Let pkt-agent become themself.

2025-09-17 15:28:18 +00:00 · 2017-08-24 08:59:33 -07:00
parent 1cdacc1494
commit 70e49161b1
1 changed files with 2 additions and 1 deletions
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -755,7 +755,8 @@
  condition: ((user.name=nobody and evt.arg.uid=nobody) or
              (user.name=www-data and evt.arg.uid=www-data) or
              (user.name=_apt and evt.arg.uid=_apt) or
-              (user.name=postfix and evt.arg.uid=postfix))
+              (user.name=postfix and evt.arg.uid=postfix) or
+              (user.name=pki-agent and evt.arg.uid=pki-agent))

 # sshd, mail programs attempt to setuid to root even when running as non-root. Excluding here to avoid meaningless FPs
 - rule: Non sudo setuid