rule(macro user_known_k8s_client_container): Rephrase the comment

Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
2025-07-02 17:42:18 +00:00 · 2019-12-07 06:57:46 +09:00 · 2019-12-07 06:57:46 +09:00 · 93fdf8ef61
commit 93fdf8ef61
parent bcc84c47c6
1 changed files with 2 additions and 2 deletions
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@ -2646,8 +2646,8 @@
 - list: k8s_client_binaries
  items: [docker, kubectl, crictl]

-# You can overwrite this macro to avoid false positives.
-# (The default value is a condition for Kubernetes Cluster on GCP) 
+# Whitelist for known docker client binaries run inside container
+# - k8s.gcr.io/fluentd-gcp-scaler in GCP/GKE 
 - macro: user_known_k8s_client_container
  condition: (k8s.ns.name="kube-system" and container.image.repository=k8s.gcr.io/fluentd-gcp-scaler)