github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-21 11:29:26 +00:00
Code Issues Projects Releases Wiki Activity

rules: adding support to openat2

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce
2021-11-18 14:28:21 +00:00
committed by poiana
parent 697d4427a7
commit 2a00a4d853
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/rules/tagged_rules.yaml
View File

@@ -15,7 +15,7 @@
# limitations under the License.
#
- macro: open_read
condition: (evt.type=open or evt.type=openat) and evt.is_open_read=true and fd.typechar='f'
condition: evt.type in (open,openat,openat2) and evt.is_open_read=true and fd.typechar='f'
- rule: open_1
desc: open one