Skip to content

Commit

Permalink
Merge pull request #1885 from daemon1024/fix-apparmor-fromsource-proc…
Browse files Browse the repository at this point in the history
…ess-block-clone

fix(apparmor): clone non conflicting proc rules to from source subprofiles
  • Loading branch information
DelusionalOptimist authored Nov 7, 2024
2 parents 3574106 + f16ad02 commit 2cfc2e2
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
6 changes: 6 additions & 0 deletions KubeArmor/enforcer/appArmorProfile.go
Original file line number Diff line number Diff line change
Expand Up @@ -433,6 +433,12 @@ func (ae *AppArmorEnforcer) GenerateProfileBody(securityPolicies []tp.SecurityPo
ae.Logger.Errf("Error while copying global rules to local profile for %s: %s", source, err.Error())
continue
}
for proc, config := range profile.ProcessPaths {
add := checkIfGlobalRuleToBeAdded(proc, val.ProcessPaths)
if add {
newval.ProcessPaths[proc] = config
}
}
for file, config := range profile.FilePaths {
add := checkIfGlobalRuleToBeAdded(file, val.FilePaths)
if add {
Expand Down
4 changes: 2 additions & 2 deletions KubeArmor/enforcer/appArmorTemplate.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
{{template "file-section" . }}
## == DISPATCHER START == ##
{{- range $source, $value:= $.FromSource}}
{{$source}} px -> {{$v := $.Name | split "."}}{{$v._0}}_{{ $source | replace "/" "" | replace "." "" }},
{{$source}} px -> {{$v := $.Name | split "."}}{{$v._0}}_{{ regexReplaceAllLiteral "[^a-z A-Z 0-9]" $source "" }},
{{- end}}
{{- range $value, $data := .ProcessPaths}}
{{- $suffix := ""}}
Expand Down Expand Up @@ -146,7 +146,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
## == FromSource per binary profiles START == ##
{{- range $source, $value := $.FromSource}}
profile {{$v := $.Name | split "."}}{{$v._0}}_{{ $source | replace "/" "" | replace "." "" }} {
profile {{$v := $.Name | split "."}}{{$v._0}}_{{ regexReplaceAllLiteral "[^a-z A-Z 0-9]" $source "" }} {
{{$source}} rix,
{{template "pre-section" $value }}
{{template "file-section" $value}}
Expand Down

0 comments on commit 2cfc2e2

Please sign in to comment.