From 85ca1eb3dd9614860805a9e1ee98ada6c7ecfea5 Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@gmail.com>
Date: Wed, 22 Jun 2022 12:14:33 -0700
Subject: [PATCH] fix(app_actions): perform validate_rules before load_rules
 action

Perform the validate_rules action before the load_rules action. This
ensures that *only* the rules files named with -V arguments are
validated.

This fixes https://github.com/falcosecurity/falco/issues/2087.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
---
 userspace/falco/application.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/userspace/falco/application.cpp b/userspace/falco/application.cpp
index 489b9de4..3752ec23 100644
--- a/userspace/falco/application.cpp
+++ b/userspace/falco/application.cpp
@@ -133,10 +133,10 @@ bool application::run(std::string &errstr, bool &restart)
 		std::bind(&application::init_falco_engine, this),
 		std::bind(&application::list_fields, this),
 		std::bind(&application::list_plugins, this),
+		std::bind(&application::validate_rules_files, this),
 		std::bind(&application::load_rules_files, this),
 		std::bind(&application::print_ignored_events, this),
 		std::bind(&application::print_support, this),
-		std::bind(&application::validate_rules_files, this),
 		std::bind(&application::attach_inotify_signals, this),
 		std::bind(&application::daemonize, this),
 		std::bind(&application::init_outputs, this),