chore: polish conditional compilation flags for emscripten

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
2025-09-07 17:54:07 +00:00 · 2023-08-11 13:10:04 +00:00
parent aa62b65c70
commit 527c42c030
12 changed files with 35 additions and 38 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -108,7 +108,7 @@ endif()
 # explicitly set hardening flags
 set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 set(FALCO_SECURITY_FLAGS "")
-if(CMAKE_SYSTEM_NAME MATCHES "Linux")
+if(NOT EMSCRIPTEN)
  set(FALCO_SECURITY_FLAGS "${FALCO_SECURITY_FLAGS} -Wl,-z,relro,-z,now -fstack-protector-strong")
 endif()
 if(CMAKE_BUILD_TYPE STREQUAL "release")
@@ -175,7 +175,7 @@ include(b64)
 # yaml-cpp
 include(yaml-cpp)

-if(CMAKE_SYSTEM_NAME MATCHES "Linux" AND NOT MINIMAL_BUILD)
+if(NOT WIN32 AND NOT APPLE AND NOT MINIMAL_BUILD AND NOT EMSCRIPTEN)
  # OpenSSL
  include(openssl)

@@ -196,7 +196,7 @@ endif()

 if (NOT MINIMAL_BUILD)
  include(zlib)
-  if (CMAKE_SYSTEM_NAME MATCHES "Linux")
+  if (NOT WIN32 AND NOT APPLE AND NOT EMSCRIPTEN)
    include(cares)
    include(protobuf)
    # gRPC
@@ -232,11 +232,8 @@ add_subdirectory(scripts)
 add_subdirectory(userspace/engine)
 add_subdirectory(userspace/falco)

-if(CMAKE_SYSTEM_NAME MATCHES "Linux")
-  if(NOT MUSL_OPTIMIZED_BUILD)
+if(NOT WIN32 AND NOT APPLE AND NOT EMSCRIPTEN AND NOT MUSL_OPTIMIZED_BUILD)
  include(plugins)
-  endif()
-
  include(falcoctl)
 endif()

--- a/cmake/modules/CPackConfig.cmake
+++ b/cmake/modules/CPackConfig.cmake
@@ -21,8 +21,8 @@ set(CPACK_PACKAGE_VERSION_MAJOR "${FALCO_VERSION_MAJOR}")
 set(CPACK_PACKAGE_VERSION_MINOR "${FALCO_VERSION_MINOR}")
 set(CPACK_PACKAGE_VERSION_PATCH "${FALCO_VERSION_PATCH}")
 set(CPACK_PROJECT_CONFIG_FILE "${PROJECT_SOURCE_DIR}/cmake/cpack/CMakeCPackOptions.cmake")
-set(CPACK_PACKAGE_RELOCATABLE "OFF")
 set(CPACK_STRIP_FILES "ON")
+set(CPACK_PACKAGE_RELOCATABLE "OFF")
 if (EMSCRIPTEN)
  set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-wasm")
 else()
@@ -34,15 +34,14 @@ set(CPACK_INSTALL_CMAKE_PROJECTS
  "${CMAKE_CURRENT_BINARY_DIR};${FALCO_COMPONENT_NAME};${FALCO_COMPONENT_NAME};/" 
 )

-if(CMAKE_SYSTEM_NAME MATCHES "Linux")
+if(CMAKE_SYSTEM_NAME MATCHES "Linux") # only Linux has drivers
  list(APPEND CPACK_INSTALL_CMAKE_PROJECTS
    "${CMAKE_CURRENT_BINARY_DIR};${DRIVER_COMPONENT_NAME};${DRIVER_COMPONENT_NAME};/")
 endif()

