chore(userspace): small round of review-induced fixes.

Also, properly warn the user that deprecated CLI options will be ignored when the new `engine` configuration key is in use. Signed-off-by: Federico Di Pierro <[email protected]>
falcosecurity · Nov 23, 2023 · a8749b6 · a8749b6
1 parent 7b39c8e
commit a8749b6
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 10 deletions.
diff --git a/falco.yaml b/falco.yaml
@@ -314,24 +314,24 @@ rules_file:
 engine:
   kind: kmod
   kmod:
-    buf_size_preset: 4
+    buf_size_preset: 5
     drop_failed_exit: false
   ebpf:
     # path to the elf file to load.
-    probe: /path/to/probe.o
+    probe: /root/.falco/falco-bpf.o
     buf_size_preset: 4
     drop_failed_exit: false
   modern-ebpf:
     cpus_for_each_buffer: 2
     buf_size_preset: 4
     drop_failed_exit: false
   replay:
-    # path to the capture file to replay.
-    capture_file: /path/to/file.scap
+    # path to the capture file to replay (eg: /path/to/file.scap)
+    capture_file: ""
   gvisor:
     # A Falco-compatible configuration file can be generated with
     # '--gvisor-generate-config' and utilized for both runsc and Falco.
-    config: /path/to/gvisor_config.yaml
+    config: ""
     # Set gVisor root directory for storage of container state when used
     # in conjunction with 'gvisor.config'. The 'gvisor.root' to be passed
     # is the one usually passed to 'runsc --root' flag.

diff --git a/userspace/falco/app/actions/helpers_inspector.cpp b/userspace/falco/app/actions/helpers_inspector.cpp
@@ -36,7 +36,7 @@ falco::app::run_result falco::app::actions::open_offline_inspector(falco::app::s
 	try
 	{
 		s.offline_inspector->open_savefile(s.config->m_replay.m_capture_file);
-		falco_logger::log(falco_logger::level::INFO, "Reading system call events from file: " + s.config->m_replay.m_capture_file + "\n");
+		falco_logger::log(falco_logger::level::INFO, "Replaying events from the capture file: " + s.config->m_replay.m_capture_file + "\n");
 		return run_result::ok();
 	}
 	catch (sinsp_exception &e)

diff --git a/userspace/falco/app/actions/load_config.cpp b/userspace/falco/app/actions/load_config.cpp
@@ -33,6 +33,9 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s)
 	// at least one change in the default config we don't allow to use the command line options.
 	if(s.config->m_changes_in_engine_config)
 	{
+		falco_logger::log(falco_logger::level::WARNING,
+				  "Since the new 'engine' config key is being used, deprecated CLI options "
+				  "[-e,-g,--gvisor-config,--nodriver,--modern-bpf] and FALCO_BPF_PROBE environment variable will be ignored.\n");
 		return run_result::ok(); 
 	}
 
@@ -54,27 +57,27 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s)
 	}
 	else if (s.options.modern_bpf)
 	{
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--modern-bpf' cmdline option is deprecated and will be removed in Falco 0.38!\n");
+		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--modern-bpf' command line option is deprecated and will be removed in Falco 0.38!\n");
 		s.config->m_engine_mode = engine_kind_t::MODERN_EBPF;
 		s.config->m_modern_ebpf.m_drop_failed_exit = s.config->m_syscall_drop_failed_exit;
 		s.config->m_modern_ebpf.m_buf_size_preset = s.config->m_syscall_buf_size_preset;
 		s.config->m_modern_ebpf.m_cpus_for_each_buffer = s.config->m_cpus_for_each_syscall_buffer;
 	}
 	if (!s.options.gvisor_config.empty())
 	{
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-g,--gvisor-config' cmdline option is deprecated and will be removed in Falco 0.38!\n");
+		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-g,--gvisor-config' command line option is deprecated and will be removed in Falco 0.38!\n");
 		s.config->m_engine_mode =  engine_kind_t::GVISOR;
 		s.config->m_gvisor.m_config = s.options.gvisor_config;
 		s.config->m_gvisor.m_root = s.options.gvisor_root;
 	}
 	if (s.options.nodriver)
 	{
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--nodriver' cmdline option is deprecated and will be removed in Falco 0.38!\n");
+		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--nodriver' command line option is deprecated and will be removed in Falco 0.38!\n");
 		s.config->m_engine_mode =  engine_kind_t::NONE;
 	}
 	if (!s.options.capture_file.empty())
 	{
-		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-e' cmdline option is deprecated and will be removed in Falco 0.38!\n");
+		falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-e' command line option is deprecated and will be removed in Falco 0.38!\n");
 		s.config->m_engine_mode = engine_kind_t::REPLAY;
 		s.config->m_replay.m_capture_file = s.options.capture_file;
 	}