search

falcosecurity / falco

Cloud Native Runtime Security
https://falco.org
Apache License 2.0
7.44k stars 903 forks source link

Create `container_engines` configs in `falco.yaml` #3258

Closed incertum closed 3 months ago

incertum commented 5 months ago

Motivation

See https://github.com/falcosecurity/falco/issues/3243#issuecomment-2174224867 and additional comments after that comment.

The current favorite seems to expose new container_engines in the following format:

container_engines:
  docker:
    enabled: true
  cri:
    enabled: true
    sockets: ["/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock"]
    disable_async: false
  podman:
    enabled: true
  lxc:
    enabled: true
  libvirt_lxc:
    enabled: true
  bpm:
    enabled: true

This feature will allow end users to explicitly disable some container engines, plus it can help in deployment scenarios where the existing --cri and --disable-cri-async CLI flags are more difficult to configure.

incertum commented 5 months ago

@leogr @LucaGuerra CC @networkhell

incertum commented 5 months ago

/milestone 0.39.0