docs(README): correct badge link path to fix docs rendering

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

CMakeLists.txt

@@ -19,6 +19,15 @@ option(BUILD_WARNINGS_AS_ERRORS "Enable building with -Wextra -Werror flags" OFF
 option(MINIMAL_BUILD "Build a minimal version of Falco, containing only the engine and basic input/output (EXPERIMENTAL)" OFF)
 option(MUSL_OPTIMIZED_BUILD "Enable if you want a musl optimized build" OFF)
 
+# We shouldn't need to set this, see https://gitlab.kitware.com/cmake/cmake/-/issues/16419
+option(EP_UPDATE_DISCONNECTED "ExternalProject update disconnected" OFF)
+if (${EP_UPDATE_DISCONNECTED})
+  set_property(
+    DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
+    PROPERTY EP_UPDATE_DISCONNECTED TRUE)
+endif()
+
+
 # Elapsed time
 # set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE "${CMAKE_COMMAND} -E time") # TODO(fntlnz, leodido): add a flag to enable this
 

README.md

@@ -3,7 +3,7 @@
 
 <hr>
 
-[![Build Status](https://img.shields.io/circleci/build/github/falcosecurity/falco/master?style=for-the-badge)](https://circleci.com/gh/falcosecurity/falco) [![CII Best Practices Summary](https://img.shields.io/cii/summary/2317?label=CCI%20Best%20Practices&style=for-the-badge)](https://bestpractices.coreinfrastructure.org/projects/2317) [![GitHub](https://img.shields.io/github/license/falcosecurity/falco?style=for-the-badge)](COPYING)
+[![Build Status](https://img.shields.io/circleci/build/github/falcosecurity/falco/master?style=for-the-badge)](https://circleci.com/gh/falcosecurity/falco) [![CII Best Practices Summary](https://img.shields.io/cii/summary/2317?label=CCI%20Best%20Practices&style=for-the-badge)](https://bestpractices.coreinfrastructure.org/projects/2317) [![GitHub](https://img.shields.io/github/license/falcosecurity/falco?style=for-the-badge)](./COPYING)
 
 Want to talk? Join us on the [#falco](https://kubernetes.slack.com/archives/CMWH3EH32) channel in the [Kubernetes Slack](https://slack.k8s.io).
 
@@ -33,9 +33,9 @@ If you would like to run Falco in **production** please adhere to the [official
 | Tool     | Link                                                                                       | Note                                                               |
 |----------|--------------------------------------------------------------------------------------------|--------------------------------------------------------------------|
 | Helm     | [Chart Repository](https://github.com/falcosecurity/charts/tree/master/falco#introduction) | The Falco community offers regular helm chart releases.            |
-| Minikube | [Tutorial](https://falco.org/docs/third-party/#minikube)                                   | The Falco driver has been baked into minikube for easy deployment. |
-| Kind     | [Tutorial](https://falco.org/docs/third-party/#kind)                                       | Running Falco with kind requires a driver on the host system.      |
-| GKE      | [Tutorial](https://falco.org/docs/third-party/#gke)                                        | We suggest using the eBPF driver for running Falco on GKE.         |
+| Minikube | [Tutorial](https://falco.org/docs/getting-started/third-party/#minikube)                                   | The Falco driver has been baked into minikube for easy deployment. |
+| Kind     | [Tutorial](https://falco.org/docs/getting-started/third-party/#kind)                                       | Running Falco with kind requires a driver on the host system.      |
+| GKE      | [Tutorial](https://falco.org/docs/getting-started/third-party/#gke)                                        | We suggest using the eBPF driver for running Falco on GKE.         |
 
 ### Developing
 

cmake/modules/CPM.cmake

@@ -0,0 +1,19 @@
+set(CPM_DOWNLOAD_VERSION 0.27.2)
+
+if(CPM_SOURCE_CACHE)
+  set(CPM_DOWNLOAD_LOCATION "${CPM_SOURCE_CACHE}/cpm/CPM_${CPM_DOWNLOAD_VERSION}.cmake")
+elseif(DEFINED ENV{CPM_SOURCE_CACHE})
+  set(CPM_DOWNLOAD_LOCATION "$ENV{CPM_SOURCE_CACHE}/cpm/CPM_${CPM_DOWNLOAD_VERSION}.cmake")
+else()
+  set(CPM_DOWNLOAD_LOCATION "${CMAKE_BINARY_DIR}/cmake/CPM_${CPM_DOWNLOAD_VERSION}.cmake")
+endif()
+
+if(NOT (EXISTS ${CPM_DOWNLOAD_LOCATION}))
+  message(STATUS "Downloading CPM.cmake to ${CPM_DOWNLOAD_LOCATION}")
+  file(DOWNLOAD
+       https://github.com/TheLartians/CPM.cmake/releases/download/v${CPM_DOWNLOAD_VERSION}/CPM.cmake
+       ${CPM_DOWNLOAD_LOCATION}
+  )
+endif()
+
+include(${CPM_DOWNLOAD_LOCATION})

