testcase #9 is always failed in minikube #213

nam-jaehyun · 2021-07-20T13:36:28Z

With minikube, all test cases except for test case 9 are passed.
However, test case 9 is always failed; thus, we need to check the reason and fix this issue.

oneiro-naut · 2021-07-26T10:58:00Z

@nam-jaehyun. Deploting kubearmor on minikube gives me this error which I think is related to ebpf support on minikube.

➜  multiubuntu git:(master) kubectl logs kubearmor-tl7rt -n kube-system
2021-07-26 10:37:14.203579	INFO	Started to serve gRPC-based log feeds
2021-07-26 10:37:14.204514	INFO	Initializing an eBPF program
modprobe: module kheaders not found in modules.dep
Unable to find kernel headers. Try rebuilding kernel with CONFIG_IKHEADERS=m (module)
2021-07-26 10:37:14.205910	ERROR	Failed to initialize the system monitor
github.com/kubearmor/KubeArmor/KubeArmor/log.Err
	/usr/src/KubeArmor/KubeArmor/log/logger.go:94
github.com/kubearmor/KubeArmor/KubeArmor/feeder.(*Feeder).Err
	/usr/src/KubeArmor/KubeArmor/feeder/feeder.go:470
github.com/kubearmor/KubeArmor/KubeArmor/core.KubeArmor
	/usr/src/KubeArmor/KubeArmor/core/kubeArmor.go:352
main.main
	/usr/src/KubeArmor/KubeArmor/main.go:61
runtime.main
	/usr/local/go/src/runtime/proc.go:204
2021-07-26 10:37:14.205961	INFO	Stopped the system monitor
2021-07-26 10:37:14.205966	INFO	Terminated the KubeArmor
chdir(/lib/modules/4.19.182/build): No such file or directory
2021-07-26 10:37:16.206286	INFO	Terminated the gRPC service
2021-07-26 10:37:16.206417	INFO	Stopped the log feeder

My minikube version is: v1.20.0

$ uname -a
Linux minikube 4.19.182 #1 SMP Wed May 5 21:20:39 UTC 2021 x86_64 GNU/Linux

I found this issue which might be related to this kubernetes/minikube#8556. I think I will need to have minikube with newer kernel versions in it(v5.x i guess). Can you please tell me the minikube version which you used?

nam-jaehyun · 2021-07-26T11:30:06Z

@oneiro-naut did you install kernel-headers too?
In my case, I used this script to start Minikube.
https://github.com/kubearmor/KubeArmor/blob/master/contribution/minikube/minikube-start.sh

oneiro-naut · 2021-07-26T11:38:17Z

@nam-jaehyun I didn't use the script earlier now I am using it. Thanks.

This commit adds new field ReadOnly to MatchPolicy struct. Fixes: kubearmor#213 Signed-off-by: Ayush Dwivedi <ayush.dwivedi@accuknox.com>

Fixes: kubearmor#213 Signed-off-by: Ayush Dwivedi <ayush.dwivedi@accuknox.com>

This commit makes it possible for the Allow action MatchedPolicy logs to be returned in audit mode. Originally MatchedPolicy logs with action equal Allow returned nothing in audit mode. Fixes: kubearmor#213 Signed-off-by: Ayush Dwivedi <ayush.dwivedi@accuknox.com>

This commit changes log action Allow to Audit and Block to Audit (Block) if its audit mode. Fixes: kubearmor#213 Signed-off-by: Ayush Dwivedi <ayush.dwivedi@accuknox.com>

This commit changes log action Allow to Audit (Allow) and Block to Audit (Block) if its audit mode. Fixes: kubearmor#213 Signed-off-by: Ayush Dwivedi <ayush.dwivedi@accuknox.com>

oneiro-naut mentioned this issue Jul 28, 2021

Change log action from Allow to Audit if its audit mode #224

Merged

oneiro-naut added a commit to oneiro-naut/KubeArmor that referenced this issue Jul 28, 2021

Handle readonly File violation corner case for Audit mode

60333f3

Fixes: kubearmor#213 Signed-off-by: Ayush Dwivedi <ayush.dwivedi@accuknox.com>

nam-jaehyun closed this as completed in #224 Jul 29, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

testcase #9 is always failed in minikube #213

testcase #9 is always failed in minikube #213

nam-jaehyun commented Jul 20, 2021

oneiro-naut commented Jul 26, 2021

nam-jaehyun commented Jul 26, 2021

oneiro-naut commented Jul 26, 2021

testcase #9 is always failed in minikube #213

testcase #9 is always failed in minikube #213

Comments

nam-jaehyun commented Jul 20, 2021

oneiro-naut commented Jul 26, 2021

nam-jaehyun commented Jul 26, 2021

oneiro-naut commented Jul 26, 2021