diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp index 7e160867..5a945953 100644 --- a/userspace/falco/falco.cpp +++ b/userspace/falco/falco.cpp @@ -86,6 +86,7 @@ static void usage() " -h, --help Print this page\n" " -c Configuration file (default " FALCO_SOURCE_CONF_FILE ", " FALCO_INSTALL_CONF_FILE ")\n" " -A Monitor all events, including those with EF_DROP_SIMPLE_CONS flag.\n" + " --alternate-lua-dir Specify an alternate path for loading Falco lua files\n" " -b, --print-base64 Print data buffers in base64.\n" " This is useful for encoding binary data that needs to be used over media designed to.\n" " --cri Path to CRI socket for container metadata.\n" @@ -478,37 +479,38 @@ int falco_init(int argc, char **argv) #endif static struct option long_options[] = - { - {"cri", required_argument, 0}, - {"daemon", no_argument, 0, 'd'}, - {"disable-cri-async", no_argument, 0, 0}, - {"disable-source", required_argument, 0}, - {"help", no_argument, 0, 'h'}, - {"ignored-events", no_argument, 0, 'i'}, - {"k8s-api-cert", required_argument, 0, 'K'}, - {"k8s-api", required_argument, 0, 'k'}, - {"list", optional_argument, 0}, - {"mesos-api", required_argument, 0, 'm'}, - {"option", required_argument, 0, 'o'}, - {"pidfile", required_argument, 0, 'P'}, - {"print-base64", no_argument, 0, 'b'}, - {"print", required_argument, 0, 'p'}, - {"snaplen", required_argument, 0, 'S'}, - {"stats-interval", required_argument, 0}, - {"support", no_argument, 0}, - {"unbuffered", no_argument, 0, 'U'}, - {"userspace", no_argument, 0, 'u'}, - {"validate", required_argument, 0, 'V'}, - {"version", no_argument, 0, 0}, - {"writefile", required_argument, 0, 'w'}, - {0, 0, 0, 0} - }; + { + {"alternate-lua-dir", required_argument, 0}, + {"cri", required_argument, 0}, + {"daemon", no_argument, 0, 'd'}, + {"disable-cri-async", no_argument, 0, 0}, + {"disable-source", required_argument, 0}, + {"help", no_argument, 0, 'h'}, + {"ignored-events", no_argument, 0, 'i'}, + {"k8s-api-cert", required_argument, 0, 'K'}, + {"k8s-api", required_argument, 0, 'k'}, + {"list", optional_argument, 0}, + {"mesos-api", required_argument, 0, 'm'}, + {"option", required_argument, 0, 'o'}, + {"pidfile", required_argument, 0, 'P'}, + {"print-base64", no_argument, 0, 'b'}, + {"print", required_argument, 0, 'p'}, + {"snaplen", required_argument, 0, 'S'}, + {"stats-interval", required_argument, 0}, + {"support", no_argument, 0}, + {"unbuffered", no_argument, 0, 'U'}, + {"userspace", no_argument, 0, 'u'}, + {"validate", required_argument, 0, 'V'}, + {"version", no_argument, 0, 0}, + {"writefile", required_argument, 0, 'w'}, + {0, 0, 0, 0}}; try { set disabled_rule_substrings; string substring; string all_rules = ""; + string alternate_lua_dir = FALCO_ENGINE_SOURCE_LUA_DIR; set disabled_rule_tags; set enabled_rule_tags; @@ -686,6 +688,16 @@ int falco_init(int argc, char **argv) disable_sources.insert(optarg); } } + else if (string(long_options[long_index].name)== "alternate-lua-dir") + { + if(optarg != NULL) + { + alternate_lua_dir = optarg; + if (alternate_lua_dir.back() != '/') { + alternate_lua_dir += '/'; + } + } + } break; default: @@ -721,7 +733,7 @@ int falco_init(int argc, char **argv) return EXIT_SUCCESS; } - engine = new falco_engine(); + engine = new falco_engine(true, alternate_lua_dir); engine->set_inspector(inspector); engine->set_extra(output_format, replace_container_info); @@ -965,7 +977,8 @@ int falco_init(int argc, char **argv) config.m_notifications_rate, config.m_notifications_max_burst, config.m_buffered_outputs, config.m_time_format_iso_8601, - hostname); + hostname, + alternate_lua_dir); if(!all_events) { diff --git a/userspace/falco/falco_outputs.cpp b/userspace/falco/falco_outputs.cpp index fddc6902..09f72046 100644 --- a/userspace/falco/falco_outputs.cpp +++ b/userspace/falco/falco_outputs.cpp @@ -78,7 +78,8 @@ falco_outputs::~falco_outputs() void falco_outputs::init(bool json_output, bool json_include_output_property, uint32_t rate, uint32_t max_burst, bool buffered, - bool time_format_iso_8601, string hostname) + bool time_format_iso_8601, string hostname, + const string& alternate_lua_dir) { // The engine must have been given an inspector by now. if(!m_inspector) @@ -88,7 +89,7 @@ void falco_outputs::init(bool json_output, m_json_output = json_output; - falco_common::init(m_lua_main_filename.c_str(), FALCO_SOURCE_LUA_DIR); + falco_common::init(m_lua_main_filename.c_str(), alternate_lua_dir.c_str()); // Note that falco_formats is added to both the lua state used // by the falco engine as well as the separate lua state used diff --git a/userspace/falco/falco_outputs.h b/userspace/falco/falco_outputs.h index 8fc6ce1a..7e9dd287 100644 --- a/userspace/falco/falco_outputs.h +++ b/userspace/falco/falco_outputs.h @@ -54,7 +54,8 @@ public: void init(bool json_output, bool json_include_output_property, uint32_t rate, uint32_t max_burst, bool buffered, - bool time_format_iso_8601, std::string hostname); + bool time_format_iso_8601, std::string hostname, + const std::string& alternate_lua_dir); void add_output(output_config oc);