github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-29 16:17:32 +00:00
Code Issues Projects Releases Wiki Activity

chore(userspace/falco): drop container_engines config key.

Browse Source 
Also, default falco.yaml will only host container plugin configuration but won't enable the plugin.
Instead, a configuration override file will be installed only on linux non-musl deployments, enabled the plugin.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
This commit is contained in:
Federico Di Pierro 2025-02-06 11:21:05 +01:00 committed by poiana
parent fafeddaf35
commit bb13702f0f
5 changed files with 11 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CMakeLists.txt
View File

@ -268,11 +268,18 @@ if(NOT WIN32
) )
include(falcoctl) include(falcoctl)
include(container_plugin) include(container_plugin)
# Install the plugin
install( install(
FILES "${PROJECT_BINARY_DIR}/container_plugin-prefix/src/libcontainer.so" FILES "${PROJECT_BINARY_DIR}/container_plugin-prefix/src/libcontainer.so"
DESTINATION "${FALCO_ABSOLUTE_SHARE_DIR}/plugins" DESTINATION "${FALCO_ABSOLUTE_SHARE_DIR}/plugins"
COMPONENT "${FALCO_COMPONENT_NAME}" COMPONENT "${FALCO_COMPONENT_NAME}"
) )
# Install additional config override file to enable the container plugin
install(
FILES "${PROJECT_SOURCE_DIR}/config/falco.container_plugin.yaml"
DESTINATION "${FALCO_ETC_DIR}/config.d"
COMPONENT "${FALCO_COMPONENT_NAME}"
)
endif() endif()
# Packages configuration # Packages configuration

2
config/falco.container_plugin.yaml Normal file
View File

@ -0,0 +1,2 @@
# Enable container plugin for linux non musl installation.
load_plugins: [container]

21
falco.yaml
View File

@ -460,7 +460,7 @@ engine:
# For example, if you want to use the `k8saudit` plugin, # For example, if you want to use the `k8saudit` plugin,
# ensure it is configured appropriately and then change this to: # ensure it is configured appropriately and then change this to:
# load_plugins: [k8saudit, json] # load_plugins: [k8saudit, json]
load_plugins: [container] load_plugins: []
# Customize subsettings for each enabled plugin. These settings will only be # Customize subsettings for each enabled plugin. These settings will only be
# applied when the corresponding plugin is enabled using the `load_plugins` # applied when the corresponding plugin is enabled using the `load_plugins`
@ -1335,22 +1335,3 @@ base_syscalls:
falco_libs: falco_libs:
thread_table_size: 262144 thread_table_size: 262144
snaplen: 80 snaplen: 80
# [Deprecated] `container_engines`
#
# The following options are deprecated and will be forwarded to the container plugin init_config.
container_engines:
docker:
enabled: true
cri:
enabled: true
sockets: ["/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock"]
disable_async: false
podman:
enabled: true
lxc:
enabled: true
libvirt_lxc:
enabled: true
bpm:
enabled: true

55
userspace/falco/configuration.cpp
View File

@ -693,61 +693,6 @@ void falco_configuration::load_yaml(const std::string &config_name) {
} }
m_watch_config_files = m_config.get_scalar<bool>("watch_config_files", true); m_watch_config_files = m_config.get_scalar<bool>("watch_config_files", true);
load_container_config();
}
void falco_configuration::load_container_config() {
// Find container plugin
const std::string *init_cfg;
for(const auto &p : m_plugins) {
if(p.m_name == "container") {
// Store the point to be later overridden
init_cfg = &p.m_init_config;
}
}
if(m_config.is_defined("container_engines.docker.enabled")) {
const auto docker_enabled =
m_config.get_scalar<bool>("container_engines.docker.enabled", true);
// TODO update init_cfg
}
if(m_config.is_defined("container_engines.podman.enabled")) {
const auto podman_enabled =
m_config.get_scalar<bool>("container_engines.podman.enabled", true);
// TODO update init_cfg
}
if(m_config.is_defined("container_engines.cri.enabled")) {
const auto cri_enabled = m_config.get_scalar<bool>("container_engines.cri.enabled", true);
// TODO update init_cfg
if(cri_enabled) {
std::vector<std::string> cri_socket_paths;
m_config.get_sequence<std::vector<std::string>>(cri_socket_paths,
"container_engines.cri.sockets");
auto disable_cri_async =
m_config.get_scalar<bool>("container_engines.cri.disable-cri-async", false);
// TODO update initcfg
}
}
if(m_config.is_defined("container_engines.lxc.enabled")) {
const auto lxc_enabled = m_config.get_scalar<bool>("container_engines.lxc.enabled", true);
// TODO update init_cfg
}
if(m_config.is_defined("container_engines.libvirt_lxc.enabled")) {
const auto libvirt_lxc_enabled =
m_config.get_scalar<bool>("container_engines.libvirt_lxc.enabled", true);
// TODO update init_cfg
}
if(m_config.is_defined("container_engines.bpm.enabled")) {
const auto bpm_enabled = m_config.get_scalar<bool>("container_engines.bpm.enabled", true);
// TODO update init_cfg
}
} }
void falco_configuration::read_rules_file_directory(const std::string &path, void falco_configuration::read_rules_file_directory(const std::string &path,

1
userspace/falco/configuration.h
View File

@ -213,7 +213,6 @@ public:
private: private:
void merge_config_files(const std::string& config_name, config_loaded_res& res); void merge_config_files(const std::string& config_name, config_loaded_res& res);
void load_yaml(const std::string& config_name); void load_yaml(const std::string& config_name);
void load_container_config();
void init_logger(); void init_logger();
void load_engine_config(const std::string& config_name); void load_engine_config(const std::string& config_name);
void init_cmdline_options(const std::vector<std::string>& cmdline_options); void init_cmdline_options(const std::vector<std::string>& cmdline_options);