You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you try to run falco 0.13.0 with -pk/-pc, falco won't start:
Wed Nov 14 01:12:58 2018: Runtime error: Error loading rules: [string "-- Copyright (C) 2016-2018 Draios Inc dba Sys..."]:520: Invalid output format 'K8s Operation performed by user not in allowed list of users (user=%ka.user.name target=%ka.target.name/%ka.target.resource verb=%ka.verb uri=%ka.uri resp=%ka.response.code) k8s.pod=%k8s.pod.name container=%container.id': 'Could not parse format string "K8s Operation performed by user not in allowed list of users (user=%ka.user.name target=%ka.target.name/%ka.target.resource verb=%ka.verb uri=%ka.uri resp=%ka.response.code) k8s.pod=%k8s.pod.name container=%container.id": unknown filtercheck field k8s.pod.name container=%container.id'. Exiting.
The problem is that -pk/-pc add an implicit %container.info to the output of every rule. It should only do that for source=syscall rules.
The text was updated successfully, but these errors were encountered:
If you try to run falco 0.13.0 with -pk/-pc, falco won't start:
The problem is that -pk/-pc add an implicit %container.info to the output of every rule. It should only do that for source=syscall rules.
The text was updated successfully, but these errors were encountered: