chore(rules): add renameat2 to rename macro

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
2025-09-17 07:18:26 +00:00 · 2020-08-18 09:58:15 +02:00
parent ff77a36a03
commit 1f1f7c16b6
1 changed files with 3 additions and 2 deletions
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -55,11 +55,12 @@
 - macro: proc_name_exists
  condition: (proc.name!="<NA>")

-# todo(leogr): we miss "renameat2", but it's not yet supported by sinsp
 - macro: rename
-  condition: evt.type in (rename, renameat)
+  condition: evt.type in (rename, renameat, renameat2)
+
 - macro: mkdir
  condition: evt.type in (mkdir, mkdirat)
+
 - macro: remove
  condition: evt.type in (rmdir, unlink, unlinkat)