Skip to content

Commit

Permalink
bugfix: don't panic when set CRI socket is not found
Browse files Browse the repository at this point in the history
Signed-off-by: Rudraksh Pareek <[email protected]>
  • Loading branch information
DelusionalOptimist authored and daemon1024 committed Dec 2, 2024
1 parent 40e3a86 commit d889b73
Showing 1 changed file with 29 additions and 18 deletions.
47 changes: 29 additions & 18 deletions KubeArmor/core/kubeArmor.go
Original file line number Diff line number Diff line change
Expand Up @@ -567,8 +567,6 @@ func KubeArmor() {
// Un-orchestrated workloads
if !dm.K8sEnabled && cfg.GlobalCfg.Policy {

dm.SetContainerNSVisibility()

// Check if cri socket set, if not then auto detect
if cfg.GlobalCfg.CRISocket == "" {
if kl.GetCRISocket("") == "" {
Expand All @@ -577,26 +575,39 @@ func KubeArmor() {
} else {
cfg.GlobalCfg.CRISocket = "unix://" + kl.GetCRISocket("")
}
} else {
// CRI socket supplied by user, check for existence
criSocketPath := strings.TrimPrefix(cfg.GlobalCfg.CRISocket, "unix://")
_, err := os.Stat(criSocketPath)
if err != nil {
enableContainerPolicy = false
dm.Logger.Warnf("Error while looking for CRI socket file %s", err.Error())
}
}

// monitor containers
if strings.Contains(cfg.GlobalCfg.CRISocket, "docker") {
// update already deployed containers
dm.GetAlreadyDeployedDockerContainers()
// monitor docker events
go dm.MonitorDockerEvents()
} else if strings.Contains(cfg.GlobalCfg.CRISocket, "containerd") {
// monitor containerd events
go dm.MonitorContainerdEvents()
} else if strings.Contains(cfg.GlobalCfg.CRISocket, "cri-o") {
// monitor crio events
go dm.MonitorCrioEvents()
} else {
dm.Logger.Warnf("Failed to monitor containers: %s is not a supported CRI socket.", cfg.GlobalCfg.CRISocket)
enableContainerPolicy = false
if enableContainerPolicy {
dm.SetContainerNSVisibility()

// monitor containers
if strings.Contains(cfg.GlobalCfg.CRISocket, "docker") {
// update already deployed containers
dm.GetAlreadyDeployedDockerContainers()
// monitor docker events
go dm.MonitorDockerEvents()
} else if strings.Contains(cfg.GlobalCfg.CRISocket, "containerd") {
// monitor containerd events
go dm.MonitorContainerdEvents()
} else if strings.Contains(cfg.GlobalCfg.CRISocket, "cri-o") {
// monitor crio events
go dm.MonitorCrioEvents()
} else {
enableContainerPolicy = false
dm.Logger.Warnf("Failed to monitor containers: %s is not a supported CRI socket.", cfg.GlobalCfg.CRISocket)
}

dm.Logger.Printf("Using %s for monitoring containers", cfg.GlobalCfg.CRISocket)
}

dm.Logger.Printf("Using %s for monitoring containers", cfg.GlobalCfg.CRISocket)
}

if dm.K8sEnabled && cfg.GlobalCfg.Policy {
Expand Down

0 comments on commit d889b73

Please sign in to comment.