mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-22 03:49:36 +00:00
dc44655ec2
Move entrypoint detection to its own macro. Also consider something the entrypoint if its parent is runc:[0:PARENT]. There's a race where runc:[0:PARENT] exits in parallel with the root program being execd, so the parent might not exist or might have this name.