fix(core): handle bpf as an exception for setting node annotations #1786
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tesla59
force-pushed
the
tesla/hsp-bugfix
branch
from
84b7d8b
to
b0482db
Compare
|
@DelusionalOptimist i have updated the logic to check for annotation. its ready to review |
tesla59
force-pushed
the
tesla/hsp-bugfix
branch
2 times, most recently
from
79432b5
to
d993200
Compare
|
@DelusionalOptimist added error handling for empty lsm file and also refactored byte->string conversion (and vice-versa) logic |
Aryan-sharma11
force-pushed
the
tesla/hsp-bugfix
branch
from
d993200
to
afdea25
Compare
Aryan-sharma11
previously approved these changes
Jul 31, 2024
Signed-off-by: tesla59 <nishant@heim.id>
…sm from the system Signed-off-by: tesla59 <nishant@heim.id>
Signed-off-by: tesla59 <nishant@heim.id>
Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com>
DelusionalOptimist
force-pushed
the
tesla/hsp-bugfix
branch
from
ad64ad8
to
b75b419
Compare
DelusionalOptimist
approved these changes
Aug 6, 2024
daemon1024
approved these changes
Aug 6, 2024
|
CRI-O test failing due to upstream issues. Irrelevant to the changes here. |
Manik2708
added a commit
to Manik2708/KubeArmor
that referenced
this pull request
Aug 6, 2024
Co-authored-by: Barun Acharya <barun1024@gmail.com> Signed-off-by: Manik2708 <mehtamanik96@gmail.com> fix(helm): create release in charts repo stable release updates Signed-off-by: daemon1024 <barun1024@gmail.com> Signed-off-by: Manik2708 <mehtamanik96@gmail.com> fix: pass PAT as env var for gh-cli Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com> updated the main diagram Signed-off-by: Rahul Jadhav <nyrahul@gmail.com> added the updater script Signed-off-by: Rahul Jadhav <nyrahul@gmail.com> added an FAQ for WSL2 Signed-off-by: Rahul Jadhav <nyrahul@gmail.com> fix(core):timeout when host & cluster security policies crds are not found Signed-off-by: Prateek <prateeknandle@gmail.com> fix(apparmor): reenable profile after parsing to make whitelist policies work idk why we need to do this, but this fixes things for now Signed-off-by: daemon1024 <barun1024@gmail.com> fix: default posture logs for system generated permission denied events Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com> fix controller image updation issue Signed-off-by: rksharma95 <ramakant@accuknox.com> remove kustomize binary from the repo I think this was in there by mistake so removing the same via this patch. Signed-off-by: kranurag7 <81210977+kranurag7@users.noreply.github.com> fix CI Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com> update go.mod Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com> fix hyperlink in hardening guide Signed-off-by: Sujay <sujaydey641@gmail.com> add multienforcer controller Signed-off-by: rksharma95 <ramakant@accuknox.com> feat : add annotate resources flag Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com> remove /sys/kernel/security hostmount Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com> deploy snitch on node restarts Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com> configure ci to build controller when controller pkg is updated Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com> set annotateResources=true in MakeFile Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com> fix(helm): create release in charts repo stable release updates Signed-off-by: daemon1024 <barun1024@gmail.com> Update STABLE-RELEASE to v1.4.0 Signed-off-by: Barun Acharya <barun1024@gmail.com> fix(core): handle bpf as an exception for setting node annotations (kubearmor#1786) * handle bpf as an exception for setting node annotations Signed-off-by: tesla59 <nishant@heim.id> * check if enforcer is set in the node annotations before reading the lsm from the system Signed-off-by: tesla59 <nishant@heim.id> * handle empty lsm file Signed-off-by: tesla59 <nishant@heim.id> * minor changes based on latest operator Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com> --------- Signed-off-by: tesla59 <nishant@heim.id> Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com> Co-authored-by: Rudraksh Pareek <rudrakshpareek3601@gmail.com> [skip ci] Update Helm Chart To v1.4.0 Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Manik2708
pushed a commit
to Manik2708/KubeArmor
that referenced
this pull request
Aug 6, 2024
…ubearmor#1786) * handle bpf as an exception for setting node annotations Signed-off-by: tesla59 <nishant@heim.id> * check if enforcer is set in the node annotations before reading the lsm from the system Signed-off-by: tesla59 <nishant@heim.id> * handle empty lsm file Signed-off-by: tesla59 <nishant@heim.id> * minor changes based on latest operator Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com> --------- Signed-off-by: tesla59 <nishant@heim.id> Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com> Co-authored-by: Rudraksh Pareek <rudrakshpareek3601@gmail.com> Signed-off-by: Manik2708 <mehtamanik96@gmail.com>
prady0t
pushed a commit
to prady0t/KubeArmor
that referenced
this pull request
Oct 15, 2024
…ubearmor#1786) * handle bpf as an exception for setting node annotations Signed-off-by: tesla59 <nishant@heim.id> * check if enforcer is set in the node annotations before reading the lsm from the system Signed-off-by: tesla59 <nishant@heim.id> * handle empty lsm file Signed-off-by: tesla59 <nishant@heim.id> * minor changes based on latest operator Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com> --------- Signed-off-by: tesla59 <nishant@heim.id> Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com> Co-authored-by: Rudraksh Pareek <rudrakshpareek3601@gmail.com> Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
prady0t
pushed a commit
to prady0t/KubeArmor
that referenced
this pull request
Oct 15, 2024
…ubearmor#1786) * handle bpf as an exception for setting node annotations Signed-off-by: tesla59 <nishant@heim.id> * check if enforcer is set in the node annotations before reading the lsm from the system Signed-off-by: tesla59 <nishant@heim.id> * handle empty lsm file Signed-off-by: tesla59 <nishant@heim.id> * minor changes based on latest operator Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com> --------- Signed-off-by: tesla59 <nishant@heim.id> Signed-off-by: Rudraksh Pareek <rudraksh@accuknox.com> Co-authored-by: Rudraksh Pareek <rudrakshpareek3601@gmail.com> Signed-off-by: prady0t <rickprimeranjan@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose of PR?:
Fixes #1765
Does this PR introduce a breaking change?
No
If the changes in this PR are manually verified, list down the scenarios covered::
In progress (draft PR)
Additional information for reviewer? :
No
Checklist:
<type>(<scope>): <subject>