github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-27 07:07:23 +00:00
Code Issues Projects Releases Wiki Activity

new(falco): do not alert on syscall frequency when gvisor is enabled

Browse Source 
Signed-off-by: Luca Guerra <luca@guerra.sh>
This commit is contained in:
Luca Guerra 2022-06-20 14:47:59 +00:00 committed by poiana
parent 927c1c4126
commit 0ba492c280
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
userspace/falco/app_actions/process_events.cpp
View File

@ -101,7 +101,8 @@ application::run_result application::do_inspect(syscall_evt_drop_mgr &sdropmgr,
{
timeouts_since_last_success_or_msg++;
if(timeouts_since_last_success_or_msg > m_state->config->m_syscall_evt_timeout_max_consecutives
&& is_syscall_source_enabled())
&& is_syscall_source_enabled()
&& !is_gvisor_enabled())
{
std::string rule = "Falco internal: timeouts notification";
std::string msg = rule + ". " + std::to_string(m_state->config->m_syscall_evt_timeout_max_consecutives) + " consecutive timeouts without event.";