From 77a5429cae7e441467dc13c86bf5cf9e7feb23e8 Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@sysdig.com>
Date: Fri, 30 Dec 2016 11:05:34 -0800
Subject: [PATCH] Add cchh/sysdig as a trusted container.

Add cchh/sysdig as a trusted container. We'll probably remove this once
the next agent release occurs that has the fix
https://github.com/draios/falco/pull/177.

Also reformat to avoid long lines.
---
 rules/falco_rules.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 676a3931..e86ad091 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -287,7 +287,12 @@
   priority: WARNING
 
 - macro: trusted_containers
-  condition: (container.image startswith sysdig/agent or container.image startswith sysdig/falco or container.image startswith sysdig/sysdig or container.image startswith gcr.io/google_containers/hyperkube or container.image startswith gcr.io/google_containers/kube-proxy)
+  condition: (container.image startswith sysdig/agent or
+              container.image startswith sysdig/falco or
+              container.image startswith sysdig/sysdig or
+              container.image startswith gcr.io/google_containers/hyperkube or
+              container.image startswith gcr.io/google_containers/kube-proxy or
+              container.image startswith cchh/sysdig)
 
 - rule: File Open by Privileged Container
   desc: Any open by a privileged container. Exceptions are made for known trusted images.