github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-03 18:06:44 +00:00
Code Issues Projects Releases Wiki Activity

update(engine): address reviewers comments wrt container_engines config

Browse Source 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby 2024-06-28 21:12:29 +00:00 committed by poiana
parent f6ffa75d74
commit e8afcc55cc
2 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
falco.yaml
View File

@ -1223,8 +1223,8 @@ falco_libs:
# default container runtime socket paths, such as `/var/run/docker.sock` for Docker.
# However, for Kubernetes settings, you can customize the CRI socket paths:
#
# - `container_engines.cri.cri`: Pass a list of container runtime sockets.
# - `container_engines.cri.disable-cri-async`: Since API lookups may not always be quick or
# - `container_engines.cri.sockets`: Pass a list of container runtime sockets.
# - `container_engines.cri.disable_async`: Since API lookups may not always be quick or
# perfect, resulting in empty fields for container metadata, you can use this option option
# to disable asynchronous fetching. Note that missing fields may still occasionally occur.
#
@ -1235,15 +1235,13 @@ container_engines:
enabled: true
cri:
enabled: true
cri: ["/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock"]
disable-cri-async: false
sockets: ["/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock"]
disable_async: false
podman:
enabled: true
lxc:
enabled: true
libvirt_lxc:
enabled: true
rocket:
enabled: true
bpm:
enabled: true

7
userspace/falco/app/actions/init_inspectors.cpp
View File

@ -40,6 +40,7 @@ static void init_syscall_inspector(falco::app::state& s, std::shared_ptr<sinsp>
if (!p.empty())
{
inspector->add_cri_socket_path(p);
falco_logger::log(falco_logger::level::DEBUG, "Enabled container runtime socket at '" + p + "' via config file");
}
}
inspector->set_cri_async(!s.config->m_container_engines_disable_cri_async);
@ -51,12 +52,18 @@ static void init_syscall_inspector(falco::app::state& s, std::shared_ptr<sinsp>
if (!p.empty())
{
inspector->add_cri_socket_path(p);
falco_logger::log(falco_logger::level::DEBUG, "Enabled container runtime socket at '" + p + "' via CLI args");
}
}
// Decide whether to do sync or async for CRI metadata fetch
inspector->set_cri_async(!s.options.disable_cri_async);
if(s.options.disable_cri_async || s.config->m_container_engines_disable_cri_async)
{
falco_logger::log(falco_logger::level::DEBUG, "Disabling async lookups for 'CRI'");
}
//
// If required, set the snaplen
//