fix(apparmor): clone non conflicting proc rules to from source

subprofiles Signed-off-by: daemon1024 <[email protected]>
kubearmor · Oct 30, 2024 · 011bfcd · 011bfcd
1 parent 4731b3c
commit 011bfcd
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/KubeArmor/enforcer/appArmorProfile.go b/KubeArmor/enforcer/appArmorProfile.go
@@ -433,6 +433,12 @@ func (ae *AppArmorEnforcer) GenerateProfileBody(securityPolicies []tp.SecurityPo
 			ae.Logger.Errf("Error while copying global rules to local profile for %s: %s", source, err.Error())
 			continue
 		}
+		for proc, config := range profile.ProcessPaths {
+			add := checkIfGlobalRuleToBeAdded(proc, val.ProcessPaths)
+			if add {
+				newval.ProcessPaths[proc] = config
+			}
+		}
 		for file, config := range profile.FilePaths {
 			add := checkIfGlobalRuleToBeAdded(file, val.FilePaths)
 			if add {