Barun Acharya

I believe we can close this issue, since it's not reproducible anymore. // @nam-jaehyun

I think it makes sense to consider the case 2.

Hey @Pietrokechi, Thanks for the interest. You can read the README at https://github.com/kubearmor/KubeArmor/tree/main/tests to know about how to create a new test suite. systemd tests here just mean what tests...

Partially handled in #1032

- Manual Verify on Maintainers End // @rksharma95

``` {"Timestamp":1691567368,"UpdatedTime":"2023-08-09T07:49:28.977327Z","ClusterName":"default","HostName":"minikube","NamespaceName":"wordpress-mysql","PodName":"wordpress-69b6c47cf8-2w5wg","ContainerID":"cdf7ab3769d8578e8913980d527f79f4a2ac0733d7c7e3317bcb51f7c6597b9c","ContainerName":"k8s_wordpress_wordpress-69b6c47cf8-2w5wg_wordpress-mysql_7c49573e-8a55-42a7-a721-4df6373d430a_0","ParentProcessName":"/bin/bash","ProcessName":"/bin/tar","HostPPID":812344,"HostPID":812359,"PPID":1,"PID":9,"Type":"ContainerLog","Source":"/bin/tar xf -","Operation":"File","Resource":"/var/www/html/wp-includes/fonts/dashicons.eot","Data":"syscall=SYS_OPENAT fd=-100 flags=O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_NONBLOCK|O_CLOEXEC","Result":"Passed"} {"Timestamp":1691567368,"UpdatedTime":"2023-08-09T07:49:28.977195Z","ClusterName":"default","HostName":"minikube","NamespaceName":"wordpress-mysql","PodName":"wordpress-69b6c47cf8-2w5wg","ContainerID":"cdf7ab3769d8578e8913980d527f79f4a2ac0733d7c7e3317bcb51f7c6597b9c","ContainerName":"k8s_wordpress_wordpress-69b6c47cf8-2w5wg_wordpress-mysql_7c49573e-8a55-42a7-a721-4df6373d430a_0","ParentProcessName":"/bin/bash","ProcessName":"/bin/tar","HostPPID":812344,"HostPID":812359,"PPID":1,"PID":9,"Type":"ContainerLog","Source":"/bin/tar xf -","Operation":"File","Resource":"./wp-includes/fonts","Data":"syscall=SYS_FCHOWNAT userid=33 group=33 mode=256","Result":"Passed"} {"Timestamp":1691567369,"UpdatedTime":"2023-08-09T07:49:29.122982Z","ClusterName":"default","HostName":"minikube","NamespaceName":"wordpress-mysql","PodName":"wordpress-65f4f68f69-46gzj","Labels":"app=wordpress","ContainerID":"2279bc0883e8a8a28ab7694bc8d8e7f4b252063ff8ebaba55eb7331d263e762f","ContainerName":"wordpress","ContainerImage":"wordpress:4.8-apache@sha256:6216f64ab88fc51d311e38c7f69ca3f9aaba621492b4f1fa93ddf63093768845","ParentProcessName":"/usr/bin/containerd-shim-runc-v2","ProcessName":"/usr/sbin/apache2","HostPPID":811125,"HostPID":811148,"PPID":811125,"PID":1,"Type":"ContainerLog","Source":"/usr/sbin/apache2","Operation":"Syscall","Resource":"(\u00100\u0012","Data":"syscall=SYS_UNLINK","Result":"Passed"} ``` Reproduced the issue successfully. Need to check why is the container name/id changing.

@xiao-jay right, We will have to tailor individual tests for each command. Like install in itself will have multiple cases to cover such as - If the daemonset is modified...

Hey @slayer321, There's a pull request in KubeArmor - https://github.com/kubearmor/KubeArmor/pull/683 to support Labels field in telemetry. This should ease things out implementing the labels filter here. Wdyt?

Valid for PID and PPID as well, when you keep the containers running long enough...

Thanks a lot @sahilsarawagi for your interest to work on this, feel free to ask anything related to this issue in this thread or on our [slack channel](https://kubearmor.herokuapp.com/) ✌🏽