From 5382af4b459a152ff3db316a53abcc55e76d9c19 Mon Sep 17 00:00:00 2001 From: Melissa Kilby Date: Thu, 21 Dec 2023 22:35:54 -0800 Subject: [PATCH 1/2] chore: fix some characters in deprecation notices Signed-off-by: Melissa Kilby --- userspace/falco/app/actions/load_config.cpp | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/userspace/falco/app/actions/load_config.cpp b/userspace/falco/app/actions/load_config.cpp index 70deffffa4e..2433edcb10e 100644 --- a/userspace/falco/app/actions/load_config.cpp +++ b/userspace/falco/app/actions/load_config.cpp @@ -79,17 +79,17 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s) if(s.config->m_syscall_drop_failed_exit != DEFAULT_DROP_FAILED_EXIT) { falco_logger::log(falco_logger::level::WARNING, - "DEPRECATION NOTICE: 'syscall_drop_failed_exit' config is deprecated and will be removed in Falco 0.38! Use `engine..drop_failed_exit' config instead\n"); + "DEPRECATION NOTICE: 'syscall_drop_failed_exit' config is deprecated and will be removed in Falco 0.38! Use 'engine..drop_failed_exit' config instead\n"); } if(s.config->m_syscall_buf_size_preset != DEFAULT_BUF_SIZE_PRESET) { falco_logger::log(falco_logger::level::WARNING, - "DEPRECATION NOTICE: 'syscall_buf_size_preset' config is deprecated and will be removed in Falco 0.38! Use `engine..buf_size_preset' config instead\n"); + "DEPRECATION NOTICE: 'syscall_buf_size_preset' config is deprecated and will be removed in Falco 0.38! Use 'engine..buf_size_preset' config instead\n"); } if(s.config->m_cpus_for_each_syscall_buffer != DEFAULT_CPUS_FOR_EACH_SYSCALL_BUFFER) { falco_logger::log(falco_logger::level::WARNING, - "DEPRECATION NOTICE: 'modern_bpf.cpus_for_each_syscall_buffer' config is deprecated and will be removed in Falco 0.38! Use `engine.modern_ebpf.cpus_for_each_buffer' config instead\n"); + "DEPRECATION NOTICE: 'modern_bpf.cpus_for_each_syscall_buffer' config is deprecated and will be removed in Falco 0.38! Use 'engine.modern_ebpf.cpus_for_each_buffer' config instead\n"); } // Replace the kmod default values in case the engine was open with the kmod. @@ -102,7 +102,7 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s) // use the requested driver. if (getenv(FALCO_BPF_ENV_VARIABLE)) { - falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the 'FALCO_BPF_PROBE' environment variable is deprecated and will be removed in Falco 0.38! Set `engine.kind: ebpf' and use `engine.ebpf' config instead in falco.yaml\n"); + falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the 'FALCO_BPF_PROBE' environment variable is deprecated and will be removed in Falco 0.38! Set 'engine.kind: ebpf' and use 'engine.ebpf' config instead in falco.yaml\n"); s.config->m_engine_mode = engine_kind_t::EBPF; s.config->m_ebpf.m_probe_path = getenv(FALCO_BPF_ENV_VARIABLE); s.config->m_ebpf.m_drop_failed_exit = s.config->m_syscall_drop_failed_exit; @@ -110,7 +110,7 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s) } else if (s.options.modern_bpf) { - falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--modern-bpf' command line option is deprecated and will be removed in Falco 0.38! Set `engine.kind: modern_ebpf' and use `engine.modern_ebpf' config instead in falco.yaml\n"); + falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--modern-bpf' command line option is deprecated and will be removed in Falco 0.38! Set 'engine.kind: modern_ebpf' and use 'engine.modern_ebpf' config instead in falco.yaml\n"); s.config->m_engine_mode = engine_kind_t::MODERN_EBPF; s.config->m_modern_ebpf.m_drop_failed_exit = s.config->m_syscall_drop_failed_exit; s.config->m_modern_ebpf.m_buf_size_preset = s.config->m_syscall_buf_size_preset; @@ -118,19 +118,19 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s) } if (!s.options.gvisor_config.empty()) { - falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-g,--gvisor-config' command line option is deprecated and will be removed in Falco 0.38! Set `engine.kind: gvisor' and use `engine.gvisor' config instead in falco.yaml\n"); + falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-g,--gvisor-config' command line option is deprecated and will be removed in Falco 0.38! Set 'engine.kind: gvisor' and use 'engine.gvisor' config instead in falco.yaml\n"); s.config->m_engine_mode = engine_kind_t::GVISOR; s.config->m_gvisor.m_config = s.options.gvisor_config; s.config->m_gvisor.m_root = s.options.gvisor_root; } if (s.options.nodriver) { - falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--nodriver' command line option is deprecated and will be removed in Falco 0.38! Set `engine.kind: none' instead in falco.yaml\n"); + falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '--nodriver' command line option is deprecated and will be removed in Falco 0.38! Set 'engine.kind: none' instead in falco.yaml\n"); s.config->m_engine_mode = engine_kind_t::NONE; } if (!s.options.capture_file.empty()) { - falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-e' command line option is deprecated and will be removed in Falco 0.38! Set `engine.kind: replay' and use `engine.replay' config instead in falco.yaml\n"); + falco_logger::log(falco_logger::level::WARNING, "DEPRECATION NOTICE: the '-e' command line option is deprecated and will be removed in Falco 0.38! Set 