Closed deepskyblue86 closed 2 years ago
We are looking into that! Thanks for providing all the info!
It seems like this check went wrong in Falco CI (building locally everything works fine!)
After some testing with @FedeDP it looks like https://github.com/falcosecurity/libs/pull/383 and https://github.com/falcosecurity/falco/pull/2053 fixed the issue! Apparently, the problem was that in our CMake setup we unnoticeably cut-off the compilation of a piace libsinsp code that populated user data.
Thank you @deepskyblue86 for reporting this bug!
Will there be a Falco hotfix version by any chance?
Hi! Yes, there will be a 0.32.1 around end of june most probably, together with arm64 support :)
Describe the bug Output of any user information leads to
<NA>
How to reproduce it
%user
The rule output has
<NA>
instead of the actual data.I tested a custom rule with the following output:
and I get
Expected behaviour User information shall be shown
Screenshots
Environment