feat(apparmor/host): cleanup profiles on gracefult termination

This will avoid lingering enforcement of policies on running processes during uninstallation of kubearmor

Signed-off-by: daemon1024 <[email protected]>

KubeArmor/enforcer/appArmorEnforcer.go

@@ -443,29 +443,9 @@ func (ae *AppArmorEnforcer) UnregisterAppArmorHostProfile() bool {
 	ae.AppArmorProfilesLock.Lock()
 	defer ae.AppArmorProfilesLock.Unlock()
 
-	if err := ae.CreateAppArmorHostProfile(); err != nil {
-		ae.Logger.Warnf("Unable to reset the KubeArmor host profile in %s", cfg.GlobalCfg.Host)
-
-		if err := os.Remove(appArmorHostFile); err != nil {
-			ae.Logger.Warnf("Unable to remove the KubeArmor host profile from %s (%s)", cfg.GlobalCfg.Host, err.Error())
-		}
-
-		return false
-	}
-
-	if err := kl.RunCommandAndWaitWithErr("apparmor_parser", []string{"-r", "-W", "-C", appArmorHostFile}); err != nil {
-		ae.Logger.Warnf("Unable to reset the KubeArmor host profile in %s", cfg.GlobalCfg.Host)
-
-		if err := os.Remove(appArmorHostFile); err != nil {
-			ae.Logger.Warnf("Unable to remove the KubeArmor host profile from %s (%s)", cfg.GlobalCfg.Host, err.Error())
-		}
+	if err := kl.RunCommandAndWaitWithErr("aa-remove-unknown", []string{}); err != nil {
+		ae.Logger.Warnf("Unable to cleanup the KubeArmor host profile in %s", cfg.GlobalCfg.Host)
 
-		return false
-	}
-
-	if err := os.Remove(appArmorHostFile); err != nil {
-		ae.Logger.Warnf("Unable to remove the KubeArmor host profile from %s (%s)", cfg.GlobalCfg.Host, err.Error())
-		return false
 	}
 
 	ae.Logger.Printf("Unregistered the KubeArmor host profile from %s", cfg.GlobalCfg.Host)