Skip to content

Commit

Permalink
cleanup(rules): format unshare rule desc
Browse files Browse the repository at this point in the history 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
  • Loading branch information
@incertum @poiana
incertum authored and poiana committed Sep 20, 2023
1 parent df92bed commit 13e2a41
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion rules/falco-incubating_rules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -448,7 +448,7 @@
- rule: Change namespace privileges via unshare
desc: >
Unprivileged users in containers may not have CAP_SYS_ADMIN or other elevated privileges. However, they can
use the "unshare(CLONE_NEWNS|CLONE_NEWUSER)" system call to create or clone a namespace or user with the
use the unshare system call with CLONE_NEWNS or CLONE_NEWUSER to create or clone a namespace or user with the
necessary privileges to conduct further attacks. It is best practice to block the unshare system call via
seccomp if it is not needed. Misuse of unshare can be related to misconfigured Kubernetes clusters, for example.
condition: >
Expand Down

0 comments on commit 13e2a41

Please sign in to comment.