github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 15:47:25 +00:00
Code Issues Projects Releases Wiki Activity

new(falco): do not alert on syscall frequency when gvisor is enabled

Browse Source 
Signed-off-by: Luca Guerra <luca@guerra.sh>
This commit is contained in:
Luca Guerra 2022-06-20 14:47:59 +00:00 committed by poiana
parent 927c1c4126
commit 0ba492c280
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
userspace/falco/app_actions/process_events.cpp
View File

@ -101,7 +101,8 @@ application::run_result application::do_inspect(syscall_evt_drop_mgr &sdropmgr,
{ {
timeouts_since_last_success_or_msg++; timeouts_since_last_success_or_msg++;
if(timeouts_since_last_success_or_msg > m_state->config->m_syscall_evt_timeout_max_consecutives if(timeouts_since_last_success_or_msg > m_state->config->m_syscall_evt_timeout_max_consecutives
&& is_syscall_source_enabled()) && is_syscall_source_enabled()
&& !is_gvisor_enabled())
{ {
std::string rule = "Falco internal: timeouts notification"; std::string rule = "Falco internal: timeouts notification";
std::string msg = rule + ". " + std::to_string(m_state->config->m_syscall_evt_timeout_max_consecutives) + " consecutive timeouts without event."; std::string msg = rule + ". " + std::to_string(m_state->config->m_syscall_evt_timeout_max_consecutives) + " consecutive timeouts without event.";