mirror of
https://github.com/falcosecurity/falco.git
synced 2025-08-30 12:30:56 +00:00
new(test): test case about illogical drop actions
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
parent
e3f7cdab20
commit
5380fe5308
@ -26,7 +26,7 @@ make test-trace-files
|
||||
|
||||
It prepares the fixtures (`json` and `scap` files) needed by the integration tests.
|
||||
|
||||
Using `virtualenv` the steps to locally run a specific test suite are the following ones (from this directory):
|
||||
Using `virtualenv` the steps to locally run a specific test suite are the following ones (**from this directory**):
|
||||
|
||||
```console
|
||||
virtualenv venv
|
||||
|
12
test/confs/drops_ignore_log.yaml
Normal file
12
test/confs/drops_ignore_log.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
syscall_event_drops:
|
||||
actions:
|
||||
- ignore
|
||||
- log
|
||||
rate: .03333
|
||||
max_burst: 10
|
||||
simulate_drops: true
|
||||
|
||||
stdout_output:
|
||||
enabled: true
|
||||
|
||||
log_stderr: true
|
@ -1227,6 +1227,15 @@ trace_files: !mux
|
||||
stdout_not_contains:
|
||||
- "Falco internal: syscall event drop"
|
||||
|
||||
monitor_syscall_drops_ignore_and_log:
|
||||
exit_status: 1
|
||||
rules_file:
|
||||
- rules/single_rule.yaml
|
||||
conf_file: confs/drops_ignore_log.yaml
|
||||
trace_file: trace_files/ping_sendto.scap
|
||||
stderr_contains:
|
||||
- "syscall event drop action \"log\" does not make sense with the \"ignore\" action"
|
||||
|
||||
monitor_syscall_drops_log:
|
||||
exit_status: 0
|
||||
rules_file:
|
||||
|
Loading…
Reference in New Issue
Block a user