Running leakless in a Falco secured environment #1214
Description
Rod Version: v0.116.2
The code to demonstrate your question
l := launcher.New().Headless(true)
b := rod.New().ControlURL(l.MustLaunch()).MustConnect()
defer b.MustClose()What you got
I run this code inside a docker container in a k8s cluster that is monitored by Falco (https://falco.org/).
The code works and it starts and kills the chrome process as expected.
The problem is that it starts the leakless process which is not part of the docker base image. This triggers a Falco Alert: Critical Executing binary not part of base image (proc_exe=/tmp/leakless-amd64-adb80298fa6a3af7ced8b1c9b5f18007/leakless
What you expect to see
My goal is to not trigger the Falco alert. The only way to use leakless in this scenario is to pre-install it in the docker image and make go-rod use this binary.
What have you tried to solve the question
I disabled leakless. This is only possible if I use the local launcher. Setting leakless=false has no effect when using the remote launcher.
Disabling leakless obviously leads to Zombie Chrome processes.
Any hint or help would be appreciated.