Kubearmor host policy does not enforce process path matching

[brothersw]

Bug Report

General Information

• Environment description (GKE, VM-Kubeadm, vagrant-dev-env, minikube, microk8s, ...)

NAME="Ubuntu"
VERSION="20.04.6 LTS (Focal Fossa)"

• Kernel version (run uname -a)

# uname -a
Linux karmor-ubuntu 5.4.0-182-generic #202-Ubuntu SMP Fri Apr 26 12:29:36 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

• Orchestration system version in use (e.g. kubectl version, ...)

# karmor version
karmor version 1.3.0 linux/amd64 BuildDate=2024-12-13T11:15:36Z
current version is the latest

• Link to relevant artifacts (policies, deployments scripts, ...)
  processes.yaml:

apiVersion: security.kubearmor.com/v1
kind: KubeArmorHostPolicy
metadata:
  name: process-block
spec:
  nodeSelector:
    matchLabels:
      kubearmor.io/hostname: "*" # Apply to all hosts
  process:
    matchPaths:
    - path: /nc
    - path: /bin/nc
  action:
    Block

• Target containers/pods
  Host policy

To Reproduce

1. Write the policy to a yaml file
2. Apply the policy
3. Restart my session for policy to take effect
4. Attempt to access /bin/nc

Expected behavior

I expect /bin/nc to be blocked from running, it is not. /nc when moving the file into /nc is properly blocked from running. matchPatterns also doesn't seem to work.