From 2f8caf99cde62d95736f398a11ba214326365e38 Mon Sep 17 00:00:00 2001
From: kaizhe <derek0405@gmail.com>
Date: Tue, 3 Dec 2019 11:43:46 -0800
Subject: [PATCH] rule update: align sensitive mount macro between k8s_audit
 rules and syscall rules

Signed-off-by: kaizhe <derek0405@gmail.com>
---
 rules/k8s_audit_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/k8s_audit_rules.yaml b/rules/k8s_audit_rules.yaml
index c7f8acea..aa03ed41 100644
--- a/rules/k8s_audit_rules.yaml
+++ b/rules/k8s_audit_rules.yaml
@@ -125,7 +125,7 @@
 
 - macro: sensitive_vol_mount
   condition: >
-    (ka.req.pod.volumes.hostpath intersects (/proc, /var/run/docker.sock, /, /etc, /root, /var/run/crio/crio.sock, /home/admin))
+    (ka.req.pod.volumes.hostpath intersects (/proc, /var/run/docker.sock, /, /etc, /root, /var/run/crio/crio.sock, /home/admin, /var/lib/kubelet, /var/lib/kubelet/pki, /etc/kubernetes, /etc/kubernetes/manifests))
 
 - rule: Create Sensitive Mount Pod
   desc: >