search

kubearmor / KubeArmor

Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).
https://kubearmor.io/
Apache License 2.0
1.48k stars 339 forks source link

incorrect build time printed during kubearmor startup #1055

Closed nyrahul closed 1 year ago

nyrahul commented 1 year ago

Bug Report

On kubearmor startup, the kubearmor is printing the build time.

2023-01-18 07:04:06.335052      INFO    Build Time: 2023-01-18 06:34:42.920576082 +0000 UTC
2023-01-18 07:04:06.335209      INFO    Arguments [cluster:default coverageTest:false criSocket: defaultCapabilitiesPosture:audit defaultFilePosture:audit defaultNetworkPosture:audit enableKubeArmorHostPolicy:false enableKubeArmorPolicy:true enableKubeArmorVm:fal
se gRPC:32767 host:ubuntu2004-vagrants hostDefaultCapabilitiesPosture:audit hostDefaultFilePosture:audit hostDefaultNetworkPosture:audit hostVisibility:default k8s:true kubeconfig: logPath:none lsm:bpf,apparmor,selinux seLinuxProfileDir:/tmp/kubearmor.selinux visibility:
process,file,network,capabilities]
2023-01-18 07:04:06.335283      INFO    Configuration [{Cluster:default Host:ubuntu2004-vagrants GRPC:32767 LogPath:none SELinuxProfileDir:/tmp/kubearmor.selinux CRISocket: Visibility:process,file,network,capabilities HostVisibility:default Policy:true HostPolicy
:true KVMAgent:false K8sEnv:true DefaultFilePosture:audit DefaultNetworkPosture:audit DefaultCapabilitiesPosture:audit HostDefaultFilePosture:audit HostDefaultNetworkPosture:audit HostDefaultCapabilitiesPosture:audit CoverageTest:false LsmOrder:[]}]
2023-01-18 07:04:06.335321      INFO    Final Configuration [{Cluster:default Host:ubuntu2004-vagrants GRPC:32767 LogPath:none SELinuxProfileDir:/tmp/kubearmor.selinux CRISocket: Visibility:process,file,network,capabilities HostVisibility:none Policy:true HostPol
icy:true KVMAgent:false K8sEnv:true DefaultFilePosture:audit DefaultNetworkPosture:audit DefaultCapabilitiesPosture:audit HostDefaultFilePosture:audit HostDefaultNetworkPosture:audit HostDefaultCapabilitiesPosture:audit CoverageTest:false LsmOrder:[bpf apparmor selinux]}]
2023-01-18 07:04:06.335576      INFO    Initialized Kubernetes client
2023-01-18 07:04:06.335608      INFO    Started to monitor node events
2023-01-18 07:04:06.335654      INFO    GlobalCfg.Host=ubuntu2004-vagrants, KUBEARMOR_NODENAME=ubuntu2004-vagrants
2023-01-18 07:04:07.337854      INFO    Node Name: ubuntu2004-vagrants
2023-01-18 07:04:07.337920      INFO    Node IP: 10.0.2.15
:::

However, the build time is printing the creation time of kubearmor binary which is not the same as build time.

The better way to get the print date/time is by setting the BuildDate as var as part of the Makefile and then using it in the code. Check how the discovery-engine handles the setting of BuildDate and other aspects from its Makefile and then subsequently uses the vars in the code.

General Information

To Reproduce

  1. Run kubearmor as k8s pod
  2. Check the kubearmor logs

Expected behavior

The build time should be the time when the container image was built.

saurabh3460 commented 1 year ago

@nyrahul can you please assign this to me?

nyrahul commented 1 year ago

@nyrahul can you please assign this to me?

đź‘Ť Thanks for looking into this.