update(engine): address reviewers comments wrt container_engines config

Co-authored-by: Federico Di Pierro <[email protected]> Co-authored-by: Leonardo Grasso <[email protected]> Signed-off-by: Melissa Kilby <[email protected]>
falcosecurity · Jun 28, 2024 · 87c53b3 · 87c53b3
1 parent 8945ad0
commit 87c53b3
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 13 deletions.
diff --git a/falco.yaml b/falco.yaml
@@ -1223,8 +1223,8 @@ falco_libs:
 # default container runtime socket paths, such as `/var/run/docker.sock` for Docker. 
 # However, for Kubernetes settings, you can customize the CRI socket paths:
 # 
-# - `container_engines.cri.cri`: Pass a list of container runtime sockets.
-# - `container_engines.cri.disable-cri-async`: Since API lookups may not always be quick or 
+# - `container_engines.cri.sockets`: Pass a list of container runtime sockets.
+# - `container_engines.cri.disable_async`: Since API lookups may not always be quick or 
 # perfect, resulting in empty fields for container metadata, you can use this option option 
 # to disable asynchronous fetching. Note that missing fields may still occasionally occur.
 # 
@@ -1235,15 +1235,13 @@ container_engines:
     enabled: true
   cri:
     enabled: true
-    cri: ["/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock"]
-    disable-cri-async: false
+    sockets: ["/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock"]
+    disable_async: false
   podman:
     enabled: true
   lxc:
     enabled: true
   libvirt_lxc:
     enabled: true
-  rocket:
-    enabled: true
   bpm:
     enabled: true
diff --git a/userspace/falco/app/actions/init_inspectors.cpp b/userspace/falco/app/actions/init_inspectors.cpp
@@ -40,6 +40,7 @@ static void init_syscall_inspector(falco::app::state& s, std::shared_ptr<sinsp>
 		if (!p.empty())
 		{
 			inspector->add_cri_socket_path(p);
+			falco_logger::log(falco_logger::level::DEBUG, "Enabled container runtime socket at '" + p + "' via config file");
 		}
 	}
 	inspector->set_cri_async(!s.config->m_container_engines_disable_cri_async);
@@ -51,12 +52,18 @@ static void init_syscall_inspector(falco::app::state& s, std::shared_ptr<sinsp>
 		if (!p.empty())
 		{
 			inspector->add_cri_socket_path(p);
+			falco_logger::log(falco_logger::level::DEBUG, "Enabled container runtime socket at '" + p + "' via CLI args");
 		}
 	}
 
 	// Decide whether to do sync or async for CRI metadata fetch
 	inspector->set_cri_async(!s.options.disable_cri_async);
 
+	if(s.options.disable_cri_async || s.config->m_container_engines_disable_cri_async)
+	{
+		falco_logger::log(falco_logger::level::DEBUG, "Disabling async lookups for 'CRI'");
+	}
+
 	//
 	// If required, set the snaplen
 	//

diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp
@@ -620,39 +620,40 @@ void falco_configuration::load_yaml(const std::string& config_name)
 
 	m_watch_config_files = config.get_scalar<bool>("watch_config_files", true);
 
-	m_container_engines_mask = 0;
 	if(config.get_scalar<bool>("container_engines.docker.enabled", true))
 	{
 		m_container_engines_mask |= (1 << CT_DOCKER);
+		falco_logger::log(falco_logger::level::DEBUG, "Enabled container engine 'docker'");
 	}
 	if(config.get_scalar<bool>("container_engines.podman.enabled", true))
 	{
 		m_container_engines_mask |= (1 << CT_PODMAN);
+		falco_logger::log(falco_logger::level::DEBUG, "Enabled container engine 'podman'");
 	}
 	if(config.get_scalar<bool>("container_engines.cri.enabled", true))
 	{
 		m_container_engines_mask |= ((1 << CT_CRI) |
 			(1 << CT_CRIO) |
 			(1 << CT_CONTAINERD));
 		m_container_engines_cri_socket_paths.clear();
-		config.get_sequence<std::vector<std::string>>(m_container_engines_cri_socket_paths, "container_engines.cri.cri");
-		m_container_engines_disable_cri_async = config.get_scalar<bool>("container_engines.cri.disable-cri-async", false);
+		config.get_sequence<std::vector<std::string>>(m_container_engines_cri_socket_paths, "container_engines.cri.sockets");
+		m_container_engines_disable_cri_async = config.get_scalar<bool>("container_engines.cri.disable_async", false);
+		falco_logger::log(falco_logger::level::DEBUG, "Enabled container engine 'CRI'");
 	}
 	if(config.get_scalar<bool>("container_engines.lxc.enabled", true))
 	{
 		m_container_engines_mask |= (1 << CT_LXC);
+		falco_logger::log(falco_logger::level::DEBUG, "Enabled container engine 'lxc'");
 	}
 	if(config.get_scalar<bool>("container_engines.libvirt_lxc.enabled", true))
 	{
 		m_container_engines_mask |= (1 << CT_LIBVIRT_LXC);
-	}
-	if(config.get_scalar<bool>("container_engines.rocket.enabled", true))
-	{
-		m_container_engines_mask |= (1 << CT_RKT);
+		falco_logger::log(falco_logger::level::DEBUG, "Enabled container engine 'libvirt_lxc'");
 	}
 	if(config.get_scalar<bool>("container_engines.bpm.enabled", true))
 	{
 		m_container_engines_mask |= (1 << CT_BPM);
+		falco_logger::log(falco_logger::level::DEBUG, "Enabled container engine 'bpm'");
 	}
 }