-if(CMAKE_SYSTEM_NAME MATCHES "Linux" AND NOT MUSL_OPTIMIZED_BUILD) # static builds do not have plugins
+if(NOT WIN32 AND NOT APPLE AND NOT EMSCRIPTEN AND NOT MUSL_OPTIMIZED_BUILD) # static builds do not have plugins
  list(APPEND CPACK_INSTALL_CMAKE_PROJECTS
-    "${CMAKE_CURRENT_BINARY_DIR};${PLUGINS_COMPONENT_NAME};${PLUGINS_COMPONENT_NAME};/"
-  )
+    "${CMAKE_CURRENT_BINARY_DIR};${PLUGINS_COMPONENT_NAME};${PLUGINS_COMPONENT_NAME};/")
 endif()

 if(NOT CPACK_GENERATOR)
--- a/scripts/CMakeLists.txt
+++ b/scripts/CMakeLists.txt
@@ -41,13 +41,16 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
 	configure_file(rpm/postuninstall.in rpm/postuninstall COPYONLY)
 	configure_file(rpm/preuninstall.in rpm/preuninstall COPYONLY)

+	# driver loader
 	configure_file(falco-driver-loader falco-driver-loader @ONLY)
+	install(PROGRAMS ${PROJECT_BINARY_DIR}/scripts/falco-driver-loader
+		DESTINATION ${FALCO_BIN_DIR} COMPONENT "${FALCO_COMPONENT_NAME}")
+endif()
+
 # Install Falcoctl config file
+if (NOT WIN32 AND NOT APPLE AND NOT EMSCRIPTEN AND NOT MUSL_OPTIMIZED_BUILD)
 	if(NOT DEFINED FALCOCTL_ETC_DIR)
 		set(FALCOCTL_ETC_DIR "${CMAKE_INSTALL_FULL_SYSCONFDIR}/falcoctl")
 	endif()
 	install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/falcoctl/falcoctl.yaml DESTINATION "${FALCOCTL_ETC_DIR}" COMPONENT "${FALCO_COMPONENT_NAME}")
-
-	install(PROGRAMS ${PROJECT_BINARY_DIR}/scripts/falco-driver-loader
-		DESTINATION ${FALCO_BIN_DIR} COMPONENT "${FALCO_COMPONENT_NAME}")
 endif()
--- a/unit_tests/CMakeLists.txt
+++ b/unit_tests/CMakeLists.txt
@@ -74,5 +74,6 @@ add_dependencies(falco_unit_tests ${FALCO_UNIT_TESTS_DEPENDENCIES})
 if (EMSCRIPTEN)
 	target_compile_options(falco_unit_tests PRIVATE "-sDISABLE_EXCEPTION_CATCHING=0")
 	target_link_options(falco_unit_tests PRIVATE "-sDISABLE_EXCEPTION_CATCHING=0")
+  target_link_options(falco_unit_tests PRIVATE "-sALLOW_MEMORY_GROWTH=1")
 	target_link_options(falco_unit_tests PRIVATE "-sEXPORTED_FUNCTIONS=['_main','_htons','_ntohs']")
 endif()
--- a/userspace/engine/evttype_index_ruleset.cpp
+++ b/userspace/engine/evttype_index_ruleset.cpp
@@ -204,11 +204,7 @@ void evttype_index_ruleset::add(
 		wrap->filter = filter;
 		if(rule.source == falco_common::syscall_source)
 		{
-#ifdef __linux__
 			wrap->sc_codes = libsinsp::filter::ast::ppm_sc_codes(condition.get());
-#else
-			wrap->sc_codes = { };
-#endif
 			wrap->event_codes = libsinsp::filter::ast::ppm_event_codes(condition.get());
 		}
 		else
--- a/userspace/engine/falco_engine.cpp
+++ b/userspace/engine/falco_engine.cpp
@@ -769,10 +769,7 @@ void falco_engine::get_json_evt_types(libsinsp::filter::ast::expr* ast,
 {
 	output = Json::arrayValue;
 	auto evtcodes = libsinsp::filter::ast::ppm_event_codes(ast);
-	libsinsp::events::set<ppm_sc_code> syscodes;
-#ifdef __linux__
-	syscodes = libsinsp::filter::ast::ppm_sc_codes(ast);
-#endif
+	auto syscodes = libsinsp::filter::ast::ppm_sc_codes(ast);
 	auto syscodes_to_evt_names = libsinsp::events::sc_set_to_event_names(syscodes);
 	auto evtcodes_to_evt_names = libsinsp::events::event_set_to_names(evtcodes, false);
 	for (const auto& n : unordered_set_union(syscodes_to_evt_names, evtcodes_to_evt_names))
--- a/userspace/falco/app/actions/init_clients.cpp
+++ b/userspace/falco/app/actions/init_clients.cpp
@@ -21,7 +21,7 @@ using namespace falco::app::actions;

 falco::app::run_result falco::app::actions::init_clients(falco::app::state& s)
 {
-#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 	// k8s is useful only if the syscall source is enabled
 	if (s.is_capture_mode() || !s.is_source_enabled(falco_common::syscall_source))
 	{
--- a/userspace/falco/app/actions/start_grpc_server.cpp
+++ b/userspace/falco/app/actions/start_grpc_server.cpp
@@ -16,7 +16,7 @@ limitations under the License.

