ {
// Check that at most one command line option is provided
int open_modes = 0;
open_modes += !s.options.capture_file.empty();
open_modes += !s.options.gvisor_config.empty();
open_modes += s.options.modern_bpf;
open_modes += getenv(FALCO_BPF_ENV_VARIABLE) != NULL;
open_modes += s.options.nodriver;
if(open_modes > 1)
{
return run_result::fatal("You can not specify more than one of -e, -g (--gvisor-config), --modern-bpf, --nodriver, and the FALCO_BPF_PROBE env var");
}
// Please note: is not possible to mix command line options and configs to obtain a configuration // Please note: is not possible to mix command line options and configs to obtain a configuration
// we need to use only one method. For example, is not possible to set the gvisor-config through // we need to use only one method. For example, is not possible to set the gvisor-config through
// the command line and the gvisor-root through the config file. For this reason, if we detect // the command line and the gvisor-root through the config file. For this reason, if we detect
// at least one change in the default config we don't allow to use the command line options. // at least one change in the default config we don't allow to use the command line options.
if(s.config->m_changes_in_engine_config) if(s.config->m_changes_in_engine_config)
{ {
falco_logger::log(falco_logger::level::WARNING, // If a command line option is specified, print a warning because it will be ignored
if(open_modes == 1)
{
falco_logger::log(falco_logger::level::WARNING,
"Since the new 'engine' config key is being used, deprecated CLI options " "Since the new 'engine' config key is being used, deprecated CLI options "
"[-e,-g,--gvisor-config,--nodriver,--modern-bpf] and FALCO_BPF_PROBE environment variable will be ignored.\n"); "[-e,-g,--gvisor-config,--nodriver,--modern-bpf] and FALCO_BPF_PROBE environment variable will be ignored.\n");
}
// If these configs are specified, print a warning because they will be ignored
if(s.config->m_syscall_drop_failed_exit != DEFAULT_DROP_FAILED_EXIT)
{
falco_logger::log(falco_logger::level::WARNING,
"Since the new 'engine' config key is being used, deprecated config 'syscall_drop_failed_exit' will be ignored.\n");
}
if(s.config->m_syscall_buf_size_preset != DEFAULT_BUF_SIZE_PRESET)
{
falco_logger::log(falco_logger::level::WARNING,
"Since the new 'engine' config key is being used, deprecated config 'syscall_buf_size_preset' will be ignored.\n");
}
if(s.config->m_cpus_for_each_syscall_buffer != DEFAULT_CPUS_FOR_EACH_SYSCALL_BUFFER)
{
falco_logger::log(falco_logger::level::WARNING,
"Since the new 'engine' config key is being used, deprecated config 'modern_bpf.cpus_for_each_syscall_buffer' will be ignored.\n");
}
return run_result::ok(); return run_result::ok();
} }
// These warnings are similar to the ones above, but in this case, the configs are not ignored
// they are just deprecated
if(s.config->m_syscall_drop_failed_exit != DEFAULT_DROP_FAILED_EXIT)
{
falco_logger::log(falco_logger::level::WARNING,
"DEPRECATION NOTICE: 'syscall_drop_failed_exit' config is deprecated and will be removed in Falco 0.38! Use `engine.<driver>.drop_failed_exit' config instead\n");
}
if(s.config->m_syscall_buf_size_preset != DEFAULT_BUF_SIZE_PRESET)
{
falco_logger::log(falco_logger::level::WARNING,
"DEPRECATION NOTICE: 'syscall_buf_size_preset' config is deprecated and will be removed in Falco 0.38! Use `engine.<driver>.buf_size_preset' config instead\n");
}
if(s.config->m_cpus_for_each_syscall_buffer != DEFAULT_CPUS_FOR_EACH_SYSCALL_BUFFER)
{
falco_logger::log(falco_logger::level::WARNING,
"DEPRECATION NOTICE: 'modern_bpf.cpus_for_each_syscall_buffer' config is deprecated and will be removed in Falco 0.38! Use `engine.modern-ebpf.cpus_for_each_buffer' config instead\n");
}
// Replace the kmod default values in case the engine was open with the kmod. // Replace the kmod default values in case the engine was open with the kmod.
// We don't have a command line option to open the kmod so we have to always enforce the // We don't have a command line option to open the kmod so we have to always enforce the
// default values. // default values.

13
userspace/falco/app/options.cpp
View File

@@ -142,19 +142,6 @@ bool options::parse(int argc, char **argv, std::string &errstr)
list_fields = m_cmdline_parsed.count("list") > 0; list_fields = m_cmdline_parsed.count("list") > 0;
// TODO: remove for Falco 0.38 since these CLI options are deprecated.
int open_modes = 0;
open_modes += !capture_file.empty();
open_modes += !gvisor_config.empty();
open_modes += modern_bpf;
open_modes += getenv("FALCO_BPF_PROBE") != NULL;
open_modes += nodriver;
if (open_modes > 1)
{
errstr = std::string("You can not specify more than one of -e, -g (--gvisor-config), --modern-bpf, --nodriver, and the FALCO_BPF_PROBE env var");
return false;
}
return true; return true;
} }