From e8afcc55cc6d37ffdf95093581212dd01bf99576 Mon Sep 17 00:00:00 2001
From: Melissa Kilby <melissa.kilby.oss@gmail.com>
Date: Fri, 28 Jun 2024 21:12:29 +0000
Subject: [PATCH] update(engine): address reviewers comments wrt
 container_engines config

Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
---
 falco.yaml                                      | 10 ++++------
 userspace/falco/app/actions/init_inspectors.cpp |  7 +++++++
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/falco.yaml b/falco.yaml
index 2a3ecca1..3a65d460 100644
--- a/falco.yaml
+++ b/falco.yaml
@@ -1223,8 +1223,8 @@ falco_libs:
 # default container runtime socket paths, such as `/var/run/docker.sock` for Docker. 
 # However, for Kubernetes settings, you can customize the CRI socket paths:
 # 
-# - `container_engines.cri.cri`: Pass a list of container runtime sockets.
-# - `container_engines.cri.disable-cri-async`: Since API lookups may not always be quick or 
+# - `container_engines.cri.sockets`: Pass a list of container runtime sockets.
+# - `container_engines.cri.disable_async`: Since API lookups may not always be quick or 
 # perfect, resulting in empty fields for container metadata, you can use this option option 
 # to disable asynchronous fetching. Note that missing fields may still occasionally occur.
 # 
@@ -1235,15 +1235,13 @@ container_engines:
     enabled: true
   cri:
     enabled: true
-    cri: ["/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock"]
-    disable-cri-async: false
+    sockets: ["/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock"]
+    disable_async: false
   podman:
     enabled: true
   lxc:
     enabled: true
   libvirt_lxc:
     enabled: true
-  rocket:
-    enabled: true
   bpm:
     enabled: true
diff --git a/userspace/falco/app/actions/init_inspectors.cpp b/userspace/falco/app/actions/init_inspectors.cpp
index 972565c7..ae166c5c 100644
--- a/userspace/falco/app/actions/init_inspectors.cpp
+++ b/userspace/falco/app/actions/init_inspectors.cpp
@@ -40,6 +40,7 @@ static void init_syscall_inspector(falco::app::state& s, std::shared_ptr<sinsp>
 		if (!p.empty())
 		{
 			inspector->add_cri_socket_path(p);
+			falco_logger::log(falco_logger::level::DEBUG, "Enabled container runtime socket at '" + p + "' via config file");
 		}
 	}
 	inspector->set_cri_async(!s.config->m_container_engines_disable_cri_async);
@@ -51,12 +52,18 @@ static void init_syscall_inspector(falco::app::state& s, std::shared_ptr<sinsp>
 		if (!p.empty())
 		{
 			inspector->add_cri_socket_path(p);
+			falco_logger::log(falco_logger::level::DEBUG, "Enabled container runtime socket at '" + p + "' via CLI args");
 		}
 	}
 
 	// Decide whether to do sync or async for CRI metadata fetch
 	inspector->set_cri_async(!s.options.disable_cri_async);
 
+	if(s.options.disable_cri_async || s.config->m_container_engines_disable_cri_async)
+	{
+		falco_logger::log(falco_logger::level::DEBUG, "Disabling async lookups for 'CRI'");
+	}
+
 	//
 	// If required, set the snaplen
 	//