fix with busybox change

Signed-off-by: Aryan-sharma11 <[email protected]>

KubeArmor/BPF/enforcer.bpf.c

@@ -238,29 +238,32 @@ int BPF_PROG(enforce_proc, struct linux_binprm *bprm, int ret) {
      // clearing to avoid processing garbage values 
       __builtin_memset(&a_key->okey, 0, sizeof(a_key->okey));
       __builtin_memset(&a_key->store, 0, sizeof(a_key->store));
-      
+
       bpf_probe_read(&a_key->okey.mnt_ns, sizeof(okey.mnt_ns) , &okey.mnt_ns);
       bpf_probe_read(&a_key->okey.pid_ns, sizeof(okey.pid_ns) , &okey.pid_ns);
       bpf_probe_read_str(&a_key->store.path, sizeof(store->path) , store->path);
-      
+
       if (pk->path[0] == '\0') {
           bpf_probe_read_str(&a_key->store.source, sizeof(store->source) , store->source);
       } 
       if (argval) {
-        for( int i = 1 ; i< num && i<10; i++ ){
-            bpf_printk("Argurment %d : %s\n", i,  argval->argsArray[i]);
+        for( int i = 0 ; i< num && i < 100; i++ ){
             __builtin_memset(a_key->arg, 0, sizeof(a_key->arg));
             bpf_probe_read_str(&a_key->arg, sizeof(a_key->arg), argval->argsArray[i]);
-            x  = bpf_map_lookup_elem(&a_map ,a_key); 
+            x  = bpf_map_lookup_elem(&a_map ,a_key);
             bpf_printk("a_key->path %s , a_key->source - %s ", a_key->store.path , a_key->store.source);
-            if(x){
-              bpf_printk("argument matched");
-              argmatch = true;
+            if (x) {
+                bpf_printk("argument matched");
+                argmatch = true;
+                if (i != 0) {  
+                    continue;  
+                }
             } else {
-              bpf_printk("argument not matched");
-              argmatch = false;
-              break;
-            }  
+                if (i != 0) {
+                    argmatch = false;
+                    break;  
+                }
+            }
         }
         }
     }
@@ -277,7 +280,7 @@ int BPF_PROG(enforce_proc, struct linux_binprm *bprm, int ret) {
       }
     }
     if (val && (val->processmask & RULE_DENY)) {
-      // Allow if argset matches
+      // Allow if allowedArgs matches
       if((val->processmask & RULE_ARGSET) && argmatch){
           return 0;
       }

KubeArmor/core/kubeArmor.go

@@ -157,20 +157,20 @@ func NewKubeArmorDaemon() *KubeArmorDaemon {
 func (dm *KubeArmorDaemon) DestroyKubeArmorDaemon() {
 	close(StopChan)
 
-	if dm.RuntimeEnforcer != nil {
-		// close runtime enforcer
-		if dm.CloseRuntimeEnforcer() {
-			dm.Logger.Print("Stopped KubeArmor Enforcer")
-		}
-	}
-
 	if dm.SystemMonitor != nil {
 		// close system monitor
 		if dm.CloseSystemMonitor() {
 			dm.Logger.Print("Stopped KubeArmor Monitor")
 		}
 	}
 
+	if dm.RuntimeEnforcer != nil {
+		// close runtime enforcer
+		if dm.CloseRuntimeEnforcer() {
+			dm.Logger.Print("Stopped KubeArmor Enforcer")
+		}
+	}
+
 	if dm.KVMAgent != nil {
 		// close kvm agent
 		if dm.CloseKVMAgent() {

KubeArmor/enforcer/bpflsm/rulesHandling.go

@@ -120,7 +120,7 @@ func (be *BPFEnforcer) UpdateContainerRules(id string, securityPolicies []tp.Sec
 			if path.OwnerOnly {
 				val[PROCESS] = val[PROCESS] | OWNER
 			}
-			if len(path.ArgSet) > 0 {
+			if len(path.AllowedArgs) > 0 {
 				val[PROCESS] = val[PROCESS] | ARGSET
 			}
 			if len(path.FromSource) == 0 {
@@ -154,12 +154,12 @@ func (be *BPFEnforcer) UpdateContainerRules(id string, securityPolicies []tp.Sec
 					}
 				}
 			}
-			if len(path.ArgSet) > 0 {
+			if len(path.AllowedArgs) > 0 {
 				var argList []string
 				argKey.InnerKey = key
 				argKey.MntNS = be.ContainerMap[id].Key.MntNS
 				argKey.PidNS = be.ContainerMap[id].Key.PidNS
-				argList = append(argList, path.ArgSet...)
+				argList = append(argList, path.AllowedArgs...)
 				newrules.ArgumentsList[argKey] = argList
 			}
 		}

KubeArmor/types/types.go

@@ -347,11 +347,11 @@ type MatchSourceType struct {
 
 // ProcessPathType Structure
 type ProcessPathType struct {
-	Path       string            `json:"path,omitempty"`
-	ExecName   string            `json:"execname,omitempty"`
-	OwnerOnly  bool              `json:"ownerOnly,omitempty"`
-	FromSource []MatchSourceType `json:"fromSource,omitempty"`
-	ArgSet     []string          `json:"argset,omitempty"`
+	Path        string            `json:"path,omitempty"`
+	ExecName    string            `json:"execname,omitempty"`
+	OwnerOnly   bool              `json:"ownerOnly,omitempty"`
+	FromSource  []MatchSourceType `json:"fromSource,omitempty"`
+	AllowedArgs []string          `json:"allowedArgs,omitempty"`
 
 	Severity int      `json:"severity,omitempty"`
 	Tags     []string `json:"tags,omitempty"`

deployments/CRD/KubeArmorClusterPolicy.yaml

@@ -366,7 +366,7 @@ spec:
                         path:
                           pattern: ^\/+.*[^\/]$
                           type: string
-                        argset: 
+                        allowedArgs: 
                           items: 
                             type: string
                           type: array

deployments/CRD/KubeArmorHostPolicy.yaml

@@ -375,7 +375,7 @@ spec:
                         path:
                           pattern: ^\/+.*[^\/]$
                           type: string
-                        argset: 
+                        allowedArgs: 
                           items: 
                             type: string
                           type: array

deployments/CRD/KubeArmorPolicy.yaml

@@ -365,7 +365,7 @@ spec:
                         path:
                           pattern: ^\/+.*[^\/]$
                           type: string
-                        argset: 
+                        allowedArgs: 
                           items: 
                             type: string
                           type: array

pkg/KubeArmorController/api/security.kubearmor.com/v1/common.go

@@ -32,7 +32,7 @@ type ProcessPathType struct {
 	Path MatchPathType `json:"path,omitempty"`
 
 	// +kubebuilder:validation:Optional
-	ArgSet []string `json:"argset,omitempty"`
+	AllowedArgs []string `json:"allowedArgs,omitempty"`
 
 	// +kubebuilder:validation:Optional
 	ExecName MatchBinType `json:"execname,omitempty"`