github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-03 18:06:44 +00:00
Code Issues Projects Releases Wiki Activity

update(engine): address reviewers comments wrt container_engines config

Browse Source 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby 2024-06-28 21:12:29 +00:00 committed by poiana
parent f6ffa75d74
commit e8afcc55cc
2 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
falco.yaml
View File

@ -1223,8 +1223,8 @@ falco_libs:
# default container runtime socket paths, such as `/var/run/docker.sock` for Docker. # default container runtime socket paths, such as `/var/run/docker.sock` for Docker.
# However, for Kubernetes settings, you can customize the CRI socket paths: # However, for Kubernetes settings, you can customize the CRI socket paths:
# #
# - `container_engines.cri.cri`: Pass a list of container runtime sockets. # - `container_engines.cri.sockets`: Pass a list of container runtime sockets.
# - `container_engines.cri.disable-cri-async`: Since API lookups may not always be quick or # - `container_engines.cri.disable_async`: Since API lookups may not always be quick or
# perfect, resulting in empty fields for container metadata, you can use this option option # perfect, resulting in empty fields for container metadata, you can use this option option
# to disable asynchronous fetching. Note that missing fields may still occasionally occur. # to disable asynchronous fetching. Note that missing fields may still occasionally occur.
# #
@ -1235,15 +1235,13 @@ container_engines:
enabled: true enabled: true
cri: cri:
enabled: true enabled: true
cri: ["/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock"] sockets: ["/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock"]
disable-cri-async: false disable_async: false
podman: podman:
enabled: true enabled: true
lxc: lxc:
enabled: true enabled: true
libvirt_lxc: libvirt_lxc:
enabled: true enabled: true
rocket:
enabled: true
bpm: bpm:
enabled: true enabled: true

7
userspace/falco/app/actions/init_inspectors.cpp
View File

@ -40,6 +40,7 @@ static void init_syscall_inspector(falco::app::state& s, std::shared_ptr<sinsp>
if (!p.empty()) if (!p.empty())
{ {
inspector->add_cri_socket_path(p); inspector->add_cri_socket_path(p);
falco_logger::log(falco_logger::level::DEBUG, "Enabled container runtime socket at '" + p + "' via config file");
} }
} }
inspector->set_cri_async(!s.config->m_container_engines_disable_cri_async); inspector->set_cri_async(!s.config->m_container_engines_disable_cri_async);
@ -51,12 +52,18 @@ static void init_syscall_inspector(falco::app::state& s, std::shared_ptr<sinsp>
if (!p.empty()) if (!p.empty())
{ {
inspector->add_cri_socket_path(p); inspector->add_cri_socket_path(p);
falco_logger::log(falco_logger::level::DEBUG, "Enabled container runtime socket at '" + p + "' via CLI args");
} }
} }
// Decide whether to do sync or async for CRI metadata fetch // Decide whether to do sync or async for CRI metadata fetch
inspector->set_cri_async(!s.options.disable_cri_async); inspector->set_cri_async(!s.options.disable_cri_async);
if(s.options.disable_cri_async || s.config->m_container_engines_disable_cri_async)
{
falco_logger::log(falco_logger::level::DEBUG, "Disabling async lookups for 'CRI'");
}
// //
// If required, set the snaplen // If required, set the snaplen
// //