Hello! Thanks for this great project!
I've encountered a problem: parsed rules with multiple key filters (-F key=<key>) cannot be added to the kernel - an "invalid argument" error is returned.
I use the library like this:
ruleWithTwoKeyFormats := "-a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat,open_by_handle_at -F exit=-EACCES -F key=firstkey -F key=secondkey"
r, err := flags.Parse(ruleWithTwoKeyFormats)
if err != nil {
return err
}
data, err := rule.Build(r)
if err != nil {
return err
}
if err := client.AddRule(data); err != nil {
return err
}
fmt.Println("added rule")When -k <key> syntax is used instead of -F key=<key>, it works correctly. Mixing both formats again leads to this error.
Hello! Thanks for this great project!
I've encountered a problem: parsed rules with multiple key filters (
-F key=<key>) cannot be added to the kernel - an "invalid argument" error is returned.I use the library like this:
When
-k <key>syntax is used instead of-F key=<key>, it works correctly. Mixing both formats again leads to this error.