From 76943d24c9c199451bb5989656e04748eb7cfd3c Mon Sep 17 00:00:00 2001
From: rabbitstack <nedim.sabic@sysdig.com>
Date: Mon, 13 Oct 2025 15:10:06 +0200
Subject: [PATCH] fix(container): Propagate engine initialization errors to the
 caller

If the specific container engine worker fails
during initialization, the error is silently
skipped making it hard to troubleshoot the real problem. i
Instead, accumulate and bubble up all the errors to the async handler.

Signed-off-by: rabbitstack <nedim.sabic@sysdig.com>
---
 plugins/container/go-worker/main_exe.go    |  5 +++--
 plugins/container/go-worker/worker_api.go  | 18 ++++++++++++++----
 plugins/container/src/caps/async/async.cpp | 13 ++++++++++++-
 3 files changed, 29 insertions(+), 7 deletions(-)

diff --git a/plugins/container/go-worker/main_exe.go b/plugins/container/go-worker/main_exe.go
index eb2a16bd8..ad9479033 100644
--- a/plugins/container/go-worker/main_exe.go
+++ b/plugins/container/go-worker/main_exe.go
@@ -70,9 +70,10 @@ func main() {
 	fmt.Println("Starting worker")
 	cstr := C.CString(initCfg)
 	enabledSocks := C.CString("")
-	ptr := StartWorker((*[0]byte)(C.echo_cb), cstr, &enabledSocks)
+	errmsg := C.CString("")
+	ptr := StartWorker((*[0]byte)(C.echo_cb), cstr, &enabledSocks, &errmsg)
 	if ptr == nil {
-		fmt.Println("Failed to start worker; nothing configured?")
+		fmt.Println(fmt.Sprintf("Failed to start worker; nothing configured? %s", C.GoString(errmsg)))
 		os.Exit(1)
 	}
 	socks := C.GoString(enabledSocks)
diff --git a/plugins/container/go-worker/worker_api.go b/plugins/container/go-worker/worker_api.go
index 10d3f03b8..4fe84ae52 100644
--- a/plugins/container/go-worker/worker_api.go
+++ b/plugins/container/go-worker/worker_api.go
@@ -11,13 +11,15 @@ import "C"
 import (
 	"context"
 	"encoding/json"
-	"github.com/falcosecurity/plugin-sdk-go/pkg/ptr"
-	"github.com/falcosecurity/plugins/plugins/container/go-worker/pkg/config"
-	"github.com/falcosecurity/plugins/plugins/container/go-worker/pkg/container"
 	"runtime"
 	"runtime/cgo"
+	"strings"
 	"sync"
 	"unsafe"
+
+	"github.com/falcosecurity/plugin-sdk-go/pkg/ptr"
+	"github.com/falcosecurity/plugins/plugins/container/go-worker/pkg/config"
+	"github.com/falcosecurity/plugins/plugins/container/go-worker/pkg/container"
 )
 
 type PluginCtx struct {
@@ -29,7 +31,7 @@ type PluginCtx struct {
 }
 
 //export StartWorker
-func StartWorker(cb C.async_cb, initCfg *C.cchar_t, enabledSocks **C.cchar_t) unsafe.Pointer {
+func StartWorker(cb C.async_cb, initCfg *C.cchar_t, enabledSocks **C.cchar_t, errmsg **C.cchar_t) unsafe.Pointer {
 	var (
 		pluginCtx PluginCtx
 		ctx       context.Context
@@ -61,11 +63,15 @@ func StartWorker(cb C.async_cb, initCfg *C.cchar_t, enabledSocks **C.cchar_t) un
 		return nil
 	}
 
+	var errs strings.Builder
 	containerEngines := make([]container.Engine, 0)
 	enabledEngines := make(map[string][]string)
+
 	for _, generator := range generators {
 		engine, err := generator(ctx)
 		if err != nil {
+			errs.WriteString(err.Error())
+			errs.WriteByte('\n')
 			continue
 		}
 		containerEngines = append(containerEngines, engine)
@@ -82,6 +88,10 @@ func StartWorker(cb C.async_cb, initCfg *C.cchar_t, enabledSocks **C.cchar_t) un
 		}
 	}
 
+	if errs.Len() > 0 {
+		*errmsg = C.CString(errs.String())
+	}
+
 	pluginCtx.fetchCh = make(chan string, fetchChSize)
 
 	// Always append the dummy engine that is required to
diff --git a/plugins/container/src/caps/async/async.cpp b/plugins/container/src/caps/async/async.cpp
index eb7a93835..216f5108d 100644
--- a/plugins/container/src/caps/async/async.cpp
+++ b/plugins/container/src/caps/async/async.cpp
@@ -43,11 +43,22 @@ bool my_plugin::start_async_events(
     m_logger.log("starting async go-worker",
                  falcosecurity::_internal::SS_PLUGIN_LOG_SEV_DEBUG);
     nlohmann::json j(m_cfg);
+
     const char *enabled_engines = nullptr;
+    const char *err = nullptr;
+
     m_async_ctx = StartWorker(generate_async_event<ASYNC_HANDLER_GO_WORKER>,
-                              j.dump().c_str(), &enabled_engines);
+                              j.dump().c_str(), &enabled_engines, &err);
     m_logger.log(fmt::format("attached engine sockets: {}", enabled_engines),
                  falcosecurity::_internal::SS_PLUGIN_LOG_SEV_DEBUG);
+
+    if(err)
+    {
+        m_logger.log(fmt::format("failed to start async go-worker: {}", err),
+                     falcosecurity::_internal::SS_PLUGIN_LOG_SEV_ERROR);
+        free((void *)err);
+    }
+
     free((void *)enabled_engines);
 
     // Merge back pre-existing containers to our cache