Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: lenient apparmor profiles #1583

Merged
merged 2 commits into from
Feb 12, 2024
Merged

feat: lenient apparmor profiles #1583

merged 2 commits into from
Feb 12, 2024

Conversation

PrimalPimmy
Copy link
Member

@PrimalPimmy PrimalPimmy commented Jan 16, 2024
edited

Purpose of PR?:

This PR is part of toning down apparmor restrictions on Kubearmor. Then we can use that to secure Kubearmor by applying KSPs as a privileged container.

Does this PR introduce a breaking change?
Could be, it will be privileged after all.

If the changes in this PR are manually verified, list down the scenarios covered::

Additional information for reviewer? :
Mention if this PR is part of any design or a continuation of previous PRs

Checklist:

  • Bug fix. Fixes #
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • PR Title follows the convention of <type>(<scope>): <subject>
  • Commit has unit tests
  • Commit has integration tests

@PrimalPimmy PrimalPimmy force-pushed the apparmor-le branch 9 times, most recently from 316ae60 to f901706 Compare February 6, 2024 06:23
@PrimalPimmy PrimalPimmy marked this pull request as ready for review February 6, 2024 07:04
daemon1024
daemon1024 requested changes Feb 8, 2024
View reviewed changes
Copy link
Member

@daemon1024 daemon1024 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please find comments inline

KubeArmor/core/unorchestratedUpdates.go Outdated Show resolved Hide resolved
KubeArmor/core/unorchestratedUpdates.go Outdated Show resolved Hide resolved
KubeArmor/enforcer/appArmorEnforcer.go Outdated Show resolved Hide resolved
KubeArmor/enforcer/appArmorEnforcer.go Outdated Show resolved Hide resolved
KubeArmor/enforcer/appArmorEnforcer.go Show resolved Hide resolved
deployments/go.sum Outdated Show resolved Hide resolved
getting-started/kubearmor_apparmor_implementation_overview.md Outdated Show resolved Hide resolved
@DelusionalOptimist @PrimalPimmy
feat: lenient apparmor profiles
f10d21d 
Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com>

Test fix

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Fixing tests pt2

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Fixing tests pt3

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Rolling back tests

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Testing fix in kubeupdate

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

debug log in runtime

Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com>

use latest docker version with k3s

Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com>

Improvised testing framework

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Some more updates

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

fix 1

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

fix go test

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

More test fixes

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Test fixed finally

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Go modules fix

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Go modules fix-2

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Go modules fix-3

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Go modules fix-3

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Go modules fix-4

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Documentation update

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Code cleanup

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>

Documentation updates

Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>
@PrimalPimmy
go.sum fix
6a21c5b 
Signed-off-by: PrimalPimmy <Prashant20.pm@gmail.com>
daemon1024
daemon1024 approved these changes Feb 9, 2024
View reviewed changes
contribution/k3s/install_k3s.sh Show resolved Hide resolved
@daemon1024 daemon1024 merged commit ccf878c into kubearmor:main Feb 12, 2024
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daemon1024 daemon1024 daemon1024 approved these changes

@DelusionalOptimist DelusionalOptimist DelusionalOptimist approved these changes

Assignees
No one assigned
Labels
None yet
Projects
v1.3.0 Release
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@PrimalPimmy @daemon1024 @DelusionalOptimist