Allow systemd-sysuser to write below /etc.

2025-08-26 09:58:55 +00:00 · 2017-07-06 17:08:18 -07:00 · 2017-07-06 17:08:18 -07:00 · 1c645862e1
commit 1c645862e1
parent f123313389
1 changed files with 2 additions and 1 deletions
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@ -341,7 +341,8 @@
                          dev_creation_binaries, shell_mgmt_binaries,
                          ldconfig.real, ldconfig, confd, gpg, insserv,
                          apparmor_parser, update-mime, tzdata.config, tzdata.postinst,
-                          systemd, systemd-machine, debconf-show, rollerd, bind9.postinst, sv,
+                          systemd, systemd-machine, systemd-sysuser,
                          debconf-show, rollerd, bind9.postinst, sv,
                          gen_resolvconf., update-ca-certi, certbot)
    and not proc.pname in (sysdigcloud_binaries)
    and not fd.directory in (/etc/cassandra, /etc/ssl/certs/java, /etc/logstash)