falcosecurity
BUG
root@pgq-virtual-machine:/home/pgq/Desktop/falco/build# ./userspace/falco/falco -c ../falco.yaml -r ../rules/falco_rules.yaml Wed Jul 30 10:20:31 2025: Falco version: 0.50.0-dirty (x86_64) Wed Jul 30 10:20:31 2025: Falco initialized with configuration files: Wed Jul 30 10:20:31 2025: ../falco.yaml | schema validation: ok Wed Jul 30 10:20:31 2025: System info: Linux version 6.8.0-65-generic (buildd@lcy02-amd64-003) (x86_64-linux-gnu-gcc-12 (Ubuntu 12.3.0-1ubuntu1~22.04) 12.3.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #68~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Jul 15 18:06:34 UTC 2 Wed Jul 30 10:20:31 2025: Loading rules from: Wed Jul 30 10:20:31 2025: ../rules/falco_rules.yaml | schema validation: ok Error: ../rules/falco_rules.yaml: Invalid 1 Errors: In rules content: (../rules/falco_rules.yaml:0:0) rule 'Read sensitive file untrusted': (../rules/falco_rules.yaml:397:2) rule condition: (../rules/falco_rules.yaml:405:13) condition expression: ("open_read and sen...":406:15)
...wn_read_sensitive_files_activities and not user_read_sensitive_file_containers ^
LOAD_ERR_COMPILE_CONDITION (Error compiling condition): filter_check called with nonexistent field container.id
Describe the bug
How to reproduce it
Expected behaviour
Screenshots
Environment
- Falco version:
- System info:
- Cloud provider or hardware configuration:
- OS:
- Kernel:
- Installation method:
Additional context
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten