Multiplex falco devcontainer for libs and falco

collector/clangd.yaml

@@ -21,6 +21,8 @@ Diagnostics:
       readability-identifier-naming.FunctionCase: CamelCase
       readability-identifier-naming.VariableCase: lower_case
       readability-identifier-naming.GlobalConstantCase: UPPER_CASE
+InlayHints:
+  Enabled: Yes
 ---
 If:
   PathMatch: .*Test\.cpp

falco-libs/clangd.tpl.yaml

@@ -1,3 +1,5 @@
+If:
+  PathMatch: $GOPATH/src/github.com/falcosecurity/libs/.*
 CompileFlags:
   CompilationDatabase: $GOPATH/src/github.com/falcosecurity/libs/build/
 Diagnostics:
@@ -13,6 +15,23 @@ Diagnostics:
     - modernize-use-nodiscard
     - modernize-use-trailing-return-type
 ---
+If:
+  PathMatch: $GOPATH/src/github.com/falcosecurity/falco/.*
+CompileFlags:
+  CompilationDatabase: $GOPATH/src/github.com/falcosecurity/falco/build/
+Diagnostics:
+  ClangTidy:
+    Add:
+    - bugprone*
+    - cppcoreguidelines*
+    - modernize*
+    - performance*
+    - readability*
+    Remove:
+    - readability-identifier-length
+    - modernize-use-nodiscard
+    - modernize-use-trailing-return-type
+---
 If:
   PathMatch: .*Test\.cpp
 Diagnostics:

falco-libs/compile-falco.sh

@@ -3,88 +3,47 @@
 set -euo pipefail
 
 function clean () {
-    rm -f "${FALCO_DIR}/driver/bpf/probe.{o,ll}"
     make -C "${FALCO_DIR}/build" clean || true
     rm -rf "${FALCO_DIR}/build"
 }
 
-function configure_host () {
+function configure() {
     # sanitizers="-fsanitize=address -fsanitize=undefined"
-    use_bundled_libbpf="OFF"
-    build_shared_libs="OFF"
-
-    if [[ "${FALCO_BUILDER_FLAVOR:-fedora}" != "fedora" ]] ; then
-        # Platform dependent adjustments
-        use_bundled_libbpf="ON"
-    else
-        build_shared_libs="ON"
-    fi
 
     mkdir -p "${FALCO_DIR}/build"
+cmake -DUSE_BUNDLED_DEPS=OFF
     cmake \
         -DBUILD_BPF=ON \
         -DUSE_BUNDLED_DEPS=OFF \
-        -DUSE_BUNDLED_VALIJSON=ON \
-        -DCMAKE_BUILD_TYPE=Release \
-        -DBUILD_LIBSCAP_MODERN_BPF=ON \
-        -DUSE_BUNDLED_LIBBPF="${use_bundled_libbpf}" \
-        -DUSE_BUNDLED_ZLIB=ON \
-        -DUSE_BUNDLED_UTHASH=ON \
-        -DUSE_BUNDLED_TINYDIR=ON \
-        -DCMAKE_EXPORT_COMPILE_COMMANDS=ON \
+        -DUSE_BUNDLED_NLOHMANN_JSON=ON \
+        -DUSE_BUNDLED_YAMLCPP=ON \
+        -DUSE_BUNDLED_CPPHTTPLIB=ON \
+        -DUSE_BUNDLED_CXXOPTS=ON \
+        -DFALCOSECURITY_LIBS_SOURCE_DIR="${LIBS_DIR}" \
+        -DDRIVER_SOURCE_DIR="${LIBS_DIR}" \
+        -DBUILD_DRIVER=ON \
+        -DBUILD_FALCO_MODERN_BPF=ON \
         -DCREATE_TEST_TARGETS=ON \
-        -DBUILD_SHARED_LIBS="${build_shared_libs}" \
-        -S "${FALCO_DIR}" \
-        -B "${FALCO_DIR}/build"
-}
-
-function configure_emscripten () {
-    emcmake cmake -DUSE_BUNDLED_DEPS=ON \
+        -DBUILD_FALCO_UNIT_TESTS=ON \
         -S "${FALCO_DIR}" \
         -B "${FALCO_DIR}/build"
 }
 
