-
Notifications
You must be signed in to change notification settings - Fork 412
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: getting started writing additional policy examples #3435
Conversation
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
@@ -0,0 +1,12 @@ | |||
apiVersion: aquasecurity.github.io/v1beta1 | |||
kind: TraceePolicy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The apiVersion and kind will soon be changed (@josedonizetti ) so if this will be merged after, don't forget to update it as well
scope: | ||
- global | ||
rules: | ||
- event: write |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This event on its own doesn't cover all file writes. There are some other syscalls which may trigger a file write (e.g. writev) so it needs to be clarified in the description or update the policy with all syscalls that may trigger a file write
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
aha, thank you for clarifying -- will update it
FYIO: #3456 (comment) |
@AnaisUrlichs Since this is marked as WIP for collecting policy feedback, I'm converting it to draft. Please feel free to convert it back again. |
@geyslan no that's good, I will get back to it once I have time |
Closing this PR due to inactivity, as it has not been updated in almost a year. Best regards, |
This is just a PR WIP to get feedback on the policies.