Skip to content

Commit

Permalink
fix: the correct usage is <NA> not N/A
Browse files Browse the repository at this point in the history
Signed-off-by: Andrea Terzolo <[email protected]>
  • Loading branch information
Andreagit97 committed Apr 26, 2024
1 parent e65f251 commit 4113b43
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 13 deletions.
2 changes: 1 addition & 1 deletion rules/falco-incubating_rules.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -769,7 +769,7 @@
# https://github.com/draios/sysdig/issues/954). So in that case, allow
# a setuid.
- macro: known_user_in_container
condition: (container and user.name != "N/A")
condition: (container and user.name != <NA>)

# Add conditions to this macro (probably in a separate file,
# overwriting this macro) to allow for specific combinations of
Expand Down
24 changes: 12 additions & 12 deletions rules/falco-sandbox_rules.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1247,18 +1247,18 @@
# below /etc as well, but the globbing mechanism
# doesn't allow exclusions of a full pattern, only single characters.
- macro: sensitive_mount
condition: (container.mount.dest[/proc*] != "N/A" or
container.mount.dest[/var/run/docker.sock] != "N/A" or
container.mount.dest[/var/run/crio/crio.sock] != "N/A" or
container.mount.dest[/run/containerd/containerd.sock] != "N/A" or
container.mount.dest[/var/lib/kubelet] != "N/A" or
container.mount.dest[/var/lib/kubelet/pki] != "N/A" or
container.mount.dest[/] != "N/A" or
container.mount.dest[/home/admin] != "N/A" or
container.mount.dest[/etc] != "N/A" or
container.mount.dest[/etc/kubernetes] != "N/A" or
container.mount.dest[/etc/kubernetes/manifests] != "N/A" or
container.mount.dest[/root*] != "N/A")
condition: (container.mount.dest[/proc*] != <NA> or
container.mount.dest[/var/run/docker.sock] != <NA> or
container.mount.dest[/var/run/crio/crio.sock] != <NA> or
container.mount.dest[/run/containerd/containerd.sock] != <NA> or
container.mount.dest[/var/lib/kubelet] != <NA> or
container.mount.dest[/var/lib/kubelet/pki] != <NA> or
container.mount.dest[/] != <NA> or
container.mount.dest[/home/admin] != <NA> or
container.mount.dest[/etc] != <NA> or
container.mount.dest[/etc/kubernetes] != <NA> or
container.mount.dest[/etc/kubernetes/manifests] != <NA> or
container.mount.dest[/root*] != <NA>)

- rule: Launch Sensitive Mount Container
desc: >
Expand Down

0 comments on commit 4113b43

Please sign in to comment.