From bc1aeaceb2525f03e895dacc8881a972e2779bb1 Mon Sep 17 00:00:00 2001 From: Radu Andries Date: Tue, 29 Sep 2020 13:37:30 +0200 Subject: [PATCH] feat(falco): Provide a parameter for loading lua files from an alternate path This will be used by the static build to load lua files from alternate directories that are not tied to the compile flags Signed-off-by: Radu Andries --- userspace/falco/falco.cpp | 67 ++++++++++++++++++------------- userspace/falco/falco_outputs.cpp | 5 ++- userspace/falco/falco_outputs.h | 3 +- 3 files changed, 45 insertions(+), 30 deletions(-) diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp index 7e160867..5a945953 100644 --- a/userspace/falco/falco.cpp +++ b/userspace/falco/falco.cpp @@ -86,6 +86,7 @@ static void usage() " -h, --help Print this page\n" " -c Configuration file (default " FALCO_SOURCE_CONF_FILE ", " FALCO_INSTALL_CONF_FILE ")\n" " -A Monitor all events, including those with EF_DROP_SIMPLE_CONS flag.\n" + " --alternate-lua-dir Specify an alternate path for loading Falco lua files\n" " -b, --print-base64 Print data buffers in base64.\n" " This is useful for encoding binary data that needs to be used over media designed to.\n" " --cri Path to CRI socket for container metadata.\n" @@ -478,37 +479,38 @@ int falco_init(int argc, char **argv) #endif static struct option long_options[] = - { - {"cri", required_argument, 0}, - {"daemon", no_argument, 0, 'd'}, - {"disable-cri-async", no_argument, 0, 0}, - {"disable-source", required_argument, 0}, - {"help", no_argument, 0, 'h'}, - {"ignored-events", no_argument, 0, 'i'}, - {"k8s-api-cert", required_argument, 0, 'K'}, - {"k8s-api", required_argument, 0, 'k'}, - {"list", optional_argument, 0}, - {"mesos-api", required_argument, 0, 'm'}, - {"option", required_argument, 0, 'o'}, - {"pidfile", required_argument, 0, 'P'}, - {"print-base64", no_argument, 0, 'b'}, - {"print", required_argument, 0, 'p'}, - {"snaplen", required_argument, 0, 'S'}, - {"stats-interval", required_argument, 0}, - {"support", no_argument, 0}, - {"unbuffered", no_argument, 0, 'U'}, - {"userspace", no_argument, 0, 'u'}, - {"validate", required_argument, 0, 'V'}, - {"version", no_argument, 0, 0}, - {"writefile", required_argument, 0, 'w'}, - {0, 0, 0, 0} - }; + { + {"alternate-lua-dir", required_argument, 0}, + {"cri", required_argument, 0}, + {"daemon", no_argument, 0, 'd'}, + {"disable-cri-async", no_argument, 0, 0}, + {"disable-source", required_argument, 0}, + {"help", no_argument, 0, 'h'}, + {"ignored-events", no_argument, 0, 'i'}, + {"k8s-api-cert", required_argument, 0, 'K'}, + {"k8s-api", required_argument, 0, 'k'}, + {"list", optional_argument, 0}, + {"mesos-api", required_argument, 0, 'm'}, + {"option", required_argument, 0, 'o'}, + {"pidfile", required_argument, 0, 'P'}, + {"print-base64", no_argument, 0, 'b'}, + {"print", required_argument, 0, 'p'}, + {"snaplen", required_argument, 0, 'S'}, + {"stats-interval", required_argument, 0}, + {"support", no_argument, 0}, + {"unbuffered", no_argument, 0, 'U'}, + {"userspace", no_argument, 0, 'u'}, + {"validate", required_argument, 0, 'V'}, + {"version", no_argument, 0, 0}, + {"writefile", required_argument, 0, 'w'}, + {0, 0, 0, 0}}; try { set disabled_rule_substrings; string substring; string all_rules = ""; + string alternate_lua_dir = FALCO_ENGINE_SOURCE_LUA_DIR; set disabled_rule_tags; set enabled_rule_tags; @@ -686,6 +688,16 @@ int falco_init(int argc, char **argv) disable_sources.insert(optarg); } } + else if (string(long_options[long_index].name)== "alternate-lua-dir") + { + if(optarg != NULL) + { + alternate_lua_dir = optarg; + if (alternate_lua_dir.back() != '/') { + alternate_lua_dir += '/'; + } + } + } break; default: @@ -721,7 +733,7 @@ int falco_init(int argc, char **argv) return EXIT_SUCCESS; } - engine = new falco_engine(); + engine = new falco_engine(true, alternate_lua_dir); engine->set_inspector(inspector); engine->set_extra(output_format, replace_container_info); @@ -965,7 +977,8 @@ int falco_init(int argc, char **argv) config.m_notifications_rate, config.m_notifications_max_burst, config.m_buffered_outputs, config.m_time_format_iso_8601, - hostname); + hostname, + alternate_lua_dir); if(!all_events) { diff --git a/userspace/falco/falco_outputs.cpp b/userspace/falco/falco_outputs.cpp index fddc6902..09f72046 100644 --- a/userspace/falco/falco_outputs.cpp +++ b/userspace/falco/falco_outputs.cpp @@ -78,7 +78,8 @@ falco_outputs::~falco_outputs() void falco_outputs::init(bool json_output, bool json_include_output_property, uint32_t rate, uint32_t max_burst, bool buffered, - bool time_format_iso_8601, string hostname) + bool time_format_iso_8601, string hostname, + const string& alternate_lua_dir) { // The engine must have been given an inspector by now. if(!m_inspector) @@ -88,7 +89,7 @@ void falco_outputs::init(bool json_output, m_json_output = json_output; - falco_common::init(m_lua_main_filename.c_str(), FALCO_SOURCE_LUA_DIR); + falco_common::init(m_lua_main_filename.c_str(), alternate_lua_dir.c_str()); // Note that falco_formats is added to both the lua state used // by the falco engine as well as the separate lua state used diff --git a/userspace/falco/falco_outputs.h b/userspace/falco/falco_outputs.h index 8fc6ce1a..7e9dd287 100644 --- a/userspace/falco/falco_outputs.h +++ b/userspace/falco/falco_outputs.h @@ -54,7 +54,8 @@ public: void init(bool json_output, bool json_include_output_property, uint32_t rate, uint32_t max_burst, bool buffered, - bool time_format_iso_8601, std::string hostname); + bool time_format_iso_8601, std::string hostname, + const std::string& alternate_lua_dir); void add_output(output_config oc);