From e2be47e3c28ee406c541ab5971d41d4737e7792b Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@sysdig.com>
Date: Wed, 5 Jul 2017 14:11:11 -0700
Subject: [PATCH] Allow update-ca-certi(ficates) to write below /etc

Truncation intentonal.
---
 rules/falco_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index a7df6d0d..6086be15 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -338,8 +338,8 @@
                           dev_creation_binaries, shell_mgmt_binaries,
                           ldconfig.real, ldconfig, confd, gpg, insserv,
                           apparmor_parser, update-mime, tzdata.config, tzdata.postinst,
-                          gen_resolvconf.)
                           systemd, systemd-machine, debconf-show, rollerd, bind9.postinst, sv,
+                          gen_resolvconf., update-ca-certi)
     and not proc.pname in (sysdigcloud_binaries)
     and not fd.directory in (/etc/cassandra, /etc/ssl/certs/java)
     and not ansible_running_python