 #include "actions.h"

-#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 #include "grpc_server.h"
 #endif

@@ -25,7 +25,7 @@ using namespace falco::app::actions;

 falco::app::run_result falco::app::actions::start_grpc_server(falco::app::state& s)
 {
-#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 	// gRPC server
 	if(s.config->m_grpc_enabled)
 	{
@@ -56,7 +56,7 @@ falco::app::run_result falco::app::actions::start_grpc_server(falco::app::state&

 falco::app::run_result falco::app::actions::stop_grpc_server(falco::app::state& s)
 {
-#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 	if(s.config->m_grpc_enabled)
 	{
 		if (s.options.dry_run)
--- a/userspace/falco/app/actions/start_webserver.cpp
+++ b/userspace/falco/app/actions/start_webserver.cpp
@@ -16,7 +16,7 @@ limitations under the License.

 #include "actions.h"

-#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 #include "webserver.h"
 #endif

@@ -25,7 +25,7 @@ using namespace falco::app::actions;

 falco::app::run_result falco::app::actions::start_webserver(falco::app::state& s)
 {
-#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 	if(!s.is_capture_mode() && s.config->m_webserver_enabled)
 	{
 		if (s.options.dry_run)
@@ -55,7 +55,7 @@ falco::app::run_result falco::app::actions::start_webserver(falco::app::state& s