cmake/modules/OpenSSL.cmake

@@ -10,6 +10,7 @@
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 #
+mark_as_advanced(OPENSSL_BINARY)
 if(NOT USE_BUNDLED_DEPS)
   find_package(OpenSSL REQUIRED)
   message(STATUS "Found openssl: include: ${OPENSSL_INCLUDE_DIR}, lib: ${OPENSSL_LIBRARIES}")
@@ -20,6 +21,8 @@ if(NOT USE_BUNDLED_DEPS)
     message(STATUS "Found openssl: binary: ${OPENSSL_BINARY}")
   endif()
 else()
+  mark_as_advanced(OPENSSL_BUNDLE_DIR OPENSSL_INSTALL_DIR OPENSSL_INCLUDE_DIR
+    OPENSSL_LIBRARY_SSL OPENSSL_LIBRARY_CRYPTO)
   set(OPENSSL_BUNDLE_DIR "${PROJECT_BINARY_DIR}/openssl-prefix/src/openssl")
   set(OPENSSL_INSTALL_DIR "${OPENSSL_BUNDLE_DIR}/target")
   set(OPENSSL_INCLUDE_DIR "${PROJECT_BINARY_DIR}/openssl-prefix/src/openssl/include")

cmake/modules/gRPC.cmake

@@ -22,6 +22,7 @@ if(NOT USE_BUNDLED_DEPS)
   endif()
 
   # c-ares
+  mark_as_advanced(CARES_INCLUDE CARES_LIB)
   find_path(CARES_INCLUDE NAMES ares.h)
   find_library(CARES_LIB NAMES libcares.so)
   if(CARES_INCLUDE AND CARES_LIB)
@@ -31,6 +32,7 @@ if(NOT USE_BUNDLED_DEPS)
   endif()
 
   # protobuf
+  mark_as_advanced(PROTOC PROTOBUF_INCLUDE PROTOBUF_LIB)
   find_program(PROTOC NAMES protoc)
   find_path(PROTOBUF_INCLUDE NAMES google/protobuf/message.h)
   find_library(PROTOBUF_LIB NAMES libprotobuf.so)
@@ -43,6 +45,7 @@ if(NOT USE_BUNDLED_DEPS)
   endif()
 
   # gpr
+  mark_as_advanced(GPR_LIB)
   find_library(GPR_LIB NAMES gpr)
 
   if(GPR_LIB)
@@ -52,12 +55,16 @@ if(NOT USE_BUNDLED_DEPS)
   endif()
 
   # gRPC todo(fntlnz, leodido): check that gRPC version is greater or equal than 1.8.0
+  mark_as_advanced(GRPC_INCLUDE GRPC_SRC
+    GRPC_LIB GRPC_LIBS_ABSOLUTE  GRPCPP_LIB GRPC_CPP_PLUGIN)
   find_path(GRPCXX_INCLUDE NAMES grpc++/grpc++.h)
   if(GRPCXX_INCLUDE)
     set(GRPC_INCLUDE ${GRPCXX_INCLUDE})
+    unset(GRPCXX_INCLUDE CACHE)
   else()
     find_path(GRPCPP_INCLUDE NAMES grpcpp/grpcpp.h)
     set(GRPC_INCLUDE ${GRPCPP_INCLUDE})
+    unset(GRPCPP_INCLUDE CACHE)
     add_definitions(-DGRPC_INCLUDE_IS_GRPCPP=1)
   endif()
   find_library(GRPC_LIB NAMES grpc)

cmake/modules/jq.cmake

@@ -10,6 +10,7 @@
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 #
+mark_as_advanced(JQ_INCLUDE JQ_LIB)
 if (NOT USE_BUNDLED_DEPS)
     find_path(JQ_INCLUDE jq.h PATH_SUFFIXES jq)
     find_library(JQ_LIB NAMES jq)

cmake/modules/static-analysis.cmake

@@ -3,6 +3,7 @@ file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/static-analysis-reports)
 file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/static-analysis-reports/cppcheck)
 
