Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

falco rules validation through docker #322

Closed
jaguasch opened this issue Feb 14, 2018 · 1 comment · Fixed by #334
Closed

falco rules validation through docker #322

jaguasch opened this issue Feb 14, 2018 · 1 comment · Fixed by #334

Comments

@jaguasch
Copy link

I am trying to create a build step on my CI to validate falco rules using docker run (map volume for rules) sysdig/falco falco --validate <path_to_falco_rules_on_container>

The issue is that docker will fail on exit because tries to run falco itself.

Any way to run falco in a container just to validate rules and rely on exit code to check if rules are ok or not?
@mfdii
Copy link
Member

mfdii commented Mar 6, 2018

This worked for me:

vagrant@vagrant:~$ docker run -e SYSDIG_SKIP_LOAD=1 -it sysdig/falco /usr/bin/falco -V /etc/falco/falco_rules.yaml 
Tue Mar  6 21:01:42 2018: Validating rules file: /etc/falco/falco_rules.yaml...
Tue Mar  6 21:01:43 2018: Ok

There seems to be a bug where --validate isn't recognized.

mstemm added a commit that referenced this issue Mar 6, 2018
@mstemm
Associate --validate with -V.
cf36684 
This fixes #322.
@mstemm mstemm mentioned this issue Mar 6, 2018
Merged
mstemm added a commit that referenced this issue Mar 8, 2018
@mstemm
Associate --validate with -V. (#334)
eb4feed 
* Associate --validate with -V.

This fixes #322.

* Pin the version of libvirt-python to < 4.1.0

Evidently a recent libvirt-python has build problems on ubuntu. See
https://bugs.launchpad.net/openstack-requirements/+bug/1753539.

Pin to releases < 4.1.0 to avoid picking up the newer one that
has the build failure.
@ukitazume ukitazume mentioned this issue Oct 27, 2020
Closed
leogr pushed a commit to falcosecurity/rules that referenced this issue Dec 21, 2022
@mstemm
Associate --validate with -V. (#334)
46111e0 
* Associate --validate with -V.

This fixes falcosecurity/falco#322.

* Pin the version of libvirt-python to < 4.1.0

Evidently a recent libvirt-python has build problems on ubuntu. See
https://bugs.launchpad.net/openstack-requirements/+bug/1753539.

Pin to releases < 4.1.0 to avoid picking up the newer one that
has the build failure.
leogr pushed a commit to falcosecurity/rules that referenced this issue Dec 21, 2022
@mstemm
Associate --validate with -V. (#334)
99997d6 
* Associate --validate with -V.

This fixes falcosecurity/falco#322.

* Pin the version of libvirt-python to < 4.1.0

Evidently a recent libvirt-python has build problems on ubuntu. See
https://bugs.launchpad.net/openstack-requirements/+bug/1753539.

Pin to releases < 4.1.0 to avoid picking up the newer one that
has the build failure.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Associate --validate with -V. falcosecurity/falco
2 participants
@mfdii @jaguasch