Mark Stemm

I think we could extend this approach to FDs as well, btw. I think we have more pain at the moment related to threadinfo/container info, so I think we could...

> Another concern on top of my mind is how the new synthetic similar to PPME_CONTAINER_JSON_E will be handler with the scap file dumper/reader. I think the dumper/reader is exactly...

> I strongly agree with this; note moreover that changes in https://github.com/falcosecurity/libs/pull/220 already "renamed" the m_pending_container_evts queue to a more generic m_pending_state_evts; it is used for users/groups events too. One...

/remove-lifecycle stale

This looks like a great set of changes! While we're in here mucking with regexes, what do you (and other reviewers) think about using RE2 instead of c++ regex? I...

I'm going to wait for the changes in #2206 as that allows referring to things like rule_load_exception independently of the rule loader. Given that filter_rulesets often compile an ast to...

This is ready for review now.

The test failure was not related to these changes, and was actually a design flaw in the earlier PR that wasn't detected until I changed how very long snippet lines...

I did some comprehensive comparisons between a falco built from this branch and 0.32.1 to see what outputs are written to stdout/stderr in many circumstances. I did the cross product...

# Rules error, without verbose: ## Read Rules ### Falco 0.32.1: ``` err: Wed Aug 10 18:03:13 2022: Falco version 0.32.1 err: Wed Aug 10 18:03:13 2022: Falco initialized with...