github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-15 22:38:26 +00:00
Code Issues Projects Releases Wiki Activity

chore: update desc in falco.yaml

Browse Source 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby
2024-08-26 17:04:13 +00:00
committed by poiana
parent 08d5ac92ad
commit 898e060544
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
falco.yaml
View File

@@ -1209,18 +1209,19 @@ falco_libs:
# [Incubating] `container_engines`
#
# This option allows you to explicitly enable or disable API lookups against container
# runtime sockets for each supported container runtime, tracked internally as `container_engines`.
# Access to these sockets enables Falco to provide container and Kubernetes fields, which
# are crucial for identifying workload owners in modern containerized environments.
# runtime sockets for each supported container runtime.
# Access to these sockets enables Falco to retrieve container and Kubernetes fields,
# helping identify workload owners in modern containerized environments.
# Refer to the fields docs:
#
# - [Kubernetes fields](https://falco.org/docs/reference/rules/supported-fields/#field-class-k8s)
# - [Container fields](https://falco.org/docs/reference/rules/supported-fields/#container)
#
# Additionally, Falco uses container events as a data source for alerting.
# Additionally, Falco can use container events as a data source for alerting (evt.type = container).
#
# For most container engines, you can enable or disable them, and Falco will search the
# default container runtime socket paths, such as `/var/run/docker.sock` for Docker.
# For most container engines, you can solely enable or disable them, and Falco will search the
# default (hard-coded) container runtime socket paths, such as `/var/run/docker.sock` for Docker.
#
# However, for Kubernetes settings, you can customize the CRI socket paths:
#
# - `container_engines.cri.sockets`: Pass a list of container runtime sockets.

1
userspace/falco/configuration.cpp
View File

@@ -642,7 +642,6 @@ void falco_configuration::load_yaml(const std::string& config_name)
m_watch_config_files = m_config.get_scalar<bool>("watch_config_files", true);
m_container_engines_mask = 0;
if(m_config.get_scalar<bool>("container_engines.docker.enabled", true))
{
m_container_engines_mask |= (1 << CT_DOCKER);