diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake index 4833944e043..2c9f3b30d0a 100644 --- a/cmake/modules/falcosecurity-libs.cmake +++ b/cmake/modules/falcosecurity-libs.cmake @@ -67,12 +67,10 @@ set(SCAP_HOST_ROOT_ENV_VAR_NAME "HOST_ROOT") set(SCAP_HOSTNAME_ENV_VAR "FALCO_HOSTNAME") set(SINSP_AGENT_CGROUP_MEM_PATH_ENV_VAR "FALCO_CGROUP_MEM_PATH") -if(NOT LIBSCAP_DIR) - set(LIBSCAP_DIR "${FALCOSECURITY_LIBS_SOURCE_DIR}") +if(NOT LIBS_DIR) + set(LIBS_DIR "${FALCOSECURITY_LIBS_SOURCE_DIR}") endif() -set(LIBSINSP_DIR "${FALCOSECURITY_LIBS_SOURCE_DIR}") - # configure gVisor support set(BUILD_LIBSCAP_GVISOR ${BUILD_FALCO_GVISOR} CACHE BOOL "") diff --git a/userspace/engine/CMakeLists.txt b/userspace/engine/CMakeLists.txt index b3d6f086836..43d274da11b 100644 --- a/userspace/engine/CMakeLists.txt +++ b/userspace/engine/CMakeLists.txt @@ -37,8 +37,7 @@ add_dependencies(falco_engine yamlcpp njson) target_include_directories(falco_engine PUBLIC - ${LIBSCAP_INCLUDE_DIRS} - ${LIBSINSP_INCLUDE_DIRS} + ${LIBS_DIR}/userspace ${PROJECT_BINARY_DIR}/userspace/engine ${nlohmann_json_INCLUDE_DIRS} ${TBB_INCLUDE_DIR} diff --git a/userspace/engine/evttype_index_ruleset.h b/userspace/engine/evttype_index_ruleset.h index 6eac80786ed..9e7d14db396 100644 --- a/userspace/engine/evttype_index_ruleset.h +++ b/userspace/engine/evttype_index_ruleset.h @@ -24,11 +24,10 @@ limitations under the License. #include #include "filter_ruleset.h" -#include "sinsp.h" -#include "filter.h" -#include "event.h" - -#include "gen_filter.h" +#include +#include +#include +#include /*! \brief A filter_ruleset that indexes enabled rules by event type, diff --git a/userspace/engine/falco_common.h b/userspace/engine/falco_common.h index dd4f07b4566..7a4476f9f8f 100644 --- a/userspace/engine/falco_common.h +++ b/userspace/engine/falco_common.h @@ -20,7 +20,7 @@ limitations under the License. #include #include #include -#include +#include // // equivalent to an "unbounded queue" in TBB terms or largest long value diff --git a/userspace/engine/falco_engine.cpp b/userspace/engine/falco_engine.cpp index cc13461ffe6..b4007952fc7 100644 --- a/userspace/engine/falco_engine.cpp +++ b/userspace/engine/falco_engine.cpp @@ -33,8 +33,9 @@ limitations under the License. #include -#include -#include +#include +#include +#include #include "falco_engine.h" #include "falco_utils.h" @@ -42,7 +43,6 @@ limitations under the License. #include "formats.h" -#include "utils.h" #include "evttype_index_ruleset.h" const std::string falco_engine::s_default_ruleset = "falco-default-ruleset"; diff --git a/userspace/engine/falco_engine.h b/userspace/engine/falco_engine.h index 07b0f4ba43c..c7b54d78e0a 100644 --- a/userspace/engine/falco_engine.h +++ b/userspace/engine/falco_engine.h @@ -30,7 +30,7 @@ limitations under the License. #include -#include "gen_filter.h" +#include #include "filter_ruleset.h" #include "rule_loader.h" #include "rule_loader_reader.h" diff --git a/userspace/engine/falco_rule.h b/userspace/engine/falco_rule.h index 1e2bbdcb41d..700145d648e 100644 --- a/userspace/engine/falco_rule.h +++ b/userspace/engine/falco_rule.h @@ -21,7 +21,7 @@ limitations under the License. #include #include "falco_common.h" -#include +#include /*! \brief Represents a list in the Falco Engine. diff --git a/userspace/engine/falco_utils.cpp b/userspace/engine/falco_utils.cpp index fa415f9eb76..75a3f80145b 100644 --- a/userspace/engine/falco_utils.cpp +++ b/userspace/engine/falco_utils.cpp @@ -21,7 +21,7 @@ limitations under the License. #include #include "falco_utils.h" -#include "utils.h" +#include #include diff --git a/userspace/engine/filter_details_resolver.h b/userspace/engine/filter_details_resolver.h index 11a6401d5a0..33d8acae97e 100644 --- a/userspace/engine/filter_details_resolver.h +++ b/userspace/engine/filter_details_resolver.h @@ -17,7 +17,7 @@ limitations under the License. #pragma once -#include +#include #include #include #include diff --git a/userspace/engine/filter_macro_resolver.h b/userspace/engine/filter_macro_resolver.h index 6f664967d70..71341735270 100644 --- a/userspace/engine/filter_macro_resolver.h +++ b/userspace/engine/filter_macro_resolver.h @@ -17,7 +17,7 @@ limitations under the License. #pragma once -#include +#include #include #include #include diff --git a/userspace/engine/filter_ruleset.h b/userspace/engine/filter_ruleset.h index 1214b983f45..b6b8a3ba42c 100644 --- a/userspace/engine/filter_ruleset.h +++ b/userspace/engine/filter_ruleset.h @@ -19,12 +19,11 @@ limitations under the License. #include "falco_rule.h" #include "rule_loader_compile_output.h" -#include -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include /*! \brief Manages a set of rulesets. A ruleset is a set of diff --git a/userspace/engine/filter_warning_resolver.cpp b/userspace/engine/filter_warning_resolver.cpp index 45e477a765d..730a5d97737 100644 --- a/userspace/engine/filter_warning_resolver.cpp +++ b/userspace/engine/filter_warning_resolver.cpp @@ -15,7 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -#include +#include #include "filter_warning_resolver.h" using namespace falco; diff --git a/userspace/engine/filter_warning_resolver.h b/userspace/engine/filter_warning_resolver.h index 8479b7e491d..1dc0d645c36 100644 --- a/userspace/engine/filter_warning_resolver.h +++ b/userspace/engine/filter_warning_resolver.h @@ -17,7 +17,7 @@ limitations under the License. #pragma once -#include +#include #include #include #include diff --git a/userspace/engine/formats.h b/userspace/engine/formats.h index a4306b4e353..6babbcf9143 100644 --- a/userspace/engine/formats.h +++ b/userspace/engine/formats.h @@ -19,7 +19,7 @@ limitations under the License. #include #include -#include +#include #include "falco_engine.h" class falco_formats diff --git a/userspace/engine/rule_loader.h b/userspace/engine/rule_loader.h index 53b36611db2..533f0eb57f6 100644 --- a/userspace/engine/rule_loader.h +++ b/userspace/engine/rule_loader.h @@ -25,7 +25,7 @@ limitations under the License. #include "falco_source.h" #include "falco_load_result.h" #include "indexed_vector.h" -#include "version.h" +#include namespace rule_loader { diff --git a/userspace/engine/rule_loader_collector.cpp b/userspace/engine/rule_loader_collector.cpp index fdeef81e308..35c4058a0f3 100644 --- a/userspace/engine/rule_loader_collector.cpp +++ b/userspace/engine/rule_loader_collector.cpp @@ -16,7 +16,7 @@ limitations under the License. */ #include -#include +#include #include "falco_engine.h" #include "rule_loader_collector.h" diff --git a/userspace/engine/rule_loader_reader.cpp b/userspace/engine/rule_loader_reader.cpp index 168d219315e..d43776a9b5e 100644 --- a/userspace/engine/rule_loader_reader.cpp +++ b/userspace/engine/rule_loader_reader.cpp @@ -23,6 +23,7 @@ limitations under the License. #include "rule_loader_reader.h" #include "falco_engine_version.h" #include "rule_loading_messages.h" +#include #define THROW(cond, err, ctx) { if ((cond)) { throw rule_loader::rule_load_exception(falco::load_result::LOAD_ERR_YAML_VALIDATE, (err), (ctx)); } } diff --git a/userspace/engine/rule_loader_reader.h b/userspace/engine/rule_loader_reader.h index 484f267c29d..0c331234443 100644 --- a/userspace/engine/rule_loader_reader.h +++ b/userspace/engine/rule_loader_reader.h @@ -19,8 +19,8 @@ limitations under the License. #include "rule_loader.h" #include "rule_loader_collector.h" -#include "logger.h" -#include "version.h" +#include +#include #include "falco_engine_version.h" namespace