 falco::app::run_result falco::app::actions::stop_webserver(falco::app::state& s)
 {
-#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 	if(!s.is_capture_mode() && s.config->m_webserver_enabled)
 	{
 		if (s.options.dry_run)
--- a/userspace/falco/app/options.cpp
+++ b/userspace/falco/app/options.cpp
@@ -181,9 +181,11 @@ void options::define(cxxopts::Options& opts)
 #endif
 		("A",                             "Monitor all events supported by Falco defined in rules and configs. Please use the -i option to list the events ignored by default without -A. This option affects live captures only. Setting -A can impact performance.", cxxopts::value(all_events)->default_value("false"))
 		("b,print-base64",                "Print data buffers in base64. This is useful for encoding binary data that needs to be used over media designed to consume this format.")
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 		("cri",                           "Path to CRI socket for container metadata. Use the specified socket to fetch data from a CRI-compatible runtime. If not specified, uses the libs default. This option can be passed multiple times to specify socket to be tried until a successful one is found.", cxxopts::value(cri_socket_paths), "<path>")
 		("d,daemon",                      "Run as a daemon.", cxxopts::value(daemon)->default_value("false"))
 		("disable-cri-async",             "Disable asynchronous CRI metadata fetching. This is useful to let the input event wait for the container metadata fetch to finish before moving forward. Async fetching, in some environments leads to empty fields for container metadata when the fetch is not fast enough to be completed asynchronously. This can have a performance penalty on your environment depending on the number of containers and the frequency at which they are created/started/stopped.", cxxopts::value(disable_cri_async)->default_value("false"))
+#endif
 		("disable-source",                "Disable a specific event source. By default, all loaded sources get enabled. Available sources are 'syscall' and all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times. This has no offect when reading events from a trace file. Can not disable all event sources. Can not be mixed with --enable-source.", cxxopts::value(disable_sources), "<event_source>")
 		("dry-run",                       "Run Falco without proceesing events. Can be useful for checking that the configuration and rules do not have any errors.", cxxopts::value(dry_run)->default_value("false"))
 		("D",                             "Disable any rules with names having the substring <substring>. This option can be passed multiple times. Can not be mixed with -t.", cxxopts::value(disabled_rule_substrings), "<substring>")
@@ -198,7 +200,7 @@ void options::define(cxxopts::Options& opts)
 		("modern-bpf",				  "Use BPF modern probe driver to instrument the kernel.", cxxopts::value(modern_bpf)->default_value("false"))
 #endif
 		("i",                             "Print all high volume syscalls that are ignored by default for performance reasons (i.e. without the -A flag) and exit.", cxxopts::value(print_ignored_events)->default_value("false"))
-#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 		("k,k8s-api",                     "Enable Kubernetes support by connecting to the API server specified as argument. E.g. \"http://admin:password@127.0.0.1:8080\". The API server can also be specified via the environment variable FALCO_K8S_API.", cxxopts::value(k8s_api), "<url>")
 		("K,k8s-api-cert",                "Use the provided files names to authenticate user and (optionally) verify the K8S API server identity. Each entry must specify full (absolute, or relative to the current directory) path to the respective file. Private key password is optional (needed only if key is password protected). CA certificate is optional. For all files, only PEM file format is supported. Specifying CA certificate only is obsoleted - when single entry is provided for this option, it will be interpreted as the name of a file containing bearer token. Note that the format of this command-line option prohibits use of files whose names contain ':' or '#' characters in the file name.", cxxopts::value(k8s_api_cert), "(<bt_file> | <cert_file>:<key_file[#password]>[:<ca_cert_file>])")
 		("k8s-node",                      "The node name will be used as a filter when requesting metadata of pods to the API server. Usually, this should be set to the current node on which Falco is running. If empty, no filter is set, which may have a performance penalty on large clusters.", cxxopts::value(k8s_node_name), "<node_name>")
@@ -224,7 +226,9 @@ void options::define(cxxopts::Options& opts)
 		("T",                             "Disable any rules with a tag=<tag>. This option can be passed multiple times. Can not be mized with -t", cxxopts::value<std::vector<std::string>>(), "<tag>")
 		("t",                             "Only run those rules with a tag=<tag>. This option can be passed multiple times. Can not be mixed with -T/-D.", cxxopts::value<std::vector<std::string>>(), "<tag>")
 		("U,unbuffered",                  "Turn off output buffering to configured outputs. This causes every single line emitted by falco to be flushed which generates higher CPU usage but is useful when piping those outputs into another process or into a script.", cxxopts::value(unbuffered_outputs)->default_value("false"))
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 		("u,userspace",                   "Parse events from userspace. To be used in conjunction with the ptrace(2) based driver (pdig)", cxxopts::value(userspace)->default_value("false"))
+#endif
 		("V,validate",                    "Read the contents of the specified rules(s) file and exit. This option can be passed multiple times to validate multiple files.", cxxopts::value(validate_rules_filenames), "<rules_file>")
 		("v",                             "Verbose output.", cxxopts::value(verbose)->default_value("false"))
 		("version",                       "Print version number.", cxxopts::value(print_version_info)->default_value("false"))
--- a/userspace/falco/app/state.h
+++ b/userspace/falco/app/state.h
@@ -22,7 +22,7 @@ limitations under the License.
 #include "restart_handler.h"
 #include "../configuration.h"
 #include "../stats_writer.h"
-#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 #include "../grpc_server.h"
 #include "../webserver.h"
 #endif
@@ -137,7 +137,7 @@ struct state
    // Helper responsible for watching of handling hot application restarts
    std::shared_ptr<restart_handler> restarter;

-#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
    falco::grpc::server grpc_server;
    std::thread grpc_server_thread;

--- a/userspace/falco/falco_outputs.cpp
+++ b/userspace/falco/falco_outputs.cpp
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 #include <google/protobuf/util/time_util.h>
 #endif

@@ -30,7 +30,7 @@ limitations under the License.
 #include "outputs_program.h"
 #include "outputs_stdout.h"
 #include "outputs_syslog.h"
-#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 #include "outputs_http.h"
 #include "outputs_grpc.h"
 #endif
@@ -101,7 +101,7 @@ void falco_outputs::add_output(falco::outputs::config oc)
 	{
 		oo = new falco::outputs::output_syslog();
 	}
-#if !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__)
+#if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD)
 	else if(oc.name == "http")
 	{
 		oo = new falco::outputs::output_http();