Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New flag --alternate-lua-dir does not account for falco_outputs Lua files #1438

Closed
leodido opened this issue Oct 12, 2020 · 1 comment · Fixed by #1412
Closed

New flag --alternate-lua-dir does not account for falco_outputs Lua files #1438

leodido opened this issue Oct 12, 2020 · 1 comment · Fixed by #1412
Labels
kind/bug
Milestone
0.27.0

Comments

@leodido
Copy link
Member

leodido commented Oct 12, 2020
edited
Loading

Describe the bug

When running Falco (0.26.1) without using the new --alternate-lua-dir flag (introduced by #1419), Falco is unable to start.

How to reproduce it

Simply run Falco.

Expected behavior

Falco to run successfully.

Screenshots

 sudo ./build/userspace/falco/falco -c falco.yaml -r rules/falco_rules.yaml                                                               0.06  
Mon Oct 12 09:39:23 2020: Falco version 0.26.1-1+8b56360f (driver version 2aa88dcf6243982697811df4c1b484bcbe9488a2)
Mon Oct 12 09:39:23 2020: Falco initialized with configuration file falco.yaml
Mon Oct 12 09:39:23 2020: Loading rules from file rules/falco_rules.yaml:
Mon Oct 12 09:39:23 2020: Runtime error: Could not find Falco Lua entrypoint (tried /usr/share/falco/lua/output.lua, /home/vagrant/workspace/falcosecurity/falco/userspace/engine/lua/output.lua). Exiting.

Additional context

After a bit of investigation, I found the problem.

When --alternate-lua-dir is not specified, it gets the value of FALCO_ENGINE_SOURCE_LUA_DIR constant (its default).

This directory is used by the falco_engine ctor and by the falco_outputs::init.

The problem is that the falco_outputs::init was using FALCO_SOURCE_LUA_DIR (before the PR introducing this flag) by default while now, in the particular case described into this issue, it uses FALCO_ENGINE_SOURCE_LUA_DIR.

Compare line 91/92 in the aforementioned PR to spot the exact location of the problem.

The current build system does not move output.lua into FALCO_ENGINE_SOURCE_LUA_DIR and so Falco is not able to find it.

NOTA BENE

Please notice this does not happen with packaged Falco versions (DEB, etc.) because the build system takes care to move all the Lua files in one directory, in this case.

SOLUTIONS

  1. Introduce another --alternate-lua-dir (one for the engine Lua files, one for the outputs Lua files)
  2. Wait for PR Falco outputs refactoring #1412 to be merged in (should solve the problem at its root - ie., remove Lua files for outputs).
@leodido leodido changed the title New flag --alternate-lua-dir does not account for other Lua directories New flag --alternate-lua-dir does not account for falco_outputs Lua files Oct 12, 2020
@leogr leogr mentioned this issue Oct 12, 2020
Merged
@leodido
Copy link
Member Author

leodido commented Oct 12, 2020

While reviewing #1412 and talking with its author (@leogr) we also found this is preventing the regression/integration test suite to actually run.

We're sending a fix ASAP

@leogr leogr mentioned this issue Oct 12, 2020
Merged
@leogr leogr added this to the 0.27.0 milestone Oct 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
0.27.0
Development

Successfully merging a pull request may close this issue.

Falco outputs refactoring falcosecurity/falco
2 participants
@leodido @leogr