Merge pull request #1686 from daemon1024/fix-no-policyname-net-bpflsm

fix(enforcer/bpflsm): panic during bpflsm cleanup
kubearmor · Mar 14, 2024 · 5408a4e · 5408a4e
2 parents d859f5c + 6624073
commit 5408a4e
Showing 1 changed file with 24 additions and 22 deletions.
diff --git a/KubeArmor/enforcer/bpflsm/enforcer.go b/KubeArmor/enforcer/bpflsm/enforcer.go
@@ -360,6 +360,9 @@ func (be *BPFEnforcer) TraceEvents() {
 			log.Source = string(bytes.Trim(event.Data.Source[:], "\x00"))
 			log.ProcessName = log.Source
 		}
+		if len(log.ProcessName) == 0 && len(log.Source) > 0 {
+			log.ProcessName = log.Source
+		}
 		if event.Retval >= 0 {
 			log.Result = "Passed"
 		} else {
@@ -402,12 +405,11 @@ func (be *BPFEnforcer) DestroyBPFEnforcer() error {
 	if be == nil {
 		return nil
 	}
-
-	errBPFCleanUp := false
+	var errBPFCleanUp error
 
 	if err := be.obj.Close(); err != nil {
 		be.Logger.Err(err.Error())
-		errBPFCleanUp = true
+		errBPFCleanUp = errors.Join(errBPFCleanUp, err)
 	}
 
 	for _, link := range be.Probes {
@@ -416,41 +418,41 @@ func (be *BPFEnforcer) DestroyBPFEnforcer() error {
 		}
 		if err := link.Close(); err != nil {
 			be.Logger.Err(err.Error())
-			errBPFCleanUp = true
+			errBPFCleanUp = errors.Join(errBPFCleanUp, err)
+
 		}
 	}
 
 	be.ContainerMapLock.Lock()
-	defer be.ContainerMapLock.Unlock()
 
 	if be.BPFContainerMap != nil {
 		if err := be.BPFContainerMap.Unpin(); err != nil {
 			be.Logger.Err(err.Error())
-			errBPFCleanUp = true
+			errBPFCleanUp = errors.Join(errBPFCleanUp, err)
 		}
 		if err := be.BPFContainerMap.Close(); err != nil {
 			be.Logger.Err(err.Error())
-			errBPFCleanUp = true
+			errBPFCleanUp = errors.Join(errBPFCleanUp, err)
 		}
 	}
-	if err := be.obj.KubearmorEvents.Unpin(); err != nil {
-		be.Logger.Err(err.Error())
-		errBPFCleanUp = true
-	}
-	if err := be.obj.KubearmorEvents.Close(); err != nil {
-		be.Logger.Err(err.Error())
-		errBPFCleanUp = true
-	}
 
-	if err := be.Events.Close(); err != nil {
-		be.Logger.Err(err.Error())
-		errBPFCleanUp = true
-	}
+	be.ContainerMapLock.Unlock()
 
-	if errBPFCleanUp {
-		return errors.New("error cleaning up BPF LSM Enforcer Objects")
+	if be.Events != nil {
+		if err := be.obj.KubearmorEvents.Unpin(); err != nil {
+			be.Logger.Err(err.Error())
+			errBPFCleanUp = errors.Join(errBPFCleanUp, err)
+		}
+		if err := be.obj.KubearmorEvents.Close(); err != nil {
+			be.Logger.Err(err.Error())
+			errBPFCleanUp = errors.Join(errBPFCleanUp, err)
+		}
+		if err := be.Events.Close(); err != nil {
+			be.Logger.Err(err.Error())
+			errBPFCleanUp = errors.Join(errBPFCleanUp, err)
+		}
 	}
 
 	be = nil
-	return nil
+	return errBPFCleanUp
 }