-
Notifications
You must be signed in to change notification settings - Fork 913
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rule update: add back trusted_containers list for backport compatibility #675
Conversation
Signed-off-by: kaizhe <[email protected]>
@Kaizhe: There is not a label identifying the kind of this PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
rules/falco_rules.yaml
Outdated
@@ -1677,6 +1677,10 @@ | |||
- list: trusted_images | |||
items: [] | |||
|
|||
# Backport compatibility |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add a longer comment block like the one for trusted_images that specifically says this is only for backwards compatibility and instead the changes should be made to *_privileged_images or _sensitive_mount_images if possible, and *_privileged_containers/_sensitive_mount_containers as a backup?
rules/falco_rules.yaml
Outdated
@@ -1677,6 +1677,10 @@ | |||
- list: trusted_images | |||
items: [] | |||
|
|||
# Backport compatibility | |||
- list: trusted_containers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think trusted_containers used to be a macro, right? In that case it should be a macro here and also it should be added to all the rules that might rely on that list.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so it should be
- macro: trusted_containers
condition: container.image.repository in (trusted_images)
Signed-off-by: kaizhe <[email protected]>
Signed-off-by: kaizhe <[email protected]>
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mstemm The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
LGTM label has been added. Git tree hash: e2d238079a3a40749ed06041ebd647d4cdede0fc
|
Signed-off-by: kaizhe [email protected]
What type of PR is this?
/kind bug
Any specific area of the project related to this PR?
What this PR does / why we need it:
For backport compatibility
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Does this PR introduce a user-facing change?: