Add addl shell spawn conditions

flock can spawn shells, new allowed shell cmdline.
2025-06-29 16:17:32 +00:00 · 2017-11-08 13:41:43 -08:00 · 2017-11-08 13:41:43 -08:00 · 2467766f07
commit 2467766f07
parent 2cbff6ff70
1 changed files with 2 additions and 1 deletions
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@ -1058,6 +1058,7 @@
    '"sh -c getconf CLK_TCK"',
    '"sh -c getconf PAGESIZE"',
    '"sh -c LC_ALL=C LANG=C /sbin/ldconfig -p 2>/dev/null"',
+    '"sh -c LANG=C /sbin/ldconfig -p 2>/dev/null"',
    '"sh -c /sbin/ldconfig -p 2>/dev/null"',
    '"sh -c stty -a 2>/dev/null"',
    '"sh -c node index.js"',
@ -1133,7 +1134,7 @@
                           runsv, supervisord, varnishd, crond, logrotate, timeout, tini,
                           xrdb, xfce4-session, weave, logdna-agent, bundle, configure, luajit, nginx,
                           beam.smp, paster, postfix-local, hawkular-metric, fluentd, x2gormforward,
-                           '"[celeryd:"')
+                           '"[celeryd:"', flock)
    and not trusted_containers
    and not shell_spawning_containers
    and not parent_java_running_echo