Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

apparmor-enforcer: skip non-regular profiles #665

Merged
merged 2 commits into from
Apr 6, 2022
Merged

apparmor-enforcer: skip non-regular profiles #665

merged 2 commits into from
Apr 6, 2022

Conversation

nyrahul
Copy link
Contributor

@nyrahul nyrahul commented Apr 5, 2022

SUSE creates few symbolic links (cache, cache.d in the /etc/apparmor.d/ folder.
Kubearmor gives out error since the current check if based on IsDir()
and the sym links are not covered in that check. Now we are checking if
the file is a regular file and only use it in that case.

Signed-off-by: Rahul Jadhav r@accuknox.com

nam-jaehyun
nam-jaehyun approved these changes Apr 5, 2022
View reviewed changes
Copy link
Collaborator

@nam-jaehyun nam-jaehyun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's merge it.

@codecov-commenter
Copy link

codecov-commenter commented Apr 6, 2022
edited
Loading

Codecov Report

Merging #665 (c064776) into main (5d47974) will decrease coverage by 7.89%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #665      +/-   ##
==========================================
- Coverage   44.12%   36.22%   -7.90%     
==========================================
  Files          23       23              
  Lines        8730     8731       +1     
==========================================
- Hits         3852     3163     -689     
- Misses       4412     5192     +780     
+ Partials      466      376      -90
Impacted Files Coverage Δ
KubeArmor/enforcer/appArmorEnforcer.go 48.26% <100.00%> (-0.62%) ⬇️
KubeArmor/feeder/policyMatcher.go 12.43% <0.00%> (-32.13%) ⬇️
KubeArmor/enforcer/appArmorProfile.go 15.25% <0.00%> (-25.34%) ⬇️
KubeArmor/feeder/feeder.go 41.50% <0.00%> (-12.87%) ⬇️
KubeArmor/core/kubeUpdate.go 38.09% <0.00%> (-6.84%) ⬇️
KubeArmor/monitor/systemMonitor.go 47.79% <0.00%> (-0.74%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f22bc07...c064776. Read the comment docs.

@nyrahul nyrahul force-pushed the main branch 2 times, most recently from 6763660 to 1e441ad Compare April 6, 2022 14:40
@nyrahul
apparmor-enforcer: skip non-regular profiles
c1903f4 
SUSE creates few symbolic links in the `/etc/apparmor.d/` folder.
Kubearmor gives out error since the current check if based on IsDir()
and the sym links are not covered in that check. Now we are checking if
the file is a regular file and only use it in that case.

Signed-off-by: Rahul Jadhav <nyrahul@gmail.com>
@nyrahul nyrahul force-pushed the main branch 5 times, most recently from a936edf to c1903f4 Compare April 6, 2022 17:39
@nyrahul
deprecated two tests related to net_raw cap
28ea045 
These tests are failing in GH Actions env.

Signed-off-by: Rahul Jadhav <nyrahul@gmail.com>
@nyrahul nyrahul merged commit e0ba982 into kubearmor:main Apr 6, 2022
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@nam-jaehyun nam-jaehyun nam-jaehyun approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nyrahul @codecov-commenter @nam-jaehyun