Skip to content

Commit

Permalink
Merge pull request #1808 from daemon1024/apparmor-hotfix
Browse files Browse the repository at this point in the history
fix(apparmor): reenable profile after parsing to make whitelisties work
  • Loading branch information
daemon1024 authored Jul 23, 2024
2 parents 0d103cf + 8307f76 commit 24e52b1
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions KubeArmor/enforcer/appArmorEnforcer.go
Original file line number Diff line number Diff line change
Expand Up @@ -522,6 +522,14 @@ func (ae *AppArmorEnforcer) UpdateAppArmorProfile(endPoint tp.EndPoint, appArmor
ae.Logger.Warnf("Unable to update %d security rule(s) to %s/%s/%s (%s)", policyCount, endPoint.NamespaceName, endPoint.EndPointName, appArmorProfile, err.Error())
return
}
if err := kl.RunCommandAndWaitWithErr("aa-disable", []string{"/etc/apparmor.d/" + appArmorProfile}); err != nil {
ae.Logger.Warnf("Unable to disable for a weird issue %d security rule(s) to %s/%s/%s (%s)", policyCount, endPoint.NamespaceName, endPoint.EndPointName, appArmorProfile, err.Error())
return
}
if err := kl.RunCommandAndWaitWithErr("aa-enforce", []string{"/etc/apparmor.d/" + appArmorProfile}); err != nil {
ae.Logger.Warnf("Unable to enforce back for a weird issue %d security rule(s) to %s/%s/%s (%s)", policyCount, endPoint.NamespaceName, endPoint.EndPointName, appArmorProfile, err.Error())
return
}

ae.Logger.Printf("Updated %d security rule(s) to %s/%s/%s", policyCount, endPoint.NamespaceName, endPoint.EndPointName, appArmorProfile)
} else if newProfile != "" {
Expand Down

0 comments on commit 24e52b1

Please sign in to comment.