diff --git a/falco.yaml b/falco.yaml index 80d7926b22c..13f38ca0503 100644 --- a/falco.yaml +++ b/falco.yaml @@ -480,6 +480,10 @@ plugins: - name: json library_path: libjson.so +# Uncomment to disable host info support for source plugins +# that DO NOT generate raw events from the libscap event table, +# dropping the `hostPath` volume requirement for them. +# plugins_hostinfo: false ########################## # Falco outputs settings # diff --git a/userspace/falco/app/actions/helpers_inspector.cpp b/userspace/falco/app/actions/helpers_inspector.cpp index 62dd59694bb..582a1dba303 100644 --- a/userspace/falco/app/actions/helpers_inspector.cpp +++ b/userspace/falco/app/actions/helpers_inspector.cpp @@ -61,9 +61,15 @@ falco::app::run_result falco::app::actions::open_live_inspector(falco::app::stat falco_logger::log( falco_logger::level::INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'"); - inspector->open_plugin(cfg->m_name, - cfg->m_open_params, - sinsp_plugin_platform::SINSP_PLATFORM_HOSTINFO); + if(s.config.m_plugins_hostinfo) { + inspector->open_plugin(cfg->m_name, + cfg->m_open_params, + sinsp_plugin_platform::SINSP_PLATFORM_HOSTINFO); + } else { + inspector->open_plugin(cfg->m_name, + cfg->m_open_params, + sinsp_plugin_platform::SINSP_PLATFORM_GENERIC); + } return run_result::ok(); } } diff --git a/userspace/falco/config_json_schema.h b/userspace/falco/config_json_schema.h index 92ae04fe109..0a91d7e40e8 100644 --- a/userspace/falco/config_json_schema.h +++ b/userspace/falco/config_json_schema.h @@ -44,6 +44,9 @@ const char config_schema_string[] = LONG_STRING_CONST( "watch_config_files": { "type": "boolean" }, + "plugins_hostinfo": { + "type": "boolean" + }, "rules_files": { "type": "array", "items": { diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index b2359ed1da4..a89fbb65d0c 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -96,6 +96,7 @@ falco_configuration::falco_configuration(): m_metrics_flags(0), m_metrics_convert_memory_to_mb(true), m_metrics_include_empty_values(false), + m_plugins_hostinfo(true), m_container_engines_mask(0), m_container_engines_disable_cri_async(false), m_container_engines_cri_socket_paths({"/run/containerd/containerd.sock", @@ -616,6 +617,8 @@ void falco_configuration::load_yaml(const std::string &config_name) { m_metrics_include_empty_values = m_config.get_scalar("metrics.include_empty_values", false); + m_plugins_hostinfo = m_config.get_scalar("plugins_hostinfo", true); + m_config.get_sequence>(m_rules_selection, "rules"); m_config.get_sequence>(m_append_output, "append_output"); diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h index ba6eb201e01..9a79b5f10cf 100644 --- a/userspace/falco/configuration.h +++ b/userspace/falco/configuration.h @@ -193,6 +193,7 @@ class falco_configuration { bool m_metrics_convert_memory_to_mb; bool m_metrics_include_empty_values; std::vector m_plugins; + bool m_plugins_hostinfo; // container engines uint64_t m_container_engines_mask;