fix(bpflsm): readonly and owneronly behaviour #1578

daemon1024 · 2024-01-11T18:38:30Z

Fixed 2 bugs
When owneronly and readonly flags are set, expected behaviour is that the owner should be allowed only read access but it seemed that owner had universal access here

When readonly is set for allow policy, we did not enforce readonly on it since the code was to check for deny flag in the policy, updated the check to check for absence of write flag instead

Enabled tests for the earlier failing scenarios due the bug

Purpose of PR?:

Fixes #1385

Checklist:

Bug fix. Fixes #
PR Title follows the convention of <type>(<scope>): <subject>
Commit has unit tests
Commit has integration tests

Signed-off-by: Aryan-sharma11 <[email protected]>

Fixed 2 bugs When owneronly and readonly flags are set, expected behaviour is that the owner should be allowed only read access but it seemed that owner had universal access here When readonly is set for allow policy, we did not enforce readonly on it since the code was to check for deny flag in the policy, updated the check to check for absence of write flag instead Enabled tests for the earlier failing scenarios due the bug Signed-off-by: daemon1024 <[email protected]>

Signed-off-by: Aryan-sharma11 <[email protected]>

daemon1024 marked this pull request as draft January 11, 2024 19:16

Aryan-sharma11 added a commit to Aryan-sharma11/KubeArmor that referenced this pull request Feb 29, 2024

added changes from PR kubearmor#1578

571d940

Signed-off-by: Aryan-sharma11 <[email protected]>

Aryan-sharma11 added a commit to Aryan-sharma11/KubeArmor that referenced this pull request Mar 1, 2024

added changes from PR kubearmor#1578

48cf91e

Signed-off-by: Aryan-sharma11 <[email protected]>

Aryan-sharma11 marked this pull request as ready for review February 4, 2025 17:35

Aryan-sharma11 marked this pull request as draft February 4, 2025 17:36

daemon1024 and others added 2 commits February 5, 2025 23:24

obj file updates

fcabc85

Signed-off-by: Aryan-sharma11 <[email protected]>

Aryan-sharma11 force-pushed the bpflsm-fix-readonly-owneronly branch 2 times, most recently from aec81bc to 0a6bed0 Compare February 6, 2025 10:07

some minor fixes and improvements

9ecd20a

Signed-off-by: Aryan-sharma11 <[email protected]>

Aryan-sharma11 force-pushed the bpflsm-fix-readonly-owneronly branch from 0a6bed0 to 9ecd20a Compare February 6, 2025 11:02

Aryan-sharma11 added 2 commits February 7, 2025 12:44

workaround for goto decision

761cffc

Signed-off-by: Aryan-sharma11 <[email protected]>

fix go vuln

6ad8ab8

Signed-off-by: Aryan-sharma11 <[email protected]>

Aryan-sharma11 marked this pull request as ready for review February 7, 2025 08:20

Aryan-sharma11 force-pushed the bpflsm-fix-readonly-owneronly branch 2 times, most recently from 068acca to bb6fd61 Compare February 7, 2025 10:34

fix tests

6ce9da3

Signed-off-by: Aryan-sharma11 <[email protected]>

Aryan-sharma11 force-pushed the bpflsm-fix-readonly-owneronly branch from bb6fd61 to 6ce9da3 Compare February 7, 2025 11:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(bpflsm): readonly and owneronly behaviour #1578

fix(bpflsm): readonly and owneronly behaviour #1578

daemon1024 commented Jan 11, 2024 •

edited

Loading

fix(bpflsm): readonly and owneronly behaviour #1578

Are you sure you want to change the base?

fix(bpflsm): readonly and owneronly behaviour #1578

Conversation

daemon1024 commented Jan 11, 2024 • edited Loading

daemon1024 commented Jan 11, 2024 •

edited

Loading