Skip to content

Commit

Permalink
enforcer: add policynamespace to sensor
Browse files Browse the repository at this point in the history 
Enforcer fails to currently load for namespaced policies because it
cannot find the `enforcer_data` map.  Add the policy namespace to the
sensor.

Fixes: 2769f9b ("tetragon: Add namespace to policy directory name")

Signed-off-by: Kornilios Kourtis <[email protected]>
  • Loading branch information
@kkourt
kkourt committed Nov 5, 2024
1 parent f5d2d86 commit 156282c
Showing 1 changed file with 12 additions and 5 deletions.
17 changes: 12 additions & 5 deletions pkg/sensors/tracing/enforcer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,8 +108,13 @@ func (kp *enforcerPolicy) PolicyHandler(
return nil, err
}
}

if len(spec.Enforcers) > 0 {
return kp.createEnforcerSensor(spec.Enforcers, spec.Lists, spec.Options, policy.TpName())
namespace := ""
if tpn, ok := policy.(tracingpolicy.TracingPolicyNamespaced); ok {
namespace = tpn.TpNamespace()
}
return kp.createEnforcerSensor(spec.Enforcers, spec.Lists, spec.Options, policy.TpName(), namespace)
}

return nil, nil
Expand Down Expand Up @@ -199,6 +204,7 @@ func (kp *enforcerPolicy) createEnforcerSensor(
lists []v1alpha1.ListSpec,
opts []v1alpha1.OptionSpec,
policyName string,
policyNamespace string,
) (*sensors.Sensor, error) {

if len(enforcers) > 1 {
Expand Down Expand Up @@ -337,10 +343,11 @@ func (kp *enforcerPolicy) createEnforcerSensor(
logger.GetLogger().Infof("Added enforcer sensor '%s'", policyName)

return &sensors.Sensor{
Name: "__enforcer__",
Progs: progs,
Maps: maps,
Policy: policyName,
Name: "__enforcer__",
Progs: progs,
Maps: maps,
Policy: policyName,
Namespace: policyNamespace,
PostUnloadHook: func() error {
if ok := kp.enforcerDel(policyName); !ok {
logger.GetLogger().Infof("Failed to clean up enforcer sensor '%s'", policyName)
Expand Down

0 comments on commit 156282c

Please sign in to comment.