-function configure () {
-    emscripten="${1:-0}"
-    if ((emscripten)); then
-        configure_emscripten
-    else
-        configure_host
-    fi
-}
-
 function build () {
     local target
-    local emscripten="${2:-0}"
 
     if [[ ! -d "${FALCO_DIR}/build" ]] || find "${FALCO_DIR}/build" -type d -empty | read -r ; then
-        configure "$emscripten"
+        configure
     fi
 
     target="$1"
-    EMMAKE=""
-    if ((emscripten)); then
-        EMMAKE="emmake"
-    fi
-    "$EMMAKE" make -j"$(nproc)" -C "${FALCO_DIR}/build" "$target"
+    make -j"$(nproc)" -C "${FALCO_DIR}/build" "$target"
 }
 
 [[ -z "${FALCO_DIR}" ]] && FALCO_DIR="$(pwd)"
 # We will be removing some directories, so go somewhere stable
 cd "${FALCO_DIR}"
 
-EMSCRIPTEN=0
-
-while getopts "e" opt; do
-    case "${opt}" in
-        e)
-            EMSCRIPTEN=1
-            ;;
-        ??)
-            echo >&2 "Unknown option $OPTARG"
-    esac
-done
-
 shift $(($OPTIND - 1))
 
 ACTION="${1:-build}"
@@ -97,14 +56,14 @@ case "$ACTION" in
     clean
     ;;
 "configure")
-    configure "$EMSCRIPTEN"
+    configure
     ;;
 "build")
-    build "$TARGET" "$EMSCRIPTEN"
+    build "$TARGET"
     ;;
 "rebuild")
     clean
-    build "$TARGET" "$EMSCRIPTEN"
+    build "$TARGET"
     ;;
 *)
     echo >&2 "Unknown option '$ACTION'"

falco-libs/compile-libs.sh

@@ -0,0 +1,111 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+function clean () {
+    rm -f "${LIBS_DIR}/driver/bpf/probe.{o,ll}"
+    make -C "${LIBS_DIR}/build" clean || true
+    rm -rf "${LIBS_DIR}/build"
+}
+
+function configure_host () {
+    # sanitizers="-fsanitize=address -fsanitize=undefined"
+    use_bundled_libbpf="OFF"
+
+    if [[ "${LIBS_BUILDER_FLAVOR:-fedora}" != "fedora" ]] ; then
+        # Platform dependent adjustments
+        use_bundled_libbpf="ON"
+    else
+        use_shared_libelf="ON"
+    fi
+
+    mkdir -p "${LIBS_DIR}/build"
+    cmake \
+        -DBUILD_BPF=ON \
+        -DUSE_BUNDLED_DEPS=OFF \
+        -DUSE_BUNDLED_VALIJSON=ON \
+        -DCMAKE_BUILD_TYPE=Release \
+        -DBUILD_LIBSCAP_MODERN_BPF=ON \
+        -DUSE_BUNDLED_LIBBPF="${use_bundled_libbpf}" \
+        -DUSE_BUNDLED_ZLIB=ON \
+        -DUSE_BUNDLED_UTHASH=ON \
+        -DUSE_BUNDLED_TINYDIR=ON \
+        -DCMAKE_EXPORT_COMPILE_COMMANDS=ON \
+        -DCREATE_TEST_TARGETS=ON \
+        -DUSE_SHARED_LIBELF="${use_shared_libelf}" \
+        -S "${LIBS_DIR}" \
+        -B "${LIBS_DIR}/build"
+}
+
+function configure_emscripten () {
+    emcmake cmake -DUSE_BUNDLED_DEPS=ON \
+        -S "${LIBS_DIR}" \
+        -B "${LIBS_DIR}/build"
+}
+
+function configure () {
+    emscripten="${1:-0}"
+    if ((emscripten)); then
+        configure_emscripten
+    else
+        configure_host
+    fi
+}
+
+function build () {
+    local target
+    local emscripten="${2:-0}"
+
+    if [[ ! -d "${LIBS_DIR}/build" ]] || find "${LIBS_DIR}/build" -type d -empty | read -r ; then
+        configure "$emscripten"
+    fi
+
+    target="$1"
+    EMMAKE=""
+    if ((emscripten)); then
+        EMMAKE="emmake"
+    fi
+    eval "$EMMAKE" make -j"$(nproc)" -C "${LIBS_DIR}/build" "$target"
+}
+
+[[ -z "${LIBS_DIR}" ]] && LIBS_DIR="$(pwd)"
+# We will be removing some directories, so go somewhere stable
+cd "${LIBS_DIR}"
+
+EMSCRIPTEN=0
+
+while getopts "e" opt; do
+    case "${opt}" in
+        e)
+            EMSCRIPTEN=1
+            ;;
+        ??)
+            echo >&2 "Unknown option $OPTARG"
+    esac
+done
+
+shift $(($OPTIND - 1))
+
+ACTION="${1:-build}"
+ACTION="${ACTION,,}"
+
+TARGET="${2:-all}"
+
+case "$ACTION" in
+"clean")
+    clean
+    ;;
+"configure")
+    configure "$EMSCRIPTEN"
+    ;;
+"build")
+    build "$TARGET" "$EMSCRIPTEN"
+    ;;
+"rebuild")
+    clean
+    build "$TARGET" "$EMSCRIPTEN"
+    ;;
+*)
+    echo >&2 "Unknown option '$ACTION'"
+    ;;
+esac

