From 1221399ac5ed8f3dfd6e13db51929b7731316932 Mon Sep 17 00:00:00 2001 From: Mark Stemm Date: Fri, 14 Jul 2017 09:14:16 -0700 Subject: [PATCH] Allow writes below /etc/nginx/conf.d The nginx docker hub container will write below that directory at startup. --- rules/falco_rules.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml index 7e83cfac..40687ed8 100644 --- a/rules/falco_rules.yaml +++ b/rules/falco_rules.yaml @@ -345,7 +345,7 @@ debconf-show, rollerd, bind9.postinst, sv, gen_resolvconf., update-ca-certi, certbot) and not proc.pname in (sysdigcloud_binaries) - and not fd.directory in (/etc/cassandra, /etc/ssl/certs/java, /etc/logstash) + and not fd.directory in (/etc/cassandra, /etc/ssl/certs/java, /etc/logstash, /etc/nginx/conf.d) and not ansible_running_python and not python_running_denyhosts