github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-12 13:07:49 +00:00
Code Issues Projects Releases Wiki Activity

chore(userspace/falco): drop container_engines config key.

Browse Source 
Also, default falco.yaml will only host container plugin configuration but won't enable the plugin.
Instead, a configuration override file will be installed only on linux non-musl deployments, enabled the plugin.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro
2025-02-06 11:21:05 +01:00
committed by poiana
parent fafeddaf35
commit bb13702f0f
5 changed files with 11 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
userspace/falco/configuration.cpp
View File

@@ -693,61 +693,6 @@ void falco_configuration::load_yaml(const std::string &config_name) {
}
m_watch_config_files = m_config.get_scalar<bool>("watch_config_files", true);
load_container_config();
}
void falco_configuration::load_container_config() {
// Find container plugin
const std::string *init_cfg;
for(const auto &p : m_plugins) {
if(p.m_name == "container") {
// Store the point to be later overridden
init_cfg = &p.m_init_config;
}
}
if(m_config.is_defined("container_engines.docker.enabled")) {
const auto docker_enabled =
m_config.get_scalar<bool>("container_engines.docker.enabled", true);
// TODO update init_cfg
}
if(m_config.is_defined("container_engines.podman.enabled")) {
const auto podman_enabled =
m_config.get_scalar<bool>("container_engines.podman.enabled", true);
// TODO update init_cfg
}
if(m_config.is_defined("container_engines.cri.enabled")) {
const auto cri_enabled = m_config.get_scalar<bool>("container_engines.cri.enabled", true);
// TODO update init_cfg
if(cri_enabled) {
std::vector<std::string> cri_socket_paths;
m_config.get_sequence<std::vector<std::string>>(cri_socket_paths,
"container_engines.cri.sockets");
auto disable_cri_async =
m_config.get_scalar<bool>("container_engines.cri.disable-cri-async", false);
// TODO update initcfg
}
}
if(m_config.is_defined("container_engines.lxc.enabled")) {
const auto lxc_enabled = m_config.get_scalar<bool>("container_engines.lxc.enabled", true);
// TODO update init_cfg
}
if(m_config.is_defined("container_engines.libvirt_lxc.enabled")) {
const auto libvirt_lxc_enabled =
m_config.get_scalar<bool>("container_engines.libvirt_lxc.enabled", true);
// TODO update init_cfg
}
if(m_config.is_defined("container_engines.bpm.enabled")) {
const auto bpm_enabled = m_config.get_scalar<bool>("container_engines.bpm.enabled", true);
// TODO update init_cfg
}
}
void falco_configuration::read_rules_file_directory(const std::string &path,

1
userspace/falco/configuration.h
View File

@@ -213,7 +213,6 @@ public:
private:
void merge_config_files(const std::string& config_name, config_loaded_res& res);
void load_yaml(const std::string& config_name);
void load_container_config();
void init_logger();
void load_engine_config(const std::string& config_name);
void init_cmdline_options(const std::vector<std::string>& cmdline_options);