falco-libs/fedora.Dockerfile

@@ -70,4 +70,5 @@ ENV CC=/usr/local/bin/gcc
 ENV CXX=/usr/local/bin/g++
 
 COPY clangd.yaml /root/.config/clangd/config.yaml
-COPY compile-falco.sh /usr/bin/
+COPY compile-falco.sh /usr/local/bin/
+COPY compile-libs.sh /usr/local/bin/

lua/falco.lua

@@ -1,4 +1,4 @@
-local name = 'libs-builder'
+local name = 'falco-builder'
 
 local M = {}
 
@@ -12,6 +12,7 @@ M.setup = function(opts)
         env = {
             { name = 'CMAKE_EXPORT_COMPILE_COMMANDS', value = 'ON' },
             { name = 'FALCO_DIR',                     value = repo_path },
+            { name = 'LIBS_DIR',                      value = repo_path .. '/../libs' },
             { name = 'HOST_ROOT',                     value = '/host' },
         },
         volumeMounts = opts.volumes or {},

lua/init.lua

@@ -1,5 +1,6 @@
 local collector_repo = os.getenv('GOPATH') .. '/src/github.com/stackrox/collector'
-local falco_repo = os.getenv('GOPATH') .. '/src/github.com/falcosecurity/libs'
+local falco_libs_repo = os.getenv('GOPATH') .. '/src/github.com/falcosecurity/libs'
+local falco_repo = os.getenv('GOPATH') .. '/src/github.com/falcosecurity/falco'
 local movies_repo = os.getenv('GOPATH') .. '/src/github.com/molter73/movies'
 
 local collector = require('collector')
@@ -17,6 +18,7 @@ local volumes = {
     { name = 'modules-fs',       hostPath = { path = '/lib/modules', } },
     { name = 'docker-sock',      hostPath = { path = '/var/run/docker.sock', } },
     { name = 'collector-repo',   hostPath = { path = collector_repo, } },
+    { name = 'falco-libs-repo',  hostPath = { path = falco_libs_repo, } },
     { name = 'falco-repo',       hostPath = { path = falco_repo, } },
     { name = 'movies-repo',      hostPath = { path = movies_repo, } },
     { name = 'collector-ccache', persistentVolumeClaim = { claimName = collector_claim.metadata.name } },
@@ -38,15 +40,16 @@ local collector_opts = {
 local falco_opts = {
     repo_path = falco_repo,
     volumes = {
-        { mountPath = '/host/dev',            name = 'dev-fs',       readOnly = true, },
-        { mountPath = '/host/proc',           name = 'proc-fs',      readOnly = true, },
-        { mountPath = '/host/sys',            name = 'sys-fs',       readOnly = true, },
-        { mountPath = '/host/etc',            name = 'etc-fs',       readOnly = true, },
-        { mountPath = '/host/usr/lib',        name = 'usr-lib-fs',   readOnly = true, },
+        { mountPath = '/host/dev',            name = 'dev-fs',          readOnly = true, },
+        { mountPath = '/host/proc',           name = 'proc-fs',         readOnly = true, },
+        { mountPath = '/host/sys',            name = 'sys-fs',          readOnly = true, },
+        { mountPath = '/host/etc',            name = 'etc-fs',          readOnly = true, },
+        { mountPath = '/host/usr/lib',        name = 'usr-lib-fs',      readOnly = true, },
         { mountPath = '/usr/src',             name = 'usr-src-fs', },
         { mountPath = '/lib/modules',         name = 'modules-fs', },
         { mountPath = '/var/run/docker.sock', name = 'docker-sock', },
         { mountPath = '/root/.cache/ccache',  name = 'falco-ccache', },
+        { mountPath = falco_libs_repo,        name = 'falco-libs-repo', },
         { mountPath = falco_repo,             name = 'falco-repo', },
     }
 }