feat(falco): Provide a parameter for loading lua files from an alternate path

This will be used by the static build to load lua files from
alternate directories that are not tied to the compile flags

Signed-off-by: Radu Andries <radu.andries@sysdig.com>
This commit is contained in:
Radu Andries 2020-09-29 13:37:30 +02:00 committed by poiana
parent 6bcc11aa47
commit bc1aeaceb2
3 changed files with 45 additions and 30 deletions

View File

@ -86,6 +86,7 @@ static void usage()
" -h, --help Print this page\n" " -h, --help Print this page\n"
" -c Configuration file (default " FALCO_SOURCE_CONF_FILE ", " FALCO_INSTALL_CONF_FILE ")\n" " -c Configuration file (default " FALCO_SOURCE_CONF_FILE ", " FALCO_INSTALL_CONF_FILE ")\n"
" -A Monitor all events, including those with EF_DROP_SIMPLE_CONS flag.\n" " -A Monitor all events, including those with EF_DROP_SIMPLE_CONS flag.\n"
" --alternate-lua-dir <path> Specify an alternate path for loading Falco lua files\n"
" -b, --print-base64 Print data buffers in base64.\n" " -b, --print-base64 Print data buffers in base64.\n"
" This is useful for encoding binary data that needs to be used over media designed to.\n" " This is useful for encoding binary data that needs to be used over media designed to.\n"
" --cri <path> Path to CRI socket for container metadata.\n" " --cri <path> Path to CRI socket for container metadata.\n"
@ -479,6 +480,7 @@ int falco_init(int argc, char **argv)
static struct option long_options[] = static struct option long_options[] =
{ {
{"alternate-lua-dir", required_argument, 0},
{"cri", required_argument, 0}, {"cri", required_argument, 0},
{"daemon", no_argument, 0, 'd'}, {"daemon", no_argument, 0, 'd'},
{"disable-cri-async", no_argument, 0, 0}, {"disable-cri-async", no_argument, 0, 0},
@ -501,14 +503,14 @@ int falco_init(int argc, char **argv)
{"validate", required_argument, 0, 'V'}, {"validate", required_argument, 0, 'V'},
{"version", no_argument, 0, 0}, {"version", no_argument, 0, 0},
{"writefile", required_argument, 0, 'w'}, {"writefile", required_argument, 0, 'w'},
{0, 0, 0, 0} {0, 0, 0, 0}};
};
try try
{ {
set<string> disabled_rule_substrings; set<string> disabled_rule_substrings;
string substring; string substring;
string all_rules = ""; string all_rules = "";
string alternate_lua_dir = FALCO_ENGINE_SOURCE_LUA_DIR;
set<string> disabled_rule_tags; set<string> disabled_rule_tags;
set<string> enabled_rule_tags; set<string> enabled_rule_tags;
@ -686,6 +688,16 @@ int falco_init(int argc, char **argv)
disable_sources.insert(optarg); disable_sources.insert(optarg);
} }
} }
else if (string(long_options[long_index].name)== "alternate-lua-dir")
{
if(optarg != NULL)
{
alternate_lua_dir = optarg;
if (alternate_lua_dir.back() != '/') {
alternate_lua_dir += '/';
}
}
}
break; break;
default: default:
@ -721,7 +733,7 @@ int falco_init(int argc, char **argv)
return EXIT_SUCCESS; return EXIT_SUCCESS;
} }
engine = new falco_engine(); engine = new falco_engine(true, alternate_lua_dir);
engine->set_inspector(inspector); engine->set_inspector(inspector);
engine->set_extra(output_format, replace_container_info); engine->set_extra(output_format, replace_container_info);
@ -965,7 +977,8 @@ int falco_init(int argc, char **argv)
config.m_notifications_rate, config.m_notifications_max_burst, config.m_notifications_rate, config.m_notifications_max_burst,
config.m_buffered_outputs, config.m_buffered_outputs,
config.m_time_format_iso_8601, config.m_time_format_iso_8601,
hostname); hostname,
alternate_lua_dir);
if(!all_events) if(!all_events)
{ {

View File

@ -78,7 +78,8 @@ falco_outputs::~falco_outputs()
void falco_outputs::init(bool json_output, void falco_outputs::init(bool json_output,
bool json_include_output_property, bool json_include_output_property,
uint32_t rate, uint32_t max_burst, bool buffered, uint32_t rate, uint32_t max_burst, bool buffered,
bool time_format_iso_8601, string hostname) bool time_format_iso_8601, string hostname,
const string& alternate_lua_dir)
{ {
// The engine must have been given an inspector by now. // The engine must have been given an inspector by now.
if(!m_inspector) if(!m_inspector)
@ -88,7 +89,7 @@ void falco_outputs::init(bool json_output,
m_json_output = json_output; m_json_output = json_output;
falco_common::init(m_lua_main_filename.c_str(), FALCO_SOURCE_LUA_DIR); falco_common::init(m_lua_main_filename.c_str(), alternate_lua_dir.c_str());
// Note that falco_formats is added to both the lua state used // Note that falco_formats is added to both the lua state used
// by the falco engine as well as the separate lua state used // by the falco engine as well as the separate lua state used

View File

@ -54,7 +54,8 @@ public:
void init(bool json_output, void init(bool json_output,
bool json_include_output_property, bool json_include_output_property,
uint32_t rate, uint32_t max_burst, bool buffered, uint32_t rate, uint32_t max_burst, bool buffered,
bool time_format_iso_8601, std::string hostname); bool time_format_iso_8601, std::string hostname,
const std::string& alternate_lua_dir);
void add_output(output_config oc); void add_output(output_config oc);