Skip to content

Commit

Permalink
chore: update desc in falco.yaml
Browse files Browse the repository at this point in the history 
Signed-off-by: Melissa Kilby <[email protected]>
  • Loading branch information
@incertum @poiana
incertum authored and poiana committed Aug 27, 2024
1 parent 08d5ac9 commit 898e060
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 7 deletions.
13 changes: 7 additions & 6 deletions falco.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1209,18 +1209,19 @@ falco_libs:
# [Incubating] `container_engines`
#
# This option allows you to explicitly enable or disable API lookups against container
# runtime sockets for each supported container runtime, tracked internally as `container_engines`.
# Access to these sockets enables Falco to provide container and Kubernetes fields, which
# are crucial for identifying workload owners in modern containerized environments.
# runtime sockets for each supported container runtime.
# Access to these sockets enables Falco to retrieve container and Kubernetes fields,
# helping identify workload owners in modern containerized environments.
# Refer to the fields docs:
#
# - [Kubernetes fields](https://falco.org/docs/reference/rules/supported-fields/#field-class-k8s)
# - [Container fields](https://falco.org/docs/reference/rules/supported-fields/#container)
#
# Additionally, Falco uses container events as a data source for alerting.
# Additionally, Falco can use container events as a data source for alerting (evt.type = container).
#
# For most container engines, you can enable or disable them, and Falco will search the
# default container runtime socket paths, such as `/var/run/docker.sock` for Docker.
# For most container engines, you can solely enable or disable them, and Falco will search the
# default (hard-coded) container runtime socket paths, such as `/var/run/docker.sock` for Docker.
#
# However, for Kubernetes settings, you can customize the CRI socket paths:
#
# - `container_engines.cri.sockets`: Pass a list of container runtime sockets.
Expand Down
1 change: 0 additions & 1 deletion userspace/falco/configuration.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -642,7 +642,6 @@ void falco_configuration::load_yaml(const std::string& config_name)

m_watch_config_files = m_config.get_scalar<bool>("watch_config_files", true);

m_container_engines_mask = 0;
if(m_config.get_scalar<bool>("container_engines.docker.enabled", true))
{
m_container_engines_mask |= (1 << CT_DOCKER);
Expand Down

0 comments on commit 898e060

Please sign in to comment.