fix(restart_handler): disable if there is no work

When there is no work to do, i.e. when all config watching is disabled,
there is no need to keep the restart_handler running. Disable it in this
case.

This is helpful to do on nodes where there is little to no headroom in
terms of open inotify watches (as per the inotify/max_user_instances
configuration), as can happen on nodes populated with other software
that also watch the filesystem for changes. If Falco is run on such a
node, it may fail to start due to functionality the app does not even
intend on using.

This has one change in terms of behaviour, however: the dry-run restarts
will no longer occur. As there is still never going to happen a real
restart, I understand it as unlikely for there to be a proper need for
dry-run restarts.

Signed-off-by: Mariell Hoversholm <mariell@grafana.com>

userspace/falco/app/restart_handler.cpp

@@ -38,7 +38,9 @@ limitations under the License.
 
 falco::app::restart_handler::~restart_handler() {
 	stop();
-	close(m_inotify_fd);
+	if(m_inotify_fd != -1) {
+		close(m_inotify_fd);
+	}
 	m_inotify_fd = -1;
 }
 
@@ -48,6 +50,12 @@ void falco::app::restart_handler::trigger() {
 
 bool falco::app::restart_handler::start(std::string& err) {
 #ifdef __linux__
+	if(m_watched_files.empty() && m_watched_dirs.empty()) {
+		falco_logger::log(falco_logger::level::DEBUG,
+		                  "Refusing to start restart handler due to nothing to watch\n");
+		return true;
+	}
+
 	m_inotify_fd = inotify_init();
 	if(m_inotify_fd < 0) {
 		err = "could not initialize inotify handler";

userspace/falco/app/restart_handler.h

@@ -61,7 +61,7 @@ public:
 private:
 	void watcher_loop() noexcept;
 
-	int m_inotify_fd;
+	int m_inotify_fd = -1;
 	std::thread m_watcher;
 	std::atomic<bool> m_stop;
 	std::atomic<bool> m_forced;