Merge pull request #1885 from daemon1024/fix-apparmor-fromsource-process-block-clone

fix(apparmor): clone non conflicting proc rules to from source subprofiles

Author: DelusionalOptimist

KubeArmor/enforcer/appArmorProfile.go

@@ -433,6 +433,12 @@ func (ae *AppArmorEnforcer) GenerateProfileBody(securityPolicies []tp.SecurityPo
 			ae.Logger.Errf("Error while copying global rules to local profile for %s: %s", source, err.Error())
 			continue
 		}
+		for proc, config := range profile.ProcessPaths {
+			add := checkIfGlobalRuleToBeAdded(proc, val.ProcessPaths)
+			if add {
+				newval.ProcessPaths[proc] = config
+			}
+		}
 		for file, config := range profile.FilePaths {
 			add := checkIfGlobalRuleToBeAdded(file, val.FilePaths)
 			if add {

KubeArmor/enforcer/appArmorTemplate.go

@@ -79,7 +79,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
   {{template "file-section" . }}
 	## == DISPATCHER START == ##
   {{- range $source, $value:= $.FromSource}}
-				{{$source}} px -> {{$v := $.Name | split "."}}{{$v._0}}_{{ $source | replace "/" "" | replace "." "" }},
+				{{$source}} px -> {{$v := $.Name | split "."}}{{$v._0}}_{{ regexReplaceAllLiteral "[^a-z A-Z 0-9]" $source "" }},
   {{- end}}
 	{{- range $value, $data := .ProcessPaths}}
 		{{- $suffix := ""}}
@@ -146,7 +146,7 @@ profile {{.Name}} flags=(attach_disconnected,mediate_deleted) {
 
 ## == FromSource per binary profiles START == ##
 {{- range $source, $value := $.FromSource}}
-profile {{$v := $.Name | split "."}}{{$v._0}}_{{ $source | replace "/" "" | replace "." "" }} {
+profile {{$v := $.Name | split "."}}{{$v._0}}_{{ regexReplaceAllLiteral "[^a-z A-Z 0-9]" $source "" }} {
 	{{$source}} rix,
 	{{template "pre-section" $value }}
   {{template "file-section" $value}}