From 68f937f5e86758d9344ec33d78e346d0ce0adea6 Mon Sep 17 00:00:00 2001
From: Leonardo Grasso <me@leonardograsso.com>
Date: Mon, 24 Aug 2020 14:32:08 +0200
Subject: [PATCH] build: disallow k8s audit trace file when minimal build

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
---
 userspace/falco/falco.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp
index 01467a3b..c73b0da7 100644
--- a/userspace/falco/falco.cpp
+++ b/userspace/falco/falco.cpp
@@ -187,6 +187,7 @@ static void display_fatal_err(const string &msg)
 // Splitting into key=value or key.subkey=value will be handled by configuration class.
 std::list<string> cmdline_options;
 
+#ifndef MINIMAL_BUILD
 // Read a jsonl file containing k8s audit events and pass each to the engine.
 void read_k8s_audit_trace_file(falco_engine *engine,
 			       falco_outputs *outputs,
@@ -215,6 +216,7 @@ void read_k8s_audit_trace_file(falco_engine *engine,
 		}
 	}
 }
+#endif
 
 static std::string read_file(std::string filename)
 {
@@ -1078,6 +1080,12 @@ int falco_init(int argc, char **argv)
 
 			if(!trace_is_scap)
 			{
+#ifdef MINIMAL_BUILD
+				// Note that the webserver is not available when MINIMAL_BUILD is defined.
+				fprintf(stderr, "Cannot use k8s audit events trace file with a minimal Falco build");
+				result = EXIT_FAILURE;
+				goto exit;
+#else
 				try {
 					string line;
 					nlohmann::json j;
@@ -1102,6 +1110,7 @@ int falco_init(int argc, char **argv)
 					result = EXIT_FAILURE;
 					goto exit;
 				}
+#endif
 			}
 		}
 		else
@@ -1260,9 +1269,11 @@ int falco_init(int argc, char **argv)
 
 		if(!trace_filename.empty() && !trace_is_scap)
 		{
+#ifndef MINIMAL_BUILD			
 			read_k8s_audit_trace_file(engine,
 						  outputs,
 						  trace_filename);
+#endif
 		}
 		else
 		{