From ab8ab8fbd0298b7a551a1f2699ca3793dbefc4f6 Mon Sep 17 00:00:00 2001
From: Roberto Scolaro <roberto.scolaro21@gmail.com>
Date: Thu, 2 Feb 2023 16:31:03 +0100
Subject: [PATCH] fix(scripts): make /usr/share/falco writable

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>
---
 scripts/systemd/falcoctl-artifact-follow.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/systemd/falcoctl-artifact-follow.service b/scripts/systemd/falcoctl-artifact-follow.service
index 1fe73980..0089e84a 100644
--- a/scripts/systemd/falcoctl-artifact-follow.service
+++ b/scripts/systemd/falcoctl-artifact-follow.service
@@ -14,6 +14,7 @@ Restart=on-failure
 PrivateTmp=true
 NoNewPrivileges=yes
 ProtectSystem=true
+ReadWriteDirectories=/usr/share/falco
 ProtectKernelTunables=true
 RestrictRealtime=true