chore: renaming comment references

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com> Co-authored-by: Federico Di Pierro <nierro92@gmail.com> Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
2025-06-30 16:42:14 +00:00 · 2021-11-16 17:41:17 +00:00 · 2021-11-16 17:41:17 +00:00 · 85db078dc4
commit 85db078dc4
parent 23706da75e
4 changed files with 6 additions and 6 deletions
--- a/docker/builder/root/usr/bin/usage
+++ b/docker/builder/root/usr/bin/usage
@ -18,7 +18,7 @@ How to use.
    * docker run -ti falcosecurity/falco-builder bash

    To build Falco it needs:
-    - a bind-mount on the source directory (ie., the directory containing Falco and sysdig source as siblings)
+    - a bind-mount on the source directory (ie., the directory containing the Falco source as sibling)

    Optionally, you can also bind-mount the build directory.
    So, you can execute it from the Falco root directory as follows.
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@ -220,7 +220,7 @@
    ]

 # The truncated dpkg-preconfigu is intentional, process names are
-# truncated at the sysdig level.
+# truncated at the falcosecurity-libs level.
 - list: package_mgmt_binaries
  items: [rpm_binaries, deb_binaries, update-alternat, gem, pip, pip3, sane-utils.post, alternatives, chef-client, apk, snapd]

@ -1905,7 +1905,7 @@

 # For now, only considering a full mount of /etc as
 # sensitive. Ideally, this would also consider all subdirectories
-# below /etc as well, but the globbing mechanism used by sysdig
+# below /etc as well, but the globbing mechanism
 # doesn't allow exclusions of a full pattern, only single characters.
 - macro: sensitive_mount
  condition: (container.mount.dest[/proc*] != "N/A" or
@ -2953,7 +2953,7 @@

 # The two Container Drift rules below will fire when a new executable is created in a container.
 # There are two ways to create executables - file is created with execution permissions or permissions change of existing file.
-# We will use a new sysdig filter, is_open_exec, to find all files creations with execution permission, and will trace all chmods in a container.
+# We will use a new filter, is_open_exec, to find all files creations with execution permission, and will trace all chmods in a container.
 # The use case we are targeting here is an attempt to execute code that was not shipped as part of a container (drift) -
 # an activity that might be malicious or non-compliant.
 # Two things to pay attention to:
--- a/userspace/engine/lua/parser.lua
+++ b/userspace/engine/lua/parser.lua
@ -18,7 +18,7 @@

   Much of the scaffolding and helpers was derived from Andre Murbach Maidl's Lua parser (https://github.com/andremm/lua-parser).

-   While this is based on the sysdig filtering syntax (*), the Falco syntax is extended to support "macro" terms, which are just identifiers.
+   While this is based on the falcosecurity-libs filtering syntax (*), the Falco syntax is extended to support "macro" terms, which are just identifiers.

   (*) There is currently one known difference with the syntax implemented in libsinsp: In libsinsp, field names cannot start with 'a', 'o', or 'n'. With this parser they can.

--- a/userspace/falco/falco.cpp
+++ b/userspace/falco/falco.cpp
@ -1327,7 +1327,7 @@ int falco_init(int argc, char **argv)

 		if(trace_filename.size())
 		{
-			// Try to open the trace file as a sysdig
+			// Try to open the trace file as a
 			// capture file first.
 			try {
 				inspector->open(trace_filename);