doublez13
doublez13
Yeah I currently have the VRRP address set to prefer the node that is running traefik. ``` vrrp_script chk_traefik { #script "pgrep traefik" #Had to use this on debian distros...
I'll give that a try for sure. What volume driver do you use?
The required patch has landed in AppArmor 4.1.
I'm away from my computer for awhile (just phone). You're welcome to rebase and merge, or I can do it later.
https://falco.org/docs/reference/rules/default-rules/ ``` By default, only the stable rules are loaded by Falco, you can install the sandbox or incubating rules by referencing them in the Helm chart: helm install falco...
I'm also seeing fields missing from certain alerts. Some have them populated while others don't. For instance, popping a shell into a terminal triggers the following alert, but the fields...
> @doublez13 have you checked the socket filepath exits? The socket file on the host is at `/run/containerd/containerd.sock`, which then appears to get mounted in the falco container at `/host/run/containerd/containerd.sock`....
@leogr > The missing capability is `CAP_DAC_READ_SEARCH`. You can add it using the `containerSecurityContext` option in the helm chart. So, if possible for you, give it a try with: Unfortunately...
> Is AppArmor enabled on your system? If yes, this should be the only possible cause. If this is the case, we don't have a solution at this time, so...
For documentation, should this option be added to the Misc section?