Add `karmor probe` as a part of `karmor sysdump`

Question

Add `karmor probe` as a part of `karmor sysdump`

Ankurk99 opened this issue a year ago · comments

Description
Currently karmor sysdump generated output doesn't contains information about the node's support for KubeArmor (available LSMs, the mode of enforcement, etc.) which are already a part of karmor probe.
The aim is to get that output as a part of karmor sysdump

Shehar Yaar commented 6 months ago

@Ankurk99

Legorie · Answer 1 · Tue Apr 11 2023 22:10:35 GMT+0800 (China Standard Time)

Hi @Ankurk99 would love to pick up this one

Legorie · Answer 2 · Fri Apr 21 2023 12:12:57 GMT+0800 (China Standard Time)

Hi @Ankurk99 , the probing for KubeArmor support happens only when KubeArmor is not running isn't it ?

$ karmor probe

Didn't find KubeArmor in systemd or Kubernetes, probing for support for KubeArmor                                                     
                                                                                                                                      
Host:                                                                                                                                 
         Observability/Audit: Supported (Kernel Version 5.15.0)                                                                       
         Enforcement: Full (Supported LSMs: lockdown,capability,landlock,yama,apparmor)

So, when the KubeArmor is not running the new requirement is that the karmor sysdump creates a new file with the node support information. Or, is there an existing file which we can use like node-info.yaml ?

Rishabh Soni · Answer 3 · Fri Jul 14 2023 23:38:37 GMT+0800 (China Standard Time)

Hi @Ankurk99, to my understanding this function has to be included into the sysdump file. Is this correct?

Rishabh Soni · Answer 4 · Thu Aug 10 2023 04:02:00 GMT+0800 (China Standard Time)

As I see, the node information in the give image obtained by running "karmor probe" is to be included into the output dump of "karmor sysdump". Am I correct @Ankurk99 ?

Ankur Kothiwal · Answer 5 · Thu Aug 10 2023 11:32:57 GMT+0800 (China Standard Time)

@rootxrishabh Ideally we would love to see everything from the karmor probe in sysdump including if the KubeArmor is running fine and the image versions.

Rishabh Soni · Answer 6 · Wed Sep 06 2023 02:32:10 GMT+0800 (China Standard Time)

Sysdump shows inconsistent behaviour while running. As shown below.

Shehar Yaar · Answer 7 · Tue Nov 14 2023 21:05:45 GMT+0800 (China Standard Time)

Hi @rootxrishabh , are you still working on it ? I would like to take this up. @Ankurk99 are you talking about the output to stdout or to the zip created ?

Rishabh Soni · Answer 8 · Thu Nov 16 2023 20:37:48 GMT+0800 (China Standard Time)

Hey @sheharyaar, not working on this as of now, go ahead : )

Ankur Kothiwal · Answer 9 · Thu Nov 16 2023 20:55:02 GMT+0800 (China Standard Time)

Hi @rootxrishabh , are you still working on it ? I would like to take this up. @Ankurk99 are you talking about the output to stdout or to the zip created ?

@sheharyaar Ideally, both.

Shehar Yaar · Answer 10 · Thu Nov 16 2023 22:12:20 GMT+0800 (China Standard Time)

Thanks for assigning this, will follow up if I have a query or a PR is ready.

Shehar Yaar · Answer 11 · Fri Nov 17 2023 18:58:19 GMT+0800 (China Standard Time)

I checked that karmor probe accepts namespace , format string, grpc and other flags. So how do I tackle those in karmor sysdump do I default the namespace to kubearmor and --full flag to true, or do I add these flags to sysdump ? @Ankurk99

Shehar Yaar · Answer 12 · Fri Nov 17 2023 19:06:25 GMT+0800 (China Standard Time)

Also, the probe dump would be in yaml format or just a raw stdout dump (karmor-probe.dump) ?