From 88ed98ce81cfedaff079e6b9403e9068737a8f97 Mon Sep 17 00:00:00 2001
From: kaizhe <derek0405@gmail.com>
Date: Mon, 17 Jun 2019 12:35:28 -0700
Subject: [PATCH] update to macro

Signed-off-by: kaizhe <derek0405@gmail.com>
---
 rules/falco_rules.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 6af25792..39d7ff9e 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -1677,12 +1677,12 @@
 - list: trusted_images
   items: []
 
-# NOTE: This list is only provided for backwards compatibility with
+# NOTE: This macro is only provided for backwards compatibility with
 # older local falco rules files that may have been appending to
-# trusted_containers. To make customizations, it's better to add containers to
-# user_trusted_containers, user_priivleged_containers or user_sensitive_mount_containers.
-- list: trusted_containers
-  items: []
+# trusted_images. To make customizations, it's better to add containers to
+# user_trusted_containers, user_privileged_containers or user_sensitive_mount_containers.
+- macro: trusted_containers
+  condition: (container.image.repository in (trusted_images))
 
 # Add conditions to this macro (probably in a separate file,
 # overwriting this macro) to specify additional containers that are