fix(tests): make test policies compatible with newer ubuntu

Signed-off-by: daemon1024 <[email protected]>

tests/k8s_env/configmap/manifests/ksp-partialyAnnotated-allow.yaml

@@ -15,7 +15,7 @@ spec:
       - path: /usr/bin/curl
   process:
     matchDirectories:
-    - dir: /bin/ # required to change root to user1
+    - dir: /usr/bin/ # required to change root to user1
       recursive: true
     - dir: /usr/bin/ # used in changing accounts
       recursive: true

tests/k8s_env/configmap/manifests/ksp-unannotated-allow.yaml

@@ -21,6 +21,7 @@ spec:
     - dir: /pts/
     - dir: /bin/
     - dir: /usr/bin/
+    - dir: /usr/bin/
     - dir: /proc/
       recursive: true
     - dir: /dev/
@@ -33,6 +34,7 @@ spec:
   process:
     matchDirectories:
     - dir: /bin/ # required to change root to user1
+    - dir: /usr/bin/ # required to change root to user1
     - dir: /usr/bin/ # used in changing accounts
   action: 
     Allow

tests/k8s_env/ksp/ksp_test.go

@@ -1832,7 +1832,7 @@ var _ = Describe("Ksp", func() {
 			)
 
 			expectLog := protobuf.Log{
-				Source: "/bin/cat /dev/shm/new",
+				Source: "/usr/bin/cat /dev/shm/new",
 				Result: "Passed",
 			}
 

tests/k8s_env/ksp/multiubuntu/ksp-group-1-block-proc-path-from-source.yaml

@@ -11,9 +11,9 @@ spec:
       group: group-1
   process:
     matchPaths:
-    - path: /bin/ls
+    - path: /usr/bin/ls
       fromSource:
-      - path: /bin/dash
+      - path: /usr/bin/dash
   action:
     Block
 

tests/k8s_env/ksp/multiubuntu/ksp-group-1-block-proc-path.yaml

@@ -11,12 +11,12 @@ spec:
       group: group-1
   process:
     matchPaths:
-    - path: /bin/sleep
+    - path: /usr/bin/sleep
   action:
     Block
 
 # multiubuntu_test_01
 
 # test
 # $ sleep 1
-# bash: /bin/sleep: Permission denied
+# bash: /usr/bin/sleep: Permission denied

tests/k8s_env/ksp/multiubuntu/ksp-group-2-allow-file-path-from-source-path.yaml

@@ -12,12 +12,12 @@ spec:
   process:
     matchDirectories:
       - dir: /bin/
-        recursive: true
+      - dir: /usr/bin/
   file:
     matchPaths:
     - path: /secret.txt
       fromSource:
-      - path: /bin/cat
+      - path: /usr/bin/cat
     - path: /dev/tty
     - path: /lib/terminfo/x/xterm
     matchDirectories:
@@ -29,6 +29,7 @@ spec:
         recursive: true
       - dir: /lib/x86_64-linux-gnu/
       - dir: /bin/
+      - dir: /usr/bin/
   action:
     Allow
 

tests/k8s_env/ksp/multiubuntu/ksp-group-2-allow-file-path-owner-from-source-path.yaml

@@ -11,6 +11,7 @@ spec:
   process: # base whitelisting rules
     matchDirectories:
     - dir: /bin/ # required to change root to user1 / try 'su - user1'
+    - dir: /usr/bin/ # required to change root to user1 / try 'su - user1'
       recursive: true
     - dir: /usr/bin/ # used in changing accounts
       recursive: true    
@@ -19,8 +20,8 @@ spec:
     - path: /home/user1/secret_data1.txt
       ownerOnly: true
       fromSource:
-      - path: /bin/cat
-    #   - path: /bin/su
+      - path: /usr/bin/cat
+    #   - path: /usr/bin/su
     - path: /root/.bashrc # used by root
     - path: /root/.bash_history # used by root
     - path: /home/user1/.profile # used by user1

tests/k8s_env/ksp/multiubuntu/ksp-group-2-audit-file-path-from-source-path.yaml

@@ -13,7 +13,7 @@ spec:
     matchPaths:
     - path: /secret.txt
       fromSource:
-      - path: /bin/cat
+      - path: /usr/bin/cat
   action:
     Audit
 

tests/k8s_env/ksp/multiubuntu/ksp-group-2-audit-file-path-owner-from-source-path.yaml

