mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 11:29:26 +00:00
010083538f
* Fix parentheses for rpm_procs macro Ensures a preceding not will apply to the whole macro * Let anything write to /etc/fluent/configs.d It looks like a lot of scripted programs (shell scripts running cp, sed, arbitrary ruby programs) are run by fluentd to set up config. They're too generic to identify, so jut add /etc/fluent/configs.d to safe_etc_dirs, sadly. * Let java setup write to /etc/passwd in containers /opt/jboss/container/java/run/run-java.sh and /opt/run-java/run-java.sh write to /etc/passwd in a contaner, probably to add a user. Add an exception for them.