mirror of
https://github.com/falcosecurity/falco.git
synced 2026-04-05 03:22:41 +00:00
ddedf595ba
- Move evt.type checks to the front of rules. This is necessary to avoid warnings now that event types are automatically extracted during rule parsing and used to bind each rule with a specific set of events. - Explicitly specify open for O_CREAT. With the change to event-specific filters, it's necessary to associate a search for O_CREAT with evt.type=open.