mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-22 12:27:10 +00:00
b8cdb8e46c
The ignored syscalls in macros were: - write: renamed to open_write to make its weaker resolution more apparent. Checks for open with any flag that could change a file. - read: renamed to open_read. Checks for open with any read flag. - sendto: I couldn't think of any way to replace this, so I simply removed it with a comment. I kept the original read/write macros commented out with a note that they use ignored syscalls. I have not tested these changes yet other than verifying that falco starts properly.