From 6c9bce6f73dd1d24bd2cf2fda705b83906a9e498 Mon Sep 17 00:00:00 2001
From: kaizhe <derek0405@gmail.com>
Date: Mon, 18 Nov 2019 20:50:08 -0800
Subject: [PATCH] update k8s audit rule

Signed-off-by: kaizhe <derek0405@gmail.com>
---
 rules/k8s_audit_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/k8s_audit_rules.yaml b/rules/k8s_audit_rules.yaml
index 4d01c74d..82a0b585 100644
--- a/rules/k8s_audit_rules.yaml
+++ b/rules/k8s_audit_rules.yaml
@@ -124,7 +124,7 @@
 
 - macro: sensitive_vol_mount
   condition: >
-    (ka.req.pod.volumes.hostpath intersects (/proc, /var/run/docker.sock, /, /etc, /root, /var/run/crio/crio.sock, /home))
+    (ka.req.pod.volumes.hostpath intersects (/proc, /var/run/docker.sock, /, /etc, /root, /var/run/crio/crio.sock, /home/admin))
 
 - rule: Create Sensitive Mount Pod
   desc: >