Closed LucaGuerra closed 2 years ago
LucaGuerra
commented
2 years ago Checked if it compiles on different platforms too. It does work with dependencies but I didn't test plugins on those yet.
LucaGuerra
commented
2 years ago It LGTM but i reserve to give it another look because it is quite hard to grasp altogether!
The important thing is to try it out / have ideas to try and see if it works in all the ways we can open plugins.
FedeDP
commented
2 years ago I committed a small fix: we need to maintain a map between plugin and user-specified plugin-name, because we support specifying a path to a plugin too (not only a plugin name).
FedeDP
commented
2 years ago @leogr should've addressed your issues!
Also --input can be very misleading in case of a non-source plugin.
Yeah i agree; i am not sure if we can change it without breaking backward compatibility...
FedeDP
commented
2 years ago @leogr imrpoved the helper text with the actual behavior ('-I' always specifies the input plugin to be used!)
FedeDP
commented
2 years ago @leogr @LucaGuerra sorry, had to force push because i always forget how to commit github suggestion (you need to add the Signed-off-by and not the Co-authored-by ... damn) :angry:
See https://falco.org/docs/configuration/ and https://falco.org/docs/plugins/#loading-plugins-in-falco to understand how this works. The PR is still WIP because it needs to be tested and debugged but I wanted to show the approach. Up until now, the general idea was that:
-Hyou will tell Sysdig to init the specified plugins with init config-Iyou can specify the input plugin to be loaded and its open params-Iand no-Hit will init all plugins from the configured directories and then do as above Now you can also: use--plugin-config-fileto supply a falco compatible config file that can specify the plugins paths and arguments.Note that this is not compatible with Windows and MacOS yet because of the json/yaml dependency and a bit of a mess in cmake.