rule_loader diff --git a/userspace/falco/app/actions/helpers_generic.cpp b/userspace/falco/app/actions/helpers_generic.cpp index b8609799822..4022eb04d3f 100644 --- a/userspace/falco/app/actions/helpers_generic.cpp +++ b/userspace/falco/app/actions/helpers_generic.cpp @@ -17,7 +17,7 @@ limitations under the License. #include "helpers.h" #include "falco_utils.h" -#include +#include #include diff --git a/userspace/falco/app/actions/helpers_inspector.cpp b/userspace/falco/app/actions/helpers_inspector.cpp index d35c8e8832c..1cc029fafcc 100644 --- a/userspace/falco/app/actions/helpers_inspector.cpp +++ b/userspace/falco/app/actions/helpers_inspector.cpp @@ -19,7 +19,7 @@ limitations under the License. #include #include -#include +#include #include #include "helpers.h" diff --git a/userspace/falco/app/actions/init_falco_engine.cpp b/userspace/falco/app/actions/init_falco_engine.cpp index 358c60e2c70..a81f7ec7d5d 100644 --- a/userspace/falco/app/actions/init_falco_engine.cpp +++ b/userspace/falco/app/actions/init_falco_engine.cpp @@ -16,7 +16,7 @@ limitations under the License. */ #include "actions.h" -#include +#include using namespace falco::app; using namespace falco::app::actions; diff --git a/userspace/falco/app/actions/init_inspectors.cpp b/userspace/falco/app/actions/init_inspectors.cpp index 110c0db7a0e..503af19a60e 100644 --- a/userspace/falco/app/actions/init_inspectors.cpp +++ b/userspace/falco/app/actions/init_inspectors.cpp @@ -20,7 +20,7 @@ limitations under the License. #include -#include +#include using namespace falco::app; using namespace falco::app::actions; diff --git a/userspace/falco/app/actions/list_plugins.cpp b/userspace/falco/app/actions/list_plugins.cpp index 8c9c6702cac..aeda72c26a9 100644 --- a/userspace/falco/app/actions/list_plugins.cpp +++ b/userspace/falco/app/actions/list_plugins.cpp @@ -18,7 +18,7 @@ limitations under the License. #include "actions.h" #include "helpers.h" -#include +#include using namespace falco::app; using namespace falco::app::actions; diff --git a/userspace/falco/app/actions/load_plugins.cpp b/userspace/falco/app/actions/load_plugins.cpp index 2d2cd95b8e0..d492d84a29b 100644 --- a/userspace/falco/app/actions/load_plugins.cpp +++ b/userspace/falco/app/actions/load_plugins.cpp @@ -16,7 +16,7 @@ limitations under the License. */ #include "actions.h" -#include +#include using namespace falco::app; using namespace falco::app::actions; diff --git a/userspace/falco/app/actions/load_rules_files.cpp b/userspace/falco/app/actions/load_rules_files.cpp index 9f62234766a..adab4961eac 100644 --- a/userspace/falco/app/actions/load_rules_files.cpp +++ b/userspace/falco/app/actions/load_rules_files.cpp @@ -18,7 +18,7 @@ limitations under the License. #include "actions.h" #include "helpers.h" -#include +#include #include diff --git a/userspace/falco/app/actions/print_plugin_info.cpp b/userspace/falco/app/actions/print_plugin_info.cpp index 8251ef1f620..4c52e39177e 100644 --- a/userspace/falco/app/actions/print_plugin_info.cpp +++ b/userspace/falco/app/actions/print_plugin_info.cpp @@ -18,7 +18,7 @@ limitations under the License. #include "actions.h" #include "helpers.h" -#include +#include using namespace falco::app; using namespace falco::app::actions; diff --git a/userspace/falco/app/actions/process_events.cpp b/userspace/falco/app/actions/process_events.cpp index 52baf957da0..45b4ff9606f 100644 --- a/userspace/falco/app/actions/process_events.cpp +++ b/userspace/falco/app/actions/process_events.cpp @@ -35,7 +35,7 @@ limitations under the License. #include "../../falco_outputs.h" #include "../../event_drops.h" -#include +#include using namespace falco::app; using namespace falco::app::actions; diff --git a/userspace/falco/app/options.h