From 011cb2f0309012d4d096929e5a7bbbd57b5600d1 Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@sysdig.com>
Date: Mon, 25 Sep 2017 08:24:48 -0700
Subject: [PATCH] Also let mailq setuid.

Simialr to showq
---
 rules/falco_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 2a9b8dfa..969a1f48 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -221,7 +221,7 @@
   condition: proc.name in (coreutils_binaries, user_mgmt_binaries)
 
 - list: mail_binaries
-  items: [sendmail, sendmail-msp, postfix, procmail, exim4, pickup, showq]
+  items: [sendmail, sendmail-msp, postfix, procmail, exim4, pickup, showq, mailq]
 
 - list: sendmail_config_binaries
   items: [