From bde11c91211dce18ea71bc28e14fd9106b7378c9 Mon Sep 17 00:00:00 2001 From: daemon1024 Date: Tue, 29 Oct 2024 17:11:30 +0530 Subject: [PATCH] fix(apparmor/host): sanitise profile name for from-source policy Signed-off-by: daemon1024 --- KubeArmor/enforcer/appArmorTemplate.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/KubeArmor/enforcer/appArmorTemplate.go b/KubeArmor/enforcer/appArmorTemplate.go index d85ea81e18..70ac278880 100644 --- a/KubeArmor/enforcer/appArmorTemplate.go +++ b/KubeArmor/enforcer/appArmorTemplate.go @@ -79,7 +79,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { {{template "file-section" . }} ## == DISPATCHER START == ## {{- range $source, $value:= $.FromSource}} - {{$source}} px -> {{$.Name}}-{{$source}}, + {{$source}} px -> {{$v := $.Name | split "."}}{{$v._0}}_{{ $source | replace "/" "" | replace "." "" }}, {{- end}} {{- range $value, $data := .ProcessPaths}} {{- $suffix := ""}} @@ -146,7 +146,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) { ## == FromSource per binary profiles START == ## {{- range $source, $value := $.FromSource}} -profile {{$.Name}}-{{$source}} { +profile {{$v := $.Name | split "."}}{{$v._0}}_{{ $source | replace "/" "" | replace "." "" }} { {{$source}} rix, {{template "pre-section" $value }} {{template "file-section" $value}}