rules
rules copied to clipboard
falcosecurity
Duplicated entries across various `falco` rules files
Motivation
See https://github.com/falcosecurity/rules/pull/149#issuecomment-1705527047
The common use case is when a list or a macro is first defined in the stable rules file, but it is also needed (as-is or extended) by other rules files.
Feature
Likely, the simplest way to address this is to define a standard way to express list and macro dependencies requirements.
This would force the user to load another rules file with the missing list or macro definition, without the need of duplicating the whole list or macro.
However, the design of this feature is still TBD
@falcosecurity/core-maintainers
Alternatives
Keep duplicate entries, as it is now. In this way, duplicated items are just silently overwritten. The only con is that the loading order affects the end results when the duplicate item is not identical (for example, if it has been modified in one file but not in the other).
Additional context
See https://github.com/falcosecurity/rules/pull/149#issuecomment-1705527047
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Likely, the simplest way to address this is to define a standard way to express list and macro dependencies requirements.
It makes the most sense. Worth it the transition LOE I would say. Not having any better ideas. Right now for example I dedup the macros and lists in a custom patch script, but there are adopters who wish to not needing to use a custom patch script.
Just as a reference. The new idiomatic way to express "this list is defined somewhere else - ie, in another file" would now be:
- list: foo
items: []
override:
- items: append
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
@leogr: This request has been marked as needing help from a contributor.
Please ensure the request meets the requirements listed here.
If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.
In response to this:
/remove-lifecycle stale /help
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale