new(gvisor): add option to generate gVisor configuration

Signed-off-by: Luca Guerra <luca@guerra.sh>

userspace/falco/CMakeLists.txt

@@ -30,6 +30,7 @@ set(
   app_actions/load_rules_files.cpp
   app_actions/open_inspector.cpp
   app_actions/process_events.cpp
+  app_actions/print_generated_gvisor_config.cpp
   app_actions/print_help.cpp
   app_actions/print_ignored_events.cpp
   app_actions/print_plugin_info.cpp

userspace/falco/app_actions/print_generated_gvisor_config.cpp

@@ -0,0 +1,32 @@
+/*
+Copyright (C) 2022 The Falco Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include "config_falco.h"
+#include "application.h"
+
+using namespace falco::app;
+
+application::run_result application::print_generated_gvisor_config()
+{
+	if(!m_options.gvisor_generate_config_with_socket.empty())
+	{
+		std::unique_ptr<sinsp> s(new sinsp());
+        std::string gvisor_config = s->generate_gvisor_config(m_options.gvisor_generate_config_with_socket);
+        printf("%s\n", gvisor_config.c_str());
+		return run_result::exit();
+	}
+	return run_result::ok();
+}

userspace/falco/app_cmdline_options.cpp

@@ -163,7 +163,7 @@ void cmdline_options::define()
 		("D",                             "Disable any rules with names having the substring <substring>. Can be specified multiple times. Can not be specified with -t.", cxxopts::value(disabled_rule_substrings), "<substring>")
 		("e",                             "Read the events from <events_file> in .scap format instead of tapping into live.", cxxopts::value(trace_filename), "<events_file>")
 		("g,gvisor-config",				  "Parse events from gVisor using the specified configuration file. A falco-compatible configuration file can be generated with --gvisor-generate-config and can be used for both runsc and Falco.", cxxopts::value(gvisor_config), "<gvisor_config>")
-		("gvisor-generate-config",		  "Generate a configuration file that can be used for gVisor.", cxxopts::value<bool>(gvisor_generate_config))
+		("gvisor-generate-config",		  "Generate a configuration file that can be used for gVisor.", cxxopts::value<std::string>(gvisor_generate_config_with_socket)->implicit_value("/tmp/gvisor.sock"), "<socket_path>")
 		("gvisor-root",					  "gVisor root directory for storage of container state. Equivalent to runsc --root flag.", cxxopts::value(gvisor_root), "<gvisor_root>")
 		("i",                             "Print all events that are ignored by default (i.e. without the -A flag) and exit.", cxxopts::value(print_ignored_events)->default_value("false"))
 #ifndef MINIMAL_BUILD

userspace/falco/app_cmdline_options.h

@@ -44,7 +44,7 @@ public:
 	std::vector<std::string> disabled_rule_substrings;
 	std::string trace_filename;
 	std::string gvisor_config;
-	bool gvisor_generate_config;
+	std::string gvisor_generate_config_with_socket;
 	std::string gvisor_root;
 	std::string k8s_api;
 	std::string k8s_api_cert;

userspace/falco/application.cpp

@@ -125,6 +125,7 @@ bool application::run(std::string &errstr, bool &restart)
 	std::list<std::function<run_result()>> run_steps = {
 		std::bind(&application::print_help, this),
 		std::bind(&application::print_version, this),
+		std::bind(&application::print_generated_gvisor_config, this),
 		std::bind(&application::create_signal_handlers, this),
 		std::bind(&application::load_config, this),
 		std::bind(&application::init_inspector, this),

userspace/falco/application.h

@@ -151,6 +151,7 @@ private:
 	run_result load_plugins();
 	run_result load_rules_files();
 	run_result open_inspector();
+	run_result print_generated_gvisor_config();
 	run_result print_help();
 	run_result print_ignored_events();
 	run_result print_plugin_info();