chore(userspace/falco): watch all configs files.

Signed-off-by: Federico Di Pierro <[email protected]>
falcosecurity · Apr 10, 2024 · 8b340d3 · 8b340d3
1 parent e840a4a
commit 8b340d3
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/userspace/falco/app/actions/create_signal_handlers.cpp b/userspace/falco/app/actions/create_signal_handlers.cpp
@@ -103,7 +103,14 @@ falco::app::run_result falco::app::actions::create_signal_handlers(falco::app::s
 	falco::app::restart_handler::watch_list_t dirs_to_watch;
 	if (s.config->m_watch_config_files)
 	{
-		files_to_watch.push_back(s.options.conf_filename);
+		files_to_watch.insert(
+			files_to_watch.end(),
+			s.config->m_loaded_configs_filenames.begin(),
+			s.config->m_loaded_configs_filenames.end());
+		dirs_to_watch.insert(
+			dirs_to_watch.end(),
+			s.config->m_loaded_configs_folders.begin(),
+			s.config->m_loaded_configs_folders.end());
 		files_to_watch.insert(
 			files_to_watch.end(),
 			s.config->m_loaded_rules_filenames.begin(),

diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp
@@ -116,7 +116,11 @@ std::string falco_configuration::dump()
 void falco_configuration::merge_configs_files(const std::string& config_name, std::vector<std::string>& loaded_config_files)
 {
 	// Load configs files to be included and merge them into current config
+	// NOTE: loaded_config_files will resolve to the filepaths list of loaded config.
+	// m_loaded_configs_filenames and m_loaded_configs_folders instead will hold the list of
+	// filenames and folders specified in config (minus the skipped ones).
 	loaded_config_files.push_back(config_name);
+	m_loaded_configs_filenames.push_back(config_name);
 	const auto ppath = std::filesystem::path(config_name);
 	// Parse files to be included
 	std::vector<std::string> include_files;
@@ -138,9 +142,11 @@ void falco_configuration::merge_configs_files(const std::string& config_name, st
 		{
 			config.include_config_file(include_file_path.string());
 			loaded_config_files.push_back(include_file);
+			m_loaded_configs_filenames.push_back(include_file);
 		}
 		else if (std::filesystem::is_directory(include_file_path))
 		{
+			m_loaded_configs_folders.push_back(include_file);
 			std::vector<std::string> v;
 			const auto it_options = std::filesystem::directory_options::follow_directory_symlink
 						| std::filesystem::directory_options::skip_permission_denied;

diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h
@@ -93,6 +93,11 @@ class falco_configuration
 
 	static void read_rules_file_directory(const std::string& path, std::list<std::string>& rules_filenames, std::list<std::string> &rules_folders);
 
+	// Config list as passed by the user. Filenames.
+	std::list<std::string> m_loaded_configs_filenames;
+	// Config list as passed by the user. Folders.
+	std::list<std::string> m_loaded_configs_folders;
+
 	// Rules list as passed by the user
 	std::list<std::string> m_rules_filenames;
 	// Actually loaded rules, with folders inspected