Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Duplicated entries across various falco rules files #151

Open
leogr opened this issue Sep 4, 2023 · 11 comments
Open

Duplicated entries across various falco rules files #151

leogr opened this issue Sep 4, 2023 · 11 comments
Assignees
Labels
help wanted Extra attention is needed kind/feature New feature or request

Comments

@leogr
Copy link
Member

leogr commented Sep 4, 2023

Motivation

See #149 (comment)

The common use case is when a list or a macro is first defined in the stable rules file, but it is also needed (as-is or extended) by other rules files.

Feature

Likely, the simplest way to address this is to define a standard way to express list and macro dependencies requirements.

This would force the user to load another rules file with the missing list or macro definition, without the need of duplicating the whole list or macro.

However, the design of this feature is still TBD

@falcosecurity/core-maintainers

Alternatives

Keep duplicate entries, as it is now. In this way, duplicated items are just silently overwritten. The only con is that the loading order affects the end results when the duplicate item is not identical (for example, if it has been modified in one file but not in the other).

Additional context

See #149 (comment)

@leogr leogr added the kind/feature New feature or request label Sep 4, 2023
@poiana
Copy link

poiana commented Dec 3, 2023

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@leogr
Copy link
Member Author

leogr commented Dec 5, 2023

/remove-lifecycle stale

@leogr
Copy link
Member Author

leogr commented Dec 5, 2023

/assign

@poiana
Copy link

poiana commented Mar 4, 2024

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@incertum
Copy link
Contributor

incertum commented Mar 5, 2024

/remove-lifecycle stale

still relevant

@leogr
Copy link
Member Author

leogr commented Mar 26, 2024

cc @falcosecurity/falco-maintainers

@incertum
Copy link
Contributor

Likely, the simplest way to address this is to define a standard way to express list and macro dependencies requirements.

It makes the most sense. Worth it the transition LOE I would say. Not having any better ideas. Right now for example I dedup the macros and lists in a custom patch script, but there are adopters who wish to not needing to use a custom patch script.

@leogr leogr changed the title wip: Duplicated entries across various falco rules files Duplicated entries across various falco rules files Mar 27, 2024
@leogr
Copy link
Member Author

leogr commented May 14, 2024

Just as a reference. The new idiomatic way to express "this list is defined somewhere else - ie, in another file" would now be:

- list: foo
  items: []
  override:
      - items: append

@poiana
Copy link

poiana commented Aug 12, 2024

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@leogr
Copy link
Member Author

leogr commented Aug 20, 2024

/remove-lifecycle stale
/help

@poiana
Copy link

poiana commented Aug 20, 2024

@leogr:
This request has been marked as needing help from a contributor.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

/remove-lifecycle stale
/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@poiana poiana added help wanted Extra attention is needed and removed lifecycle/stale labels Aug 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed kind/feature New feature or request
Projects
Status: Todo
Development

No branches or pull requests

3 participants