Skip to content

Commit

Permalink
Merge pull request #1640 from DelusionalOptimist/unorchestrated-fixes
Browse files Browse the repository at this point in the history 
fix(core): Issues with host policy application
  • Loading branch information
@daemon1024
daemon1024 committed Feb 19, 2024
2 parents 1e31e1a + 783c95c commit c0b8d3d
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
3 changes: 3 additions & 0 deletions KubeArmor/core/kubeArmor.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -397,6 +397,9 @@ func KubeArmor() {
dm.Node.KernelVersion = kl.GetCommandOutputWithoutErr("uname", []string{"-r"})
dm.Node.KernelVersion = strings.TrimSuffix(dm.Node.KernelVersion, "\n")

// add identity for matching node selector
dm.Node.Identities = append(dm.Node.Identities, "kubearmor.io/hostname"+"="+dm.Node.NodeName)

dm.NodeLock.Unlock()

} else if cfg.GlobalCfg.K8sEnv {
Expand Down
7 changes: 2 additions & 5 deletions KubeArmor/core/kubeUpdate.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1461,11 +1461,7 @@ func (dm *KubeArmorDaemon) UpdateHostSecurityPolicies() {
secPolicies := []tp.HostSecurityPolicy{}

for _, policy := range dm.HostSecurityPolicies {
if kl.IsK8sEnv() {
if kl.MatchIdentities(policy.Spec.NodeSelector.Identities, dm.Node.Identities) {
secPolicies = append(secPolicies, policy)
}
} else { // KubeArmorVM and KVMAgent
if kl.MatchIdentities(policy.Spec.NodeSelector.Identities, dm.Node.Identities) {
secPolicies = append(secPolicies, policy)
}
}
Expand Down Expand Up @@ -1907,6 +1903,7 @@ func (dm *KubeArmorDaemon) ParseAndUpdateHostSecurityPolicy(event tp.K8sKubeArmo
}
if !policymatch {
dm.Logger.Warnf("Failed to delete security policy. Policy doesn't exist")
dm.HostSecurityPoliciesLock.Unlock()
return pb.PolicyStatus_NotExist
}
}
Expand Down

0 comments on commit c0b8d3d

Please sign in to comment.