From 40e8c0b35e5b7a7368d2ac4dc2b6384a81754d15 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Mon, 6 May 2024 13:25:52 +0200 Subject: [PATCH] apparmor: fix `/proc/@{pid}` replacement The previous implementation failed with `/proc/self` --- internal/pkg/daemon/bpfrecorder/bpfrecorder.go | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/internal/pkg/daemon/bpfrecorder/bpfrecorder.go b/internal/pkg/daemon/bpfrecorder/bpfrecorder.go index b1f879a503..5a360e15e4 100644 --- a/internal/pkg/daemon/bpfrecorder/bpfrecorder.go +++ b/internal/pkg/daemon/bpfrecorder/bpfrecorder.go @@ -27,6 +27,7 @@ import ( "fmt" "os" "path/filepath" + "regexp" "runtime" "sort" "strconv" @@ -950,17 +951,15 @@ func (b *BpfRecorder) isKnownFile(path string, knownPrefixes []string) bool { return false } +var pathWithPid *regexp.Regexp = regexp.MustCompile(`^/proc/\d+/`) + func (b *BpfRecorder) processExecFsEvents() BpfAppArmorFileProcessed { var processedEvents BpfAppArmorFileProcessed processedEvents.AllowedExecutables = append(processedEvents.AllowedExecutables, b.recordedExecs...) for _, currentFile := range b.recordedFiles { - var currentFilename string - if strings.HasPrefix(currentFile.Filename, "/proc/") { - currentFilename = strings.Replace(currentFile.Filename, "/proc/", "/proc/@{pid}/", 1) - } else { - currentFilename = filepath.Clean(currentFile.Filename) - } + currentFilename := filepath.Clean(currentFile.Filename) + currentFilename = pathWithPid.ReplaceAllString(currentFilename, "/proc/@{pid}/") // loaded library if currentFile.GotExec && !b.isKnownFile(currentFile.Filename, knownLibrariesPrefixes) { processedEvents.AllowedLibraries = append(processedEvents.AllowedLibraries, currentFilename)