karmor recommend detects certain things from the image being scanned using paths of the container filesystem. For reference some of the the paths that are checked for detecting distro can be found here. The function which detects the same can be found here.
If for certain reason the paths cannot be listed - karmor won't recommend the correct policies and the output returned will be missing some fields.
For example, upon running
karmor recommend --image=ubuntu:18.04
It would return something like
created policy out/ubuntu-18-04/remote-file-copy.yaml ...
created policy out/ubuntu-18-04/maint-tools-access.yaml ...
created policy out/ubuntu-18-04/trusted-cert-mod.yaml ...
created policy out/ubuntu-18-04/k8s-client-tool-exec.yaml ...
created policy out/ubuntu-18-04/write-etc-dir.yaml ...
created policy out/ubuntu-18-04/crypto-miners.yaml ...
created policy out/ubuntu-18-04/system-owner-discovery.yaml ...
created policy out/ubuntu-18-04/cronjob-cfg.yaml ...
created policy out/ubuntu-18-04/pkg-mngr-exec.yaml ...
created policy out/ubuntu-18-04/impair-defense.yaml ...
created policy out/ubuntu-18-04/remote-services.yaml ...
created policy out/ubuntu-18-04/write-under-dev-dir.yaml ...
created policy out/ubuntu-18-04/write-in-shm-dir.yaml ...
created policy out/ubuntu-18-04/file-integrity-monitoring.yaml ...
created policy out/ubuntu-18-04/network-service-scanning.yaml ...
output report in out/report.txt ...
Container | ubuntu:18.04
OS | linux
Arch | amd64
Distro |
Output Directory | out/ubuntu-18-04
policy-template version | v0.2.3
Where distro is empty and the number of policies returned is incorrect.
Description
karmor recommend
detects certain things from the image being scanned using paths of the container filesystem. For reference some of the the paths that are checked for detecting distro can be found here. The function which detects the same can be found here.If for certain reason the paths cannot be listed - karmor won't recommend the correct policies and the output returned will be missing some fields.
For example, upon running
It would return something like
Where distro is empty and the number of policies returned is incorrect.
Discovery
This has been found in CI. GitHub has recently updated their runners which has led to Docker version changing. CI worked with this release (Docker v24) - https://github.com/actions/runner-images/blob/ubuntu22/20240516.1/images/ubuntu/Ubuntu2204-Readme.md CI doesn't work with this release (Docker v26) - https://github.com/actions/runner-images/blob/ubuntu22/20240609.1/images/ubuntu/Ubuntu2204-Readme.md
The difference between the two releases is the docker version. You can easily find the list of files by adding a simple debug log.
Solution
Figure out how to recommend correct policies with new Docker versions.