diff --git a/CMakeLists.txt b/CMakeLists.txt index 5b6b5553..cc51b0ea 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -268,11 +268,18 @@ if(NOT WIN32 ) include(falcoctl) include(container_plugin) + # Install the plugin install( FILES "${PROJECT_BINARY_DIR}/container_plugin-prefix/src/libcontainer.so" DESTINATION "${FALCO_ABSOLUTE_SHARE_DIR}/plugins" COMPONENT "${FALCO_COMPONENT_NAME}" ) + # Install additional config override file to enable the container plugin + install( + FILES "${PROJECT_SOURCE_DIR}/config/falco.container_plugin.yaml" + DESTINATION "${FALCO_ETC_DIR}/config.d" + COMPONENT "${FALCO_COMPONENT_NAME}" + ) endif() # Packages configuration diff --git a/config/falco.container_plugin.yaml b/config/falco.container_plugin.yaml new file mode 100644 index 00000000..297ba144 --- /dev/null +++ b/config/falco.container_plugin.yaml @@ -0,0 +1,2 @@ +# Enable container plugin for linux non musl installation. +load_plugins: [container] \ No newline at end of file diff --git a/falco.yaml b/falco.yaml index 4308bae9..8648295c 100644 --- a/falco.yaml +++ b/falco.yaml @@ -460,7 +460,7 @@ engine: # For example, if you want to use the `k8saudit` plugin, # ensure it is configured appropriately and then change this to: # load_plugins: [k8saudit, json] -load_plugins: [container] +load_plugins: [] # Customize subsettings for each enabled plugin. These settings will only be # applied when the corresponding plugin is enabled using the `load_plugins` @@ -1334,23 +1334,4 @@ base_syscalls: # falco_libs: thread_table_size: 262144 - snaplen: 80 - -# [Deprecated] `container_engines` -# -# The following options are deprecated and will be forwarded to the container plugin init_config. -container_engines: - docker: - enabled: true - cri: - enabled: true - sockets: ["/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock"] - disable_async: false - podman: - enabled: true - lxc: - enabled: true - libvirt_lxc: - enabled: true - bpm: - enabled: true + snaplen: 80 \ No newline at end of file diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index 6d740c1b..72758f39 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -693,61 +693,6 @@ void falco_configuration::load_yaml(const std::string &config_name) { } m_watch_config_files = m_config.get_scalar("watch_config_files", true); - - load_container_config(); -} - -void falco_configuration::load_container_config() { - // Find container plugin - const std::string *init_cfg; - for(const auto &p : m_plugins) { - if(p.m_name == "container") { - // Store the point to be later overridden - init_cfg = &p.m_init_config; - } - } - - if(m_config.is_defined("container_engines.docker.enabled")) { - const auto docker_enabled = - m_config.get_scalar("container_engines.docker.enabled", true); - // TODO update init_cfg - } - - if(m_config.is_defined("container_engines.podman.enabled")) { - const auto podman_enabled = - m_config.get_scalar("container_engines.podman.enabled", true); - // TODO update init_cfg - } - - if(m_config.is_defined("container_engines.cri.enabled")) { - const auto cri_enabled = m_config.get_scalar("container_engines.cri.enabled", true); - // TODO update init_cfg - - if(cri_enabled) { - std::vector cri_socket_paths; - m_config.get_sequence>(cri_socket_paths, - "container_engines.cri.sockets"); - auto disable_cri_async = - m_config.get_scalar("container_engines.cri.disable-cri-async", false); - // TODO update initcfg - } - } - - if(m_config.is_defined("container_engines.lxc.enabled")) { - const auto lxc_enabled = m_config.get_scalar("container_engines.lxc.enabled", true); - // TODO update init_cfg - } - - if(m_config.is_defined("container_engines.libvirt_lxc.enabled")) { - const auto libvirt_lxc_enabled = - m_config.get_scalar("container_engines.libvirt_lxc.enabled", true); - // TODO update init_cfg - } - - if(m_config.is_defined("container_engines.bpm.enabled")) { - const auto bpm_enabled = m_config.get_scalar("container_engines.bpm.enabled", true); - // TODO update init_cfg - } } void falco_configuration::read_rules_file_directory(const std::string &path, diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h index d7cdb6bc..dcda7fee 100644 --- a/userspace/falco/configuration.h +++ b/userspace/falco/configuration.h @@ -213,7 +213,6 @@ public: private: void merge_config_files(const std::string& config_name, config_loaded_res& res); void load_yaml(const std::string& config_name); - void load_container_config(); void init_logger(); void load_engine_config(const std::string& config_name); void init_cmdline_options(const std::vector& cmdline_options);