From cc884554644e7bb15ab8d2a233ec29f723ab65e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Arnqvist?= <andre.arnqvist@elastisys.com>
Date: Thu, 12 Oct 2023 11:49:57 +0200
Subject: [PATCH] apps: Allow calico-accountant drop and execute in Falco

---
 helmfile/values/falco/falco-common.yaml.gotmpl | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/helmfile/values/falco/falco-common.yaml.gotmpl b/helmfile/values/falco/falco-common.yaml.gotmpl
index 7ff533a9c6..85e3cc1141 100644
--- a/helmfile/values/falco/falco-common.yaml.gotmpl
+++ b/helmfile/values/falco/falco-common.yaml.gotmpl
@@ -307,6 +307,10 @@ customRules:
     - list: known_binaries_to_read_environment_variables_from_proc_files
       append: true
       items: [systemd-run, rook, udevadm]
+    - list: known_drop_and_execute_containers
+      append: true
+      items:
+        - ghcr.io/elastisys/calico-accountant # when .calicoAccountant.backend = nftables
 falcosidekick:
   enabled: {{ .Values.falco.alerts.enabled }}
   config: