github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-04 10:26:40 +00:00
Code Issues Projects Releases Wiki Activity

rule(macro user_known_k8s_client_container): Rephrase the comment

Browse Source 
Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
This commit is contained in:
Hiroki Suezawa 2019-12-07 06:57:46 +09:00 committed by Leo Di Donato
parent bcc84c47c6
commit 93fdf8ef61
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rules/falco_rules.yaml
View File

@ -2646,8 +2646,8 @@
- list: k8s_client_binaries - list: k8s_client_binaries
items: [docker, kubectl, crictl] items: [docker, kubectl, crictl]
# You can overwrite this macro to avoid false positives. # Whitelist for known docker client binaries run inside container
# (The default value is a condition for Kubernetes Cluster on GCP) # - k8s.gcr.io/fluentd-gcp-scaler in GCP/GKE
- macro: user_known_k8s_client_container - macro: user_known_k8s_client_container
condition: (k8s.ns.name="kube-system" and container.image.repository=k8s.gcr.io/fluentd-gcp-scaler) condition: (k8s.ns.name="kube-system" and container.image.repository=k8s.gcr.io/fluentd-gcp-scaler)