Append Slash to Sensitive Mount Path startswith

Make L#1932 equivalent to L#1898 Signed-off-by: Brad Geesaman <bradgeesaman+github@gmail.com>
falcosecurity · Sep 10, 2020 · 65d742f · 65d742f
1 parent f02a998
commit 65d742f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
@@ -1929,7 +1929,7 @@
   condition: (user_trusted_containers or
               container.image.repository in (trusted_images) or
               container.image.repository in (falco_sensitive_mount_images) or
-              container.image.repository startswith quay.io/sysdig)
+              container.image.repository startswith quay.io/sysdig/)
 
 # These container images are allowed to run with hostnetwork=true
 - list: falco_hostnetwork_images