Sensitive file opened for reading by non-trusted program fires for initContainer runc

[kyrofa]

Describe the bug

I have a pod that runs my web application. This pod has an initContainer that runs database migrations before the web application actually fires up. However, that initContainer is triggering the "Sensitive file opened for reading by non-trusted program" warning:

It seems like the docker_binaries list should be taken into account for this rule, but I'm no expert here.

Environment

• Falco version: v0.40.0
• Cloud provider or hardware configuration: bare metal, server class hardware
• OS: Debian 12
• Kernel: 6.1.0
• Installation method: Helm chart, v4.20.1

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[kyrofa]

/remove-lifecycle stale