From 5f197a607b1c94cbc4f33e491117d9bddeefc10f Mon Sep 17 00:00:00 2001
From: Mayne0213 <bluemayne0213@icloud.com>
Date: Thu, 1 Jan 2026 23:20:39 +0900
Subject: [PATCH] FIX(falco): falco config errors

- Remove unsupported outputs_queue_capacity option
- Fix Container Drift Detection rule (remove undefined rename macro)
---
 falco/helm-values.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/falco/helm-values.yaml b/falco/helm-values.yaml
index b8ff812..4034ad7 100644
--- a/falco/helm-values.yaml
+++ b/falco/helm-values.yaml
@@ -31,7 +31,6 @@ falco:
 
   # Performance tuning
   buffered_outputs: true
-  outputs_queue_capacity: 10000
 
   # Rules configuration
   rules_files:
@@ -73,7 +72,7 @@ customRules:
       desc: Detect file modifications in containers
       condition: >
         container and
-        (open_write or rename or remove) and
+        open_write and
         not proc.name in (apt, yum, dnf, apk, npm, pip)
       output: >
         File modified in container