From 93fdf8ef61c6aed0f4a6c3aa6419cf4b5ebe89a4 Mon Sep 17 00:00:00 2001
From: Hiroki Suezawa <suezawa@gmail.com>
Date: Sat, 7 Dec 2019 06:57:46 +0900
Subject: [PATCH] rule(macro user_known_k8s_client_container): Rephrase the
 comment

Signed-off-by: Hiroki Suezawa <suezawa@gmail.com>
---
 rules/falco_rules.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 04644baeb1f..3dac609fe15 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -2646,8 +2646,8 @@
 - list: k8s_client_binaries
   items: [docker, kubectl, crictl]
 
-# You can overwrite this macro to avoid false positives.
-# (The default value is a condition for Kubernetes Cluster on GCP) 
+# Whitelist for known docker client binaries run inside container
+# - k8s.gcr.io/fluentd-gcp-scaler in GCP/GKE 
 - macro: user_known_k8s_client_container
   condition: (k8s.ns.name="kube-system" and container.image.repository=k8s.gcr.io/fluentd-gcp-scaler)