'engine.kind: replay' and use 'engine.replay' config instead in falco.yaml\n"); s.config->m_engine_mode = engine_kind_t::REPLAY; s.config->m_replay.m_capture_file = s.options.capture_file; } From 33c4cb4b0b8876fea7e6319cd7d5f999c2759d5c Mon Sep 17 00:00:00 2001 From: Melissa Kilby Date: Thu, 21 Dec 2023 22:40:52 -0800 Subject: [PATCH 2/2] update(config): clarify deprecation notices + list all env vars Signed-off-by: Melissa Kilby --- falco.yaml | 41 ++++++++++++++++++++++++++++------------- 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/falco.yaml b/falco.yaml index 205d182429c..c66d943d8ee 100644 --- a/falco.yaml +++ b/falco.yaml @@ -41,7 +41,6 @@ # json_include_output_property # json_include_tags_property # buffered_outputs -# outputs (throttling) # rule_matching # outputs_queue # Falco outputs channels @@ -65,10 +64,10 @@ # syscall_event_drops # metrics # Falco performance tuning (advanced) -# syscall_buf_size_preset [DEPRECATED] -# syscall_drop_failed_exit [DEPRECATED] +# syscall_buf_size_preset [DEPRECATED] -> Replaced by `engine..buf_size_preset` starting Falco 0.38! +# syscall_drop_failed_exit [DEPRECATED] -> Replaced by `engine..drop_failed_exit` starting Falco 0.38! # base_syscalls -# modern_bpf.cpus_for_each_syscall_buffer [DEPRECATED] +# modern_bpf.cpus_for_each_syscall_buffer [DEPRECATED] -> Replaced by `engine.modern_ebpf.cpus_for_each_buffer` starting Falco 0.38! ################################ @@ -80,9 +79,9 @@ # configuration options from this config file as command-line arguments by using # the `-o` flag followed by the option name and value. In the following example, # three config options (`json_output`, `log_level`, and -# `modern_bpf.cpus_for_each_syscall_buffer`) are passed as command-line +# `engine.kind`) are passed as command-line # arguments with their corresponding values: falco -o "json_output=true" -# -o "log_level=debug" -o "modern_bpf.cpus_for_each_syscall_buffer=4" +# -o "log_level=debug" -o "engine.kind=kmod" # Please note that command-line arguments take precedence over the options # specified in this config file. @@ -93,16 +92,32 @@ # Customize Falco settings using environment variables: # -# - "HOST_ROOT": Specifies the prefix to the underlying host `/proc` filesystem +# - HOST_ROOT: Specifies the prefix to the underlying host `/proc` filesystem # when deploying Falco over a container with read-only host mounts instead of # directly on the host. Defaults to "/host". -# - "FALCO_BPF_PROBE": DEPRECATED. Specify a custom path to the BPF object code file (`bpf` +# +# - !!! [DEPRECATED] FALCO_BPF_PROBE: Specify a custom path to the BPF object code file (`bpf` # driver). This is not needed for the modern_bpf driver. -# - "FALCO_HOSTNAME": Customize the hostname output field logged by Falco by +# -> Replaced by `engine.kind: ebpf` and `engine.ebpf` starting Falco 0.38! +# +# - FALCO_HOSTNAME: Customize the hostname output field logged by Falco by # setting the "FALCO_HOSTNAME" environment variable. -# - "FALCO_CGROUP_MEM_PATH": Specifies the file path holding the container +# +# - FALCO_CGROUP_MEM_PATH: Specifies the file path holding the container # memory usage metric for the `metrics` feature. Defaults to # "/sys/fs/cgroup/memory/memory.usage_in_bytes" (Kubernetes). +# +# - SKIP_DRIVER_LOADER is used by the Falco fat image to skip the driver loading part. +# +# - FALCO_FRONTEND is useful when set to noninteractive to skip the dialog choice during +# the installation of Falco deb/rpm packages. This setting is somewhat similar to DEBIAN_FRONTEND. +# +# - FALCO_DRIVER_CHOICE is useful when set to kmod, ebpf, or modern_ebpf (matching the names +# used in engine.kind in the Falco config) during the installation of Falco deb/rpm packages. +# It skips the dialog choice but retains the driver configuration. +# +# - FALCOCTL_ENABLED is useful when set to 'no' during the installation of Falco deb/rpm packages, +# disabling the automatic artifacts followed by falcoctl. ##################### @@ -977,7 +992,7 @@ metrics: # Falco performance tuning (advanced) # ####################################### -# [DEPRECATED] `syscall_buf_size_preset` +# [DEPRECATED] `syscall_buf_size_preset` -> Replaced by `engine..buf_size_preset` starting Falco 0.38! # # Deprecated in favor of engine.{kmod,ebpf,modern_ebpf}.buf_size_preset. # This config is evaluated only if the default `engine` config block is not changed, @@ -1033,7 +1048,7 @@ metrics: # if the default size is not suitable for your use case. syscall_buf_size_preset: 4 -# [DEPRECATED] `syscall_drop_failed_exit` +# [DEPRECATED] `syscall_drop_failed_exit` -> Replaced by `engine..drop_failed_exit` starting Falco 0.38! # # Deprecated in favor of engine.{kmod,ebpf,modern_ebpf}.drop_failed_exit. # This config is evaluated only if the default `engine` config block is not changed, @@ -1162,7 +1177,7 @@ base_syscalls: custom_set: [] repair: false -# [DEPRECATED] `modern_bpf.cpus_for_each_syscall_buffer`, modern_bpf only +# [DEPRECATED] `modern_bpf.cpus_for_each_syscall_buffer`, modern_bpf only -> Replaced by `engine.modern_ebpf.cpus_for_each_buffer` starting Falco 0.38! # # Deprecated in favor of engine.modern_ebpf.cpus_for_each_buffer. # This config is evaluated only if the default `engine` config block is not changed,