 # cppcheck
+mark_as_advanced(CPPCHECK CPPCHECK_HTMLREPORT)
 find_program(CPPCHECK cppcheck)
 find_program(CPPCHECK_HTMLREPORT cppcheck-htmlreport)
 

cmake/modules/yaml-cpp.cmake

@@ -10,6 +10,7 @@
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 # specific language governing permissions and limitations under the License.
 #
+mark_as_advanced(YAMLCPP_INCLUDE_DIR YAMLCPP_LIB)
 if(NOT USE_BUNDLED_DEPS)
   find_path(YAMLCPP_INCLUDE_DIR NAMES yaml-cpp/yaml.h)
   find_library(YAMLCPP_LIB NAMES yaml-cpp)

documentation/CMakeLists.txt

@@ -0,0 +1,35 @@
+cmake_minimum_required(VERSION 3.14 FATAL_ERROR)
+
+project(FalcoDocs)
+
+# Dependencies
+
+include(../cmake/modules/CPM.cmake)
+
+CPMAddPackage(NAME Falco SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}/..)
+
+CPMAddPackage(
+  NAME MCSS
+  DOWNLOAD_ONLY YES
+  GITHUB_REPOSITORY mosra/m.css
+  GIT_TAG 42d4a9a48f31f5df6e246c948403b54b50574a2a
+)
+
+# Doxygen variables
+
+set(DOXYGEN_PROJECT_NAME Falco)
+set(DOXYGEN_PROJECT_VERSION ${FALCO_VERSION})
+set(DOXYGEN_PROJECT_ROOT "${CMAKE_CURRENT_LIST_DIR}/..")
+set(DOXYGEN_OUTPUT_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}/doxygen")
+
+configure_file(${CMAKE_CURRENT_LIST_DIR}/Doxyfile ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile)
+
+configure_file(${CMAKE_CURRENT_LIST_DIR}/conf.py ${CMAKE_CURRENT_BINARY_DIR}/conf.py)
+
+add_custom_target(
+  GenerateDocs
+  ${CMAKE_COMMAND} -E make_directory "${DOXYGEN_OUTPUT_DIRECTORY}"
+  COMMAND "${MCSS_SOURCE_DIR}/documentation/doxygen.py" "${CMAKE_CURRENT_BINARY_DIR}/conf.py"
+  COMMAND echo "Docs written to: ${DOXYGEN_OUTPUT_DIRECTORY}"
+  WORKING_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}"
+)

documentation/Doxyfile

@@ -0,0 +1,31 @@
+# Configuration for Doxygen for use with CMake
+# Only options that deviate from the default are included
+# To create a new Doxyfile containing all available options, call `doxygen -g`
+
+# Get Project name and version from CMake
+PROJECT_NAME = @DOXYGEN_PROJECT_NAME@
+PROJECT_NUMBER = @DOXYGEN_PROJECT_VERSION@
+
+# Add sources
+INPUT = @DOXYGEN_PROJECT_ROOT@/README.md @DOXYGEN_PROJECT_ROOT@/userspace @DOXYGEN_PROJECT_ROOT@/documentation/pages
+EXTRACT_ALL = YES
+RECURSIVE = YES
+OUTPUT_DIRECTORY = @DOXYGEN_OUTPUT_DIRECTORY@
+
+# Use the README as a main page
+USE_MDFILE_AS_MAINPAGE = @DOXYGEN_PROJECT_ROOT@/README.md
+
+# Set relative include paths
+FULL_PATH_NAMES = YES
+STRIP_FROM_PATH = @DOXYGEN_PROJECT_ROOT@/userspace @DOXYGEN_PROJECT_ROOT@
+
+# We only need XML output because use m.css to generate the html documentation
+GENERATE_XML = YES
+GENERATE_HTML = NO
+GENERATE_LATEX = NO
+XML_PROGRAMLISTING = NO
+CREATE_SUBDIRS = NO
+
+# Include all directories, files and namespaces in the documentation
+# Disable to include only explicitly documented objects
+M_SHOW_UNDOCUMENTED = YES

documentation/conf.py

@@ -0,0 +1,19 @@
+DOXYFILE = 'Doxyfile'
+
+LINKS_NAVBAR1 = [
+    (None, 'pages', [(None, 'about')]),
+    (None, 'namespaces', []),
+]
+
+# Add your own navbar links using the code below.
+# To find the valid link names, you can inspect the URL of a generated documentation site.
+
+# LINKS_NAVBAR1 = [
+#     (None, 'pages', [(None, 'about')]),
+#     (None, 'namespaces', [(None, 'namespacexyz')]),
+# ]
+#
+# LINKS_NAVBAR2 = [
+#     (None, 'annotated', [(None, 'classxyz_1_1_xyz')]),
+#     (None, 'files', [(None, 'xyz_8h')]),
+# ]

documentation/pages/about.dox

@@ -0,0 +1,4 @@
+/** @page about About
+  @section doc Falco Documentation
+  This is the documentation for the Falco project.
+*/

rules/falco_rules.yaml

@@ -1612,7 +1612,7 @@
 # to change thread namespace without having to copy and override the
 # entire change thread namespace rule.
 - list: user_known_change_thread_namespace_binaries
-  items: []
+  items: [crio, multus]
 
