From 32bae35de229bee2452fa945513f5e5c1134dde8 Mon Sep 17 00:00:00 2001
From: Nicolas Marier <nmarier@coveo.com>
Date: Mon, 29 Jun 2020 15:10:00 -0400
Subject: [PATCH] rule(list package_mgmt_binaries): add snapd to list

Snap is a package manager by Canonical which was not in the
`package_mgmt_binaries` list.

Signed-off-by: Nicolas Marier <nmarier@coveo.com>
---
 rules/falco_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 1ecd8c53..a2c3f795 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -232,7 +232,7 @@
 # The truncated dpkg-preconfigu is intentional, process names are
 # truncated at the sysdig level.
 - list: package_mgmt_binaries
-  items: [rpm_binaries, deb_binaries, update-alternat, gem, pip, pip3, sane-utils.post, alternatives, chef-client, apk]
+  items: [rpm_binaries, deb_binaries, update-alternat, gem, pip, pip3, sane-utils.post, alternatives, chef-client, apk, snapd]
 
 - macro: package_mgmt_procs
   condition: proc.name in (package_mgmt_binaries)