fix(hsp/systemd): parse both matchpaths and matchdir together on hsp …

…event Signed-off-by: daemon1024 <[email protected]>
kubearmor · Mar 7, 2024 · 429a21b · 429a21b
1 parent 407c8ca
commit 429a21b
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 9 deletions.
diff --git a/KubeArmor/core/kubeUpdate.go b/KubeArmor/core/kubeUpdate.go
@@ -1568,7 +1568,9 @@ func (dm *KubeArmorDaemon) ParseAndUpdateHostSecurityPolicy(event tp.K8sKubeArmo
 				}
 			}
 		}
-	} else if len(secPolicy.Spec.Process.MatchDirectories) > 0 {
+	}
+
+	if len(secPolicy.Spec.Process.MatchDirectories) > 0 {
 		for idx, dir := range secPolicy.Spec.Process.MatchDirectories {
 			if dir.Severity == 0 {
 				if secPolicy.Spec.Process.Severity != 0 {
@@ -1602,7 +1604,9 @@ func (dm *KubeArmorDaemon) ParseAndUpdateHostSecurityPolicy(event tp.K8sKubeArmo
 				}
 			}
 		}
-	} else if len(secPolicy.Spec.Process.MatchPatterns) > 0 {
+	}
+
+	if len(secPolicy.Spec.Process.MatchPatterns) > 0 {
 		for idx, pat := range secPolicy.Spec.Process.MatchPatterns {
 			if pat.Severity == 0 {
 				if secPolicy.Spec.Process.Severity != 0 {

diff --git a/KubeArmor/core/unorchestratedUpdates.go b/KubeArmor/core/unorchestratedUpdates.go
@@ -677,21 +677,20 @@ func (dm *KubeArmorDaemon) restoreKubeArmorPolicies() {
 					}
 
 				} else { // HostSecurityPolicy
-					var hostPolicy tp.HostSecurityPolicy
+					var hostPolicy tp.K8sKubeArmorHostPolicy
 					if err := json.Unmarshal(data, &hostPolicy); err == nil {
-						dm.HostSecurityPolicies = append(dm.HostSecurityPolicies, hostPolicy)
+						dm.ParseAndUpdateHostSecurityPolicy(tp.K8sKubeArmorHostPolicyEvent{
+							Type:   "ADDED",
+							Object: hostPolicy,
+						})
 					} else {
 						kg.Errf("Failed to unmarshal host policy: %v", err)
 					}
 				}
 			}
 		}
 
-		if len(policyFiles) != 0 {
-			if len(dm.HostSecurityPolicies) != 0 {
-				dm.UpdateHostSecurityPolicies()
-			}
-		} else {
+		if len(policyFiles) == 0 {
 			kg.Warn("No policies found for restoration")
 		}
 	}