mirror of
https://github.com/falcosecurity/falco.git
synced 2025-07-04 18:36:48 +00:00
update k8s audit rule
Signed-off-by: kaizhe <derek0405@gmail.com>
This commit is contained in:
parent
7c33fafe89
commit
6c9bce6f73
@ -124,7 +124,7 @@
|
||||
|
||||
- macro: sensitive_vol_mount
|
||||
condition: >
|
||||
(ka.req.pod.volumes.hostpath intersects (/proc, /var/run/docker.sock, /, /etc, /root, /var/run/crio/crio.sock, /home))
|
||||
(ka.req.pod.volumes.hostpath intersects (/proc, /var/run/docker.sock, /, /etc, /root, /var/run/crio/crio.sock, /home/admin))
|
||||
|
||||
- rule: Create Sensitive Mount Pod
|
||||
desc: >
|
||||
|
Loading…
Reference in New Issue
Block a user