Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new(rules): Change namespace privileges via unshare #160

Merged
merged 1 commit into from
Sep 18, 2023
Merged

new(rules): Change namespace privileges via unshare #160

merged 1 commit into from
Sep 18, 2023

Conversation

incertum
Copy link
Contributor

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind feature

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area rules

/area registry

/area build

/area documentation

Proposed rule maturity level

Uncomment one (or more) /area <> lines (only for PRs that add or modify rules):

/area maturity-stable

/area maturity-incubating

/area maturity-sandbox

/area maturity-deprecated

What this PR does / why we need it:

See desc and also part of modernizing Falco rules #138.
CC @darryk10 @Andreagit97

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

@poiana poiana added kind/feature New feature or request dco-signoff: yes labels Sep 10, 2023
@poiana poiana added area/maturity-incubating See the Rules Maturity Framework approved size/S labels Sep 10, 2023
@incertum incertum changed the title new(rules): add 'Change namespace privileges via unshare' new(rules): Change namespace privileges via unshare Sep 10, 2023
darryk10
darryk10 approved these changes Sep 12, 2023
View reviewed changes
Copy link
Contributor

@darryk10 darryk10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @incertum, the use case is awesome and checking the rule it seems pretty accurate with low FPs.
LGTM

@poiana poiana added the lgtm label Sep 12, 2023
@poiana
Copy link

poiana commented Sep 12, 2023

LGTM label has been added.

Git tree hash: ef0995f4d1b4bd7b063eb004cf93dc9db15d8e95

LucaGuerra
LucaGuerra previously approved these changes Sep 13, 2023
View reviewed changes
@incertum @darryk10
new(rules): add 'Change namespace privileges via unshare'
6b1a9b4 
Co-authored-by: darryk10 <stefano.chierici@sysdig.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
@poiana poiana removed the lgtm label Sep 14, 2023
@poiana poiana added the lgtm label Sep 15, 2023
@poiana
Copy link

poiana commented Sep 15, 2023

LGTM label has been added.

Git tree hash: c0668328313504ba333a829e9f32d51aa22679d5

Andreagit97
Andreagit97 approved these changes Sep 15, 2023
View reviewed changes
Copy link
Member

@Andreagit97 Andreagit97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for this!
/approve

@poiana
Copy link

poiana commented Sep 15, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, darryk10, incertum

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [Andreagit97,incertum]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Andreagit97
Copy link
Member

/hold
Why the CI is failing?

@incertum
Copy link
Contributor Author

Because the memfd + exec rule made it already incompatible with 0.35.

@Andreagit97
Copy link
Member

got it thanks!
/unhold

@poiana poiana merged commit e888401 into falcosecurity:main Sep 18, 2023
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Andreagit97 Andreagit97 Andreagit97 approved these changes

@darryk10 darryk10 darryk10 approved these changes

@loresuso loresuso Awaiting requested review from loresuso

@LucaGuerra LucaGuerra Awaiting requested review from LucaGuerra

Assignees

@LucaGuerra LucaGuerra

@Andreagit97 Andreagit97

@darryk10 darryk10

Labels
approved area/maturity-incubating See the Rules Maturity Framework area/rules dco-signoff: yes kind/feature New feature or request lgtm size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@incertum @poiana @Andreagit97 @LucaGuerra @darryk10