@@ -13,7 +13,7 @@ spec:
     - path: /home/user1/secret_data1.txt
       ownerOnly: true
       fromSource:
-      - path: /bin/cat
+      - path: /usr/bin/cat
   action:
     Audit
 

tests/k8s_env/ksp/multiubuntu/ksp-group-2-audit-proc-path.yaml

@@ -10,7 +10,7 @@ spec:
       group: group-2
   process:
     matchPaths:
-    - path: /bin/sleep
+    - path: /usr/bin/sleep
   action:
     Audit
 

tests/k8s_env/ksp/multiubuntu/ksp-group-2-block-file-path-from-source-path.yaml

@@ -13,7 +13,7 @@ spec:
     matchPaths:
     - path: /secret.txt
       fromSource:
-      - path: /bin/cat
+      - path: /usr/bin/cat
   action:
     Block
 

tests/k8s_env/ksp/multiubuntu/ksp-group-2-block-file-path-owner-from-source-path.yaml

@@ -13,7 +13,7 @@ spec:
     - path: /home/user1/secret_data1.txt
       ownerOnly: true
       fromSource:
-      - path: /bin/cat
+      - path: /usr/bin/cat
   action:
     Block
 

tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-3-allow-file-path-owner.yaml

@@ -36,7 +36,7 @@ spec:
       recursive: true
     - dir: /pts/ # used by root and user1
       recursive: true
-    - dir: /bin/
+    - dir: /usr/bin/
       recursive: true  
   action:
     Allow

tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-3-allow-proc-dir.yaml

@@ -13,6 +13,8 @@ spec:
     matchDirectories:
     - dir: /bin/
       recursive: true 
+    - dir: /usr/bin/
+      recursive: true 
   file:
     matchPaths:
       - path: /root/.bashrc # used by root
@@ -30,6 +32,7 @@ spec:
       recursive: true
     - dir: /lib/x86_64-linux-gnu/
     - dir: /bin/     
+    - dir: /usr/bin/     
     # - dir: /etc/ # required to change root to user1 (coarse-grained way)
     #   recursive: true  
     # - dir: /lib/ # used by root and user1

tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-3-allow-proc-path-owner.yaml

@@ -39,6 +39,8 @@ spec:
       recursive: true
     - dir: /bin/
       recursive: true  
+    - dir: /usr/bin/
+      recursive: true  
     - dir: /dev/
       recursive: true  
   action:

tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-4-allow-file-path-owner-readonly-from-source-path.yaml

@@ -15,7 +15,7 @@ spec:
     matchPaths:
     - path: /home/user1/readwrite
     #   fromSource:
-    #   - path: /bin/su
+    #   - path: /usr/bin/su
     matchDirectories:
     - dir: /bin/ # required to change root to user1 / try 'su - user1'
       recursive: true
@@ -29,7 +29,7 @@ spec:
       fromSource:
       - path: /home/user1/readwrite
     - path: /home/user1/readwrite 
-      # - path: /bin/su
+      # - path: /usr/bin/su
     - path: /root/.bashrc # used by root
     - path: /root/.bash_history # used by root
     - path: /home/user1/.profile # used by user1
@@ -50,6 +50,8 @@ spec:
       recursive: true
     - dir: /bin/
       recursive: true  
+    - dir: /usr/bin/
+      recursive: true  
   action:
     Allow
 

tests/k8s_env/ksp/multiubuntu/ksp-ubuntu-4-allow-file-path-readonly-from-source-path.yaml

