New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

falco rules validation through docker #322

Closed
jaguasch opened this Issue Feb 14, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@jaguasch

jaguasch commented Feb 14, 2018

I am trying to create a build step on my CI to validate falco rules using docker run (map volume for rules) sysdig/falco falco --validate <path_to_falco_rules_on_container>

The issue is that docker will fail on exit because tries to run falco itself.

Any way to run falco in a container just to validate rules and rely on exit code to check if rules are ok or not?

@mfdii

This comment has been minimized.

Member

mfdii commented Mar 6, 2018

This worked for me:

vagrant@vagrant:~$ docker run -e SYSDIG_SKIP_LOAD=1 -it sysdig/falco /usr/bin/falco -V /etc/falco/falco_rules.yaml 
Tue Mar  6 21:01:42 2018: Validating rules file: /etc/falco/falco_rules.yaml...
Tue Mar  6 21:01:43 2018: Ok

There seems to be a bug where --validate isn't recognized.

mstemm added a commit that referenced this issue Mar 6, 2018

@mstemm mstemm closed this in #334 Mar 8, 2018

mstemm added a commit that referenced this issue Mar 8, 2018

Associate --validate with -V. (#334)
* Associate --validate with -V.

This fixes #322.

* Pin the version of libvirt-python to < 4.1.0

Evidently a recent libvirt-python has build problems on ubuntu. See
https://bugs.launchpad.net/openstack-requirements/+bug/1753539.

Pin to releases < 4.1.0 to avoid picking up the newer one that
has the build failure.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment