mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 19:44:57 +00:00
2ebe9e06a8
Combine parent_php_running_builds and parent_ruby_running_gcc into a single parent_scripting_running_builds which handles the general case of some script running some make/compilation related program. Also add some build-related command line prefixes. Allow supervisor-related programs to spawn shells and access sensitive files. Allow sendmail config binaries to write below etc directly (their children already could). Add some directories related to phusion (system-as-a-container). For a few rules add parent programs in the output so it's easier to diagnose the context for an event. Let varnishd spawn shells.