@@ -13,7 +13,7 @@ spec:
       container: ubuntu-4
   file:
     matchDirectories:
-    - dir: /bin/ # used by root
+    - dir: /usr/bin/ # used by root
       recursive: true
     - dir: /pts/
       recursive: true

tests/k8s_env/multicontainer/manifests/container-1-ls-block.yaml

@@ -11,7 +11,7 @@ spec:
       kubearmor.io/container.name: "[container-1]"
   process:
     matchPaths:
-    - path: /bin/ls
+    - path: /usr/bin/ls
       # ls
   action:
     Block

tests/k8s_env/multicontainer/manifests/empty-array-ls-block.yaml

@@ -11,7 +11,7 @@ spec:
       kubearmor.io/container.name: "[]"
   process:
     matchPaths:
-    - path: /bin/ls
+    - path: /usr/bin/ls
       # ls
   action:
     Block

tests/k8s_env/multicontainer/manifests/empty-label-ls-block.yaml

@@ -11,7 +11,7 @@ spec:
       kubearmor.io/container.name: ""
   process:
     matchPaths:
-    - path: /bin/ls
+    - path: /usr/bin/ls
       # ls
   action:
     Block

tests/k8s_env/multicontainer/manifests/malformated-array-ls-block.yaml

@@ -11,7 +11,7 @@ spec:
       kubearmor.io/container.name: "[container-1,,]"
   process:
     matchPaths:
-    - path: /bin/ls
+    - path: /usr/bin/ls
       # ls
   action:
     Block

tests/k8s_env/privileged/manifests/caps-container-block-ls.yaml

@@ -11,7 +11,7 @@ spec:
       kubearmor.io/container.name: "[caps-container]"
   process:
     matchPaths:
-      - path: /bin/ls
+      - path: /usr/bin/ls
         # ls
   action:
     Block

tests/k8s_env/privileged/manifests/priv-container-block-ls.yaml

@@ -11,7 +11,7 @@ spec:
       kubearmor.io/container.name: "[priv-container]"
   process:
     matchPaths:
-      - path: /bin/ls
+      - path: /usr/bin/ls
         # ls
   action:
     Block

tests/k8s_env/scenarios/github_test_01/ksp-ubuntu-1-proc-path-block-from-source.yaml

@@ -11,8 +11,8 @@ spec:
       container: ubuntu-1
   process:
     matchPaths:
-    - path: /bin/ls
+    - path: /usr/bin/ls
       fromSource:
-      - path: /bin/dash
+      - path: /usr/bin/dash
   action:
     Block

tests/k8s_env/scenarios/github_test_04/ksp-ubuntu-1-file-path-block-from-source.yaml

@@ -13,6 +13,6 @@ spec:
     matchPaths:
       - path: /secret.txt
         fromSource:
-        - path: /bin/cat
+        - path: /usr/bin/cat
   action:
     Block

tests/k8s_env/scenarios/github_test_05/ksp-ubuntu-1-file-path-allow-from-source.yaml

@@ -13,6 +13,6 @@ spec:
     matchPaths:
       - path: /secret.txt
         fromSource: 
-        - path: /bin/cat
+        - path: /usr/bin/cat
   action:
     Allow

tests/k8s_env/syscalls/manifests/matchpaths/unlink-dir-recursive-fromsource-dir.yaml

@@ -14,6 +14,6 @@ spec:
       path: /home/
       recursive: true
       fromSource:
-        - dir: /bin/
+        - dir: /usr/bin/
   action:
     Audit

tests/k8s_env/syscalls/manifests/matchpaths/unlink-dir-recursive-fromsource-path.yaml

@@ -14,6 +14,6 @@ spec:
       path: /home/
       recursive: true
       fromSource:
-        - path: /bin/unlink
+        - path: /usr/bin/unlink
   action:
     Audit