 - macro: user_known_change_thread_namespace_activities
   condition: (never_true)
@@ -3070,6 +3070,22 @@
   priority: WARNING
   tags: [process]
 
+- list: run_as_root_image_list
+  items: []
+
+- macro: user_known_run_as_root_container
+  condition: (container.image.repository in (run_as_root_image_list))
+
+# The rule is disabled by default and should be enabled when non-root container policy has been applied.
+# Note the rule will not work as expected when usernamespace is applied, e.g. userns-remap is enabled.
+- rule: Container Run as Root User
+  desc: Detected container running as root user
+  condition: spawned_process and container and proc.vpid=1 and user.uid=0 and not user_known_run_as_root_container
+  enabled: false
+  output: Container launched with root user privilege (uid=%user.uid container_id=%container.id container_name=%container.name image=%container.image.repository:%container.image.tag)
+  priority: INFO
+  tags: [container, process]
+
 # Application rules have moved to application_rules.yaml. Please look
 # there if you want to enable them by adding to
 # falco_rules.local.yaml.

userspace/falco/configuration.cpp

@@ -47,16 +47,6 @@ falco_configuration::~falco_configuration()
 	}
 }
 
-// If we don't have a configuration file, we just use stdout output and all other defaults
-void falco_configuration::init(list<string> &cmdline_options)
-{
-	init_cmdline_options(cmdline_options);
-
-	falco::outputs::config stdout_output;
-	stdout_output.name = "stdout";
-	m_outputs.push_back(stdout_output);
-}
-
 void falco_configuration::init(string conf_filename, list<string> &cmdline_options)
 {
 	string m_config_file = conf_filename;
@@ -348,4 +338,4 @@ void falco_configuration::set_cmdline_option(const string &opt)
 	{
 		m_config->set_scalar(keyval.first, keyval.second);
 	}
-}
+}

userspace/falco/falco.cpp

@@ -794,7 +794,7 @@ int falco_init(int argc, char **argv)
 				}
 				else
 				{
-					conf_filename = "";
+					throw std::invalid_argument("You must create a config file at " FALCO_SOURCE_CONF_FILE ", " FALCO_INSTALL_CONF_FILE " or by passing -c\n");
 				}
 			}
 		}
@@ -836,12 +836,7 @@ int falco_init(int argc, char **argv)
 		}
 		else
 		{
-			config.init(cmdline_options);
-			falco_logger::set_time_format_iso_8601(config.m_time_format_iso_8601);
-
-			// log after config init because config determines where logs go
-			falco_logger::log(LOG_INFO, "Falco version " + std::string(FALCO_VERSION) + " (driver version " + std::string(DRIVER_VERSION) + ")\n");
-			falco_logger::log(LOG_INFO, "Falco initialized. No configuration file found, proceeding with defaults\n");
+			throw std::runtime_error("Could not find configuration file at " + conf_filename);
 		}
 
 		if (rules_filenames.size())

userspace/falco/grpc_server_impl.cpp

@@ -15,6 +15,7 @@ limitations under the License.
 */
 
 #include "config_falco.h"
+#include "falco_engine_version.h"
 #include "grpc_server_impl.h"
 #include "grpc_queue.h"
 #include "logger.h"
@@ -75,6 +76,9 @@ void falco::grpc::server_impl::version(const context& ctx, const version::reques
 	auto& version = *res.mutable_version();
 	version = FALCO_VERSION;
 
+	res.set_engine_version(FALCO_ENGINE_VERSION);
+	res.set_engine_fields_checksum(FALCO_FIELDS_CHECKSUM); 
+
 	res.set_major(FALCO_VERSION_MAJOR);
 	res.set_minor(FALCO_VERSION_MINOR);
 	res.set_patch(FALCO_VERSION_PATCH);

userspace/falco/version.proto

@@ -36,10 +36,14 @@ message request
 // its parts as per semver 2.0 specification (https://semver.org).
 message response
 {
+// falco version
   string version = 1;
   uint32 major = 2;
   uint32 minor = 3;
   uint32 patch = 4;
   string prerelease = 5;
   string build = 6;
-}
+// falco engine version
+  uint32 engine_version = 7;
+  string engine_fields_checksum = 8;
+}