From d3fdcd591cd043866642e8ba89f31779359d5489 Mon Sep 17 00:00:00 2001
From: Petter Reinholdtsen <pere@hungry.com>
Date: Wed, 15 Nov 2023 12:18:49 +0100
Subject: [PATCH] Changed required_engine_version from 0.26.0 to 26.

The 0.36.2 parser reject the 0.26.0 value and falco --version
report engine_version as 26, so using this number as the value.

Signed-off-by: Petter Reinholdtsen <pere@hungry.com>
---
 rules/falco-incubating_rules.yaml | 2 +-
 rules/falco-sandbox_rules.yaml    | 2 +-
 rules/falco_rules.yaml            | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/falco-incubating_rules.yaml b/rules/falco-incubating_rules.yaml
index 27174c6d..47d368e2 100644
--- a/rules/falco-incubating_rules.yaml
+++ b/rules/falco-incubating_rules.yaml
@@ -25,7 +25,7 @@
 
 # Starting with version 8, the Falco engine supports exceptions.
 # However the Falco rules file does not use them by default.
-- required_engine_version: 0.26.0
+- required_engine_version: 26
 
 - macro: open_write
   condition: (evt.type in (open,openat,openat2) and evt.is_open_write=true and fd.typechar='f' and fd.num>=0)
diff --git a/rules/falco-sandbox_rules.yaml b/rules/falco-sandbox_rules.yaml
index 945244b8..cc9306d1 100644
--- a/rules/falco-sandbox_rules.yaml
+++ b/rules/falco-sandbox_rules.yaml
@@ -25,7 +25,7 @@
 
 # Starting with version 8, the Falco engine supports exceptions.
 # However the Falco rules file does not use them by default.
-- required_engine_version: 0.26.0
+- required_engine_version: 26
 
 # Currently disabled as read/write are ignored syscalls. The nearly
 # similar open_write/open_read check for files being opened for
diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index c3738b0c..9433ee9d 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -25,7 +25,7 @@
 
 # Starting with version 8, the Falco engine supports exceptions.
 # However the Falco rules file does not use them by default.
-- required_engine_version: 0.26.0
+- required_engine_version: 26
 
 # Currently disabled as read/write are ignored syscalls. The nearly
 # similar open_write/open_read check for files being opened for