Skip to content

feat(bpflsm): add tty to enforcer alerts #2091

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rksharma95 merged 4 commits into from
Jun 25, 2025
Merged

feat(bpflsm): add tty to enforcer alerts #2091

rksharma95 merged 4 commits into from
Jun 25, 2025

Conversation

@rootxrishabh
Copy link
Member

@rootxrishabh rootxrishabh commented Jun 23, 2025

Purpose of PR?:

Fixes #2022

Does this PR introduce a breaking change?

If the changes in this PR are manually verified, list down the scenarios covered::

Additional information for reviewer? :
Mention if this PR is part of any design or a continuation of previous PRs

Checklist:

  • Bug fix. Fixes #
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • PR Title follows the convention of <type>(<scope>): <subject>
  • Commit has unit tests
  • Commit has integration tests

@rootxrishabh
Copy link
Member Author

rootxrishabh commented Jun 23, 2025

Working as expected -

Screenshot from 2025-06-24 01-37-55

@rksharma95
Copy link
Collaborator

rksharma95 commented Jun 24, 2025

@rootxrishabh can you check for presets as well?

Aryan-sharma11
Aryan-sharma11 requested changes Jun 24, 2025
View reviewed changes
@rootxrishabh
Add tty for all presets
6993ffb 
Signed-off-by: Rishabh Soni <[email protected]>
@rootxrishabh
Copy link
Member Author

rootxrishabh commented Jun 24, 2025

Added tty to all presets, using protect proc as an example here -

== Alert / 2025-06-24 09:39:25.013829 ==
ClusterName: default
HostName: rootxrishabh
NamespaceName: default
PodName: nginx-5869d7778c-rmq2j
Labels: app=nginx
ContainerName: nginx
ContainerID: e4b97af2cad5a335dca315bbb51b6fa3792eac1764d04fb33abee1eaccbd3601
ContainerImage: docker.io/library/nginx:latest@sha256:6784fb0834aa7dbbe12e3d7471e69c290df3e6ba810dc38b34ae33d3c1c05f7d
Type: MatchedPolicy
PolicyName: ksp-nginx-presets
Source: /usr/bin/ls /proc/37/
Resource: /proc/37
Operation: File
Enforcer: PRESET-ProtectProcPreset
Result: Permission denied
Cwd: /
HostPID: 183736
HostPPID: 17312
Owner: map[Name:nginx Namespace:default Ref:Deployment]
PID: 53
PPID: 17312
ParentProcessName: /usr/bin/bash
ProcessName: /usr/bin/ls
TTY: pts0
UID: 0

Aryan-sharma11
Aryan-sharma11 approved these changes Jun 25, 2025
View reviewed changes
Copy link
Member

@Aryan-sharma11 Aryan-sharma11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rksharma95 rksharma95 merged commit 38d862b into kubearmor:main Jun 25, 2025
21 checks passed
@rootxrishabh rootxrishabh deleted the addTTYtoBPFLSM branch June 25, 2025 11:16
@Aryan-sharma11 Aryan-sharma11 mentioned this pull request Jun 25, 2025
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Aryan-sharma11 Aryan-sharma11 Aryan-sharma11 approved these changes

@rksharma95 rksharma95 rksharma95 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add tty information to bpf-lsm generated telemetry

3 participants

@rootxrishabh @rksharma95 @Aryan-sharma11