b/userspace/falco/app/options.h index 4a568e3d801..4d0dc661f73 100644 --- a/userspace/falco/app/options.h +++ b/userspace/falco/app/options.h @@ -17,7 +17,7 @@ limitations under the License. #pragma once -#include +#include #include #include diff --git a/userspace/falco/app/state.h b/userspace/falco/app/state.h index ec4934db9f5..188cd7154eb 100644 --- a/userspace/falco/app/state.h +++ b/userspace/falco/app/state.h @@ -28,7 +28,7 @@ limitations under the License. #include "../webserver.h" #endif -#include +#include #include #include diff --git a/userspace/falco/event_drops.h b/userspace/falco/event_drops.h index 2b27ffc8971..9caf5a3a3bf 100644 --- a/userspace/falco/event_drops.h +++ b/userspace/falco/event_drops.h @@ -19,8 +19,8 @@ limitations under the License. #include #include -#include -#include +#include +#include #include "logger.h" #include "falco_outputs.h" diff --git a/userspace/falco/falco_outputs.h b/userspace/falco/falco_outputs.h index 5e0577a8b36..be2e603dfeb 100644 --- a/userspace/falco/falco_outputs.h +++ b/userspace/falco/falco_outputs.h @@ -20,7 +20,7 @@ limitations under the License. #include #include -#include "gen_filter.h" +#include #include "falco_common.h" #include "falco_engine.h" #include "outputs.h" diff --git a/userspace/falco/logger.h b/userspace/falco/logger.h index 2dab04b4c8b..ec7aeb6c760 100644 --- a/userspace/falco/logger.h +++ b/userspace/falco/logger.h @@ -17,7 +17,7 @@ limitations under the License. #pragma once -#include "sinsp.h" +#include #ifndef _WIN32 #include #endif diff --git a/userspace/falco/outputs.h b/userspace/falco/outputs.h index ac00f4544fa..70291fac026 100644 --- a/userspace/falco/outputs.h +++ b/userspace/falco/outputs.h @@ -21,7 +21,7 @@ limitations under the License. #include #include "falco_common.h" -#include "gen_filter.h" +#include #include namespace falco diff --git a/userspace/falco/stats_writer.cpp b/userspace/falco/stats_writer.cpp index cf6bf6821a7..7a643052be0 100644 --- a/userspace/falco/stats_writer.cpp +++ b/userspace/falco/stats_writer.cpp @@ -28,7 +28,8 @@ limitations under the License. #include "stats_writer.h" #include "logger.h" #include "config_falco.h" -#include "strl.h" +#include +#include // note: ticker_t is an uint16_t, which is enough because we don't care about // overflows here. Threads calling stats_writer::handle() will just diff --git a/userspace/falco/stats_writer.h b/userspace/falco/stats_writer.h index 5d67bac5f4c..155023e439b 100644 --- a/userspace/falco/stats_writer.h +++ b/userspace/falco/stats_writer.h @@ -21,7 +21,7 @@ limitations under the License. #include #include -#include +#include #ifndef __EMSCRIPTEN__ #include "tbb/concurrent_queue.h" diff --git a/userspace/falco/versions_info.cpp b/userspace/falco/versions_info.cpp index 678ea76c2e5..84719729c5a 100644 --- a/userspace/falco/versions_info.cpp +++ b/userspace/falco/versions_info.cpp @@ -20,7 +20,7 @@ limitations under the License. #include "config_falco.h" #include "falco_engine_version.h" -#include +#include // todo: move string conversion to scap static std::string get_driver_api_version(const std::shared_ptr& s) diff --git a/userspace/falco/versions_info.h b/userspace/falco/versions_info.h index 570a6b3f550..7316b90c5e6 100644 --- a/userspace/falco/versions_info.h +++ b/userspace/falco/versions_info.h @@ -20,7 +20,7 @@ limitations under the License. #include #include #include -#include +#include #include namespace falco diff --git a/userspace/falco/webserver.h b/userspace/falco/webserver.h index ad00beee687..7498b120574 100644 --- a/userspace/falco/webserver.h +++ b/userspace/falco/webserver.h @@ -21,7 +21,7 @@ limitations under the License. #include #include #include -#include +#include #include "configuration.h" class falco_webserver