Policy name is not matching in the logs; instead, we see it as Defaultposture

[janavenkat]

Bug Report

General Information

• Environment description (GKE, VM-Kubeadm, vagrant-dev-env, minikube, microk8s, ...)
  EKS
• Kernel version (run uname -a)
  5.10.210
• Link to relevant artifacts (policies, deployments scripts, ...)
  We've already discussed this on Slack. https://kubearmor.slack.com/archives/C01F9V3SEHY/p1710515251987349?thread_ts=1707315924.623569&cid=C01F9V3SEHY

To Reproduce

1. Deploy this sample policy

apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
  name: restricted-policy
  namespace: test
spec:
  severity: 7
  selector:
    matchLabels:
      repository: test
  file:
    matchDirectories:
      - dir: /
        recursive: true
        fromSource:
          - path: /usr/local/bin/test
        action:
          Block

      - dir: / 
        recursive: true

      - dir: /tmp/
        recursive: true
        fromSource:
          - path: /usr/local/bin/test

      - dir: /dev/pts/
        recursive: true
        fromSource:
          - path: /usr/local/bin/test

   Action: Allow

3. Access the restricted path

Expected behavior

In the logs, we should expect to see the blocked policy name, but instead, we're getting 'DefaultPosture'

{
  "Action": "Block",
  "container_name": "kubearmor-relay-server",
  "Data": "lsm=FILE_OPEN",
  "Enforcer": "BPFLSM",
  "Operation": "File",
  "ParentProcessName": "/usr/local/bin/test",
  "pod_name": "kubearmor-relay-67bcdcbf55-sh7lz",
  "PolicyName": "DefaultPosture",
  "ProcessName": "/usr/local/bin/test",
  "Resource": "/usr/bin/dash",
  "Result": "Permission denied",
  "Source": "/usr/local/bin/test",
  "Type": "MatchedPolicy"
}