mirror of
https://github.com/falcosecurity/falco.git
synced 2025-06-28 15:47:25 +00:00
fix(build): properly configure a binary_dir falco.yaml.
It automatically enables container plugin from the binary_dir located one. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro
poiana
parent
6811ce6153
commit
258d13a472
@ -268,6 +268,21 @@ if(NOT WIN32
|
||||
)
|
||||
include(falcoctl)
|
||||
include(container_plugin)
|
||||
|
||||
# Generate a binary_dir/falco.yaml that automatically enables the plugin to be used for local
|
||||
# testing.
|
||||
configure_file(${CMAKE_SOURCE_DIR}/falco.yaml ${CMAKE_BINARY_DIR} COPYONLY)
|
||||
# The custom target configures the plugin and set its path
|
||||
add_custom_target(
|
||||
container
|
||||
COMMAND sed -i 's,^load_plugins: .*,load_plugins: [container],g'
|
||||
${CMAKE_BINARY_DIR}/falco.yaml
|
||||
COMMAND sed -i 's,libcontainer.so,${CONTAINER_LIBRARY},g' ${CMAKE_BINARY_DIR}/falco.yaml
|
||||
DEPENDS container_plugin
|
||||
)
|
||||
# Let `make falco` also download container plugin
|
||||
add_dependencies(falco container)
|
||||
|
||||
# Install the plugin
|
||||
install(
|
||||
FILES "${CONTAINER_LIBRARY}"
|
||||
|
||||
@ -436,7 +436,7 @@ engine:
|
||||
# Falco plugins enable integration with other services in your ecosystem.
|
||||
# They allow Falco to extend its functionality and leverage data sources such as
|
||||
# Kubernetes audit logs or AWS CloudTrail logs. This enables Falco to perform
|
||||
# fast on-host detections beyond syscalls and container events. The plugin
|
||||
# fast on-host detections beyond syscalls. The plugin
|
||||
# system will continue to evolve with more specialized functionality in future
|
||||
# releases.
|
||||
#
|
||||
@ -448,7 +448,7 @@ engine:
|
||||
# Please note that if your intention is to enrich Falco syscall logs with fields
|
||||
# such as `k8s.ns.name`, `k8s.pod.name`, and `k8s.pod.*`, you do not need to use
|
||||
# the `k8saudit` plugin. This information is automatically extracted from
|
||||
# the container runtime socket. The `k8saudit` plugin is specifically designed
|
||||
# the container runtime socket by the 'container' plugin. The `k8saudit` plugin is specifically designed
|
||||
# to integrate with Kubernetes audit logs and is not required for basic enrichment
|
||||
# of syscall logs with Kubernetes-related fields.
|
||||
#
|
||||
@ -1119,7 +1119,6 @@ syscall_event_drops:
|
||||
# `state_counters_enabled`: Emit counters related to Falco's state engine, including
|
||||
# added, removed threads or file descriptors (fds), and failed lookup, store, or
|
||||
# retrieve actions in relation to Falco's underlying process cache table (threadtable).
|
||||
# We also log the number of currently cached containers if applicable.
|
||||
#
|
||||
# `kernel_event_counters_enabled`: Emit kernel side event and drop counters, as
|
||||
# an alternative to `syscall_event_drops`, but with some differences. These
|
||||
|
||||
Loading…
Reference in New Issue
Block a user