diff --git a/KubeArmor/enforcer/appArmorProfile.go b/KubeArmor/enforcer/appArmorProfile.go index 6068824db..a1e2accc5 100644 --- a/KubeArmor/enforcer/appArmorProfile.go +++ b/KubeArmor/enforcer/appArmorProfile.go @@ -433,6 +433,12 @@ func (ae *AppArmorEnforcer) GenerateProfileBody(securityPolicies []tp.SecurityPo ae.Logger.Errf("Error while copying global rules to local profile for %s: %s", source, err.Error()) continue } + for proc, config := range profile.ProcessPaths { + add := checkIfGlobalRuleToBeAdded(proc, val.ProcessPaths) + if add { + newval.ProcessPaths[proc] = config + } + } for file, config := range profile.FilePaths { add := checkIfGlobalRuleToBeAdded(file, val.FilePaths) if add { diff --git a/KubeArmor/enforcer/appArmorTemplate.go b/KubeArmor/enforcer/appArmorTemplate.go index 70ac27888..a4411e9bc 100644 --- a/KubeArmor/enforcer/appArmorTemplate.go +++ b/KubeArmor/enforcer/appArmorTemplate.go @@ -79,7 +79,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { {{template "file-section" . }} ## == DISPATCHER START == ## {{- range $source, $value:= $.FromSource}} - {{$source}} px -> {{$v := $.Name | split "."}}{{$v._0}}_{{ $source | replace "/" "" | replace "." "" }}, + {{$source}} px -> {{$v := $.Name | split "."}}{{$v._0}}_{{ regexReplaceAllLiteral "[^a-z A-Z 0-9]" $source "" }}, {{- end}} {{- range $value, $data := .ProcessPaths}} {{- $suffix := ""}} @@ -146,7 +146,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { ## == FromSource per binary profiles START == ## {{- range $source, $value := $.FromSource}} -profile {{$v := $.Name | split "."}}{{$v._0}}_{{ $source | replace "/" "" | replace "." "" }} { +profile {{$v := $.Name | split "."}}{{$v._0}}_{{ regexReplaceAllLiteral "[^a-z A-Z 0-9]" $source "" }} { {{$source}} rix, {{template "pre-section" $value }} {{template "file-section" $value}}