From a22d0d7a4175842cfaa2c55bfcf43556adc748f6 Mon Sep 17 00:00:00 2001
From: Brenno Oliveira <brenno.oliveira@deliveryhero.com>
Date: Fri, 6 Oct 2023 17:51:31 +0200
Subject: [PATCH] Add parenthesis to containerd_activities macro

Signed-off-by: Brenno Oliveira <brenno.oliveira@deliveryhero.com>
---
 rules/falco_rules.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 7dc07a40..156f36eb 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -922,8 +922,8 @@
               container.image.repository endswith "containernetworking/azure-npm")
 
 - macro: containerd_activities
-  condition: proc.name=containerd and (fd.name startswith "/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/" or
-                                       fd.name startswith "/var/lib/containerd/tmpmounts/")
+  condition: (proc.name=containerd and (fd.name startswith "/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/" or
+                                        fd.name startswith "/var/lib/containerd/tmpmounts/"))
 
 - rule: Clear Log Activities
   desc: >