From f5a450319b5ff7b65370e59c6ec02f23be308804 Mon Sep 17 00:00:00 2001
From: Federico Di Pierro <nierro92@gmail.com>
Date: Fri, 22 Nov 2024 09:23:59 +0100
Subject: [PATCH 1/2] new(userspace/falco): allow entirely disabling plugin
 hostinfo support.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
---
 falco.yaml                                        |  4 ++++
 userspace/falco/app/actions/helpers_inspector.cpp | 12 +++++++++---
 userspace/falco/config_json_schema.h              |  3 +++
 userspace/falco/configuration.cpp                 |  3 +++
 userspace/falco/configuration.h                   |  1 +
 5 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/falco.yaml b/falco.yaml
index 80d7926b22c..13f38ca0503 100644
--- a/falco.yaml
+++ b/falco.yaml
@@ -480,6 +480,10 @@ plugins:
   - name: json
     library_path: libjson.so
 
+# Uncomment to disable host info support for source plugins
+# that DO NOT generate raw events from the libscap event table,
+# dropping the `hostPath` volume requirement for them.
+# plugins_hostinfo: false
 
 ##########################
 # Falco outputs settings #
diff --git a/userspace/falco/app/actions/helpers_inspector.cpp b/userspace/falco/app/actions/helpers_inspector.cpp
index 62dd59694bb..9620f5d479f 100644
--- a/userspace/falco/app/actions/helpers_inspector.cpp
+++ b/userspace/falco/app/actions/helpers_inspector.cpp
@@ -61,9 +61,15 @@ falco::app::run_result falco::app::actions::open_live_inspector(falco::app::stat
 					falco_logger::log(
 					        falco_logger::level::INFO,
 					        "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
-					inspector->open_plugin(cfg->m_name,
-					                       cfg->m_open_params,
-					                       sinsp_plugin_platform::SINSP_PLATFORM_HOSTINFO);
+					if(s.config->m_plugins_hostinfo) {
+						inspector->open_plugin(cfg->m_name,
+						                       cfg->m_open_params,
+						                       sinsp_plugin_platform::SINSP_PLATFORM_HOSTINFO);
+					} else {
+						inspector->open_plugin(cfg->m_name,
+						                       cfg->m_open_params,
+						                       sinsp_plugin_platform::SINSP_PLATFORM_GENERIC);
+					}
 					return run_result::ok();
 				}
 			}
diff --git a/userspace/falco/config_json_schema.h b/userspace/falco/config_json_schema.h
index 92ae04fe109..0a91d7e40e8 100644
--- a/userspace/falco/config_json_schema.h
+++ b/userspace/falco/config_json_schema.h
@@ -44,6 +44,9 @@ const char config_schema_string[] = LONG_STRING_CONST(
                 "watch_config_files": {
                     "type": "boolean"
                 },
+                "plugins_hostinfo": {
+                    "type": "boolean"
+                },
                 "rules_files": {
                     "type": "array",
                     "items": {
diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp
index b2359ed1da4..a89fbb65d0c 100644
--- a/userspace/falco/configuration.cpp
+++ b/userspace/falco/configuration.cpp
@@ -96,6 +96,7 @@ falco_configuration::falco_configuration():
         m_metrics_flags(0),
         m_metrics_convert_memory_to_mb(true),
         m_metrics_include_empty_values(false),
+        m_plugins_hostinfo(true),
         m_container_engines_mask(0),
         m_container_engines_disable_cri_async(false),
         m_container_engines_cri_socket_paths({"/run/containerd/containerd.sock",
@@ -616,6 +617,8 @@ void falco_configuration::load_yaml(const std::string &config_name) {
 	m_metrics_include_empty_values =
 	        m_config.get_scalar<bool>("metrics.include_empty_values", false);
 
+	m_plugins_hostinfo = m_config.get_scalar<bool>("plugins_hostinfo", true);
+
 	m_config.get_sequence<std::vector<rule_selection_config>>(m_rules_selection, "rules");
 	m_config.get_sequence<std::vector<append_output_config>>(m_append_output, "append_output");
 
diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h
index ba6eb201e01..9a79b5f10cf 100644
--- a/userspace/falco/configuration.h
+++ b/userspace/falco/configuration.h
@@ -193,6 +193,7 @@ class falco_configuration {
 	bool m_metrics_convert_memory_to_mb;
 	bool m_metrics_include_empty_values;
 	std::vector<plugin_config> m_plugins;
+	bool m_plugins_hostinfo;
 
 	// container engines
 	uint64_t m_container_engines_mask;

From 4e757500a9fe6f302b0b50f06313108b0181c413 Mon Sep 17 00:00:00 2001
From: Federico Di Pierro <nierro92@gmail.com>
Date: Fri, 22 Nov 2024 10:21:57 +0100
Subject: [PATCH 2/2] update(userspace/falco): use ternary operator

Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
---
 userspace/falco/app/actions/helpers_inspector.cpp | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/userspace/falco/app/actions/helpers_inspector.cpp b/userspace/falco/app/actions/helpers_inspector.cpp
index 9620f5d479f..e476326c4ee 100644
--- a/userspace/falco/app/actions/helpers_inspector.cpp
+++ b/userspace/falco/app/actions/helpers_inspector.cpp
@@ -61,15 +61,11 @@ falco::app::run_result falco::app::actions::open_live_inspector(falco::app::stat
 					falco_logger::log(
 					        falco_logger::level::INFO,
 					        "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
-					if(s.config->m_plugins_hostinfo) {
-						inspector->open_plugin(cfg->m_name,
-						                       cfg->m_open_params,
-						                       sinsp_plugin_platform::SINSP_PLATFORM_HOSTINFO);
-					} else {
-						inspector->open_plugin(cfg->m_name,
-						                       cfg->m_open_params,
-						                       sinsp_plugin_platform::SINSP_PLATFORM_GENERIC);
-					}
+					inspector->open_plugin(cfg->m_name,
+					                       cfg->m_open_params,
+					                       s.config->m_plugins_hostinfo
+					                               ? sinsp_plugin_platform::SINSP_PLATFORM_HOSTINFO
+					                               : sinsp_plugin_platform::SINSP_PLATFORM_GENERIC);
 					return run_result::ok();
 				}
 			}