docs(proposals/20200828-structured-exception-handling): indentation

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
2025-07-30 21:55:56 +00:00 · 2020-11-11 16:40:38 +01:00 · 2020-11-11 16:40:38 +01:00 · 581d67fa08
commit 581d67fa08
parent b7bda6d892
1 changed files with 4 additions and 5 deletions
--- a/proposals/20200828-structured-exception-handling.md
+++ b/proposals/20200828-structured-exception-handling.md
@ -67,7 +67,7 @@ An important way to customize rules and macros is to use `append: true` to add t
  desc: Detect package repositories get updated
  condition: >
    ((open_write and access_repositories) or (modify and modify_repositories))
-`    and not package_mgmt_procs
+    and not package_mgmt_procs
    and not exe_running_docker_save
    and not user_known_update_package_registry
 ```
@ -149,7 +149,7 @@ To address some of these problems, we will add the notion of Exceptions as top l
     comps: [=, startswith]
   - name: proc_filenames
     fields: [proc.name, fd.name]
-	 comps: [=, in]
+     comps: [=, in]
   - name: filenames
     fields: fd.filename
     comps: in
@ -188,8 +188,8 @@ Exception values will most commonly be defined in rules with append: true. Here'
    - [docker.io/alpine, /usr/libexec/alpine]
  - name: proc_filenames
    values:
-	 - [apt, apt_files]
-	 - [rpm, [/bin/cp, /bin/pwd]]
+    - [apt, apt_files]
+    - [rpm, [/bin/cp, /bin/pwd]]
  - name: filenames
    values: [python, go]
 ```
@ -238,4 +238,3 @@ However, there are a few changes we'll have to make to Falco rules file parsing:
 * Similarly, Falco will reject rule objects with exception keys. We'll also probably want to change Falco to allow unknown keys inside rule/macro/list/exception objects.


-