Log provided by Auditd
type=AVC msg=audit(1611571375.558:7542): apparmor="DENIED" operation="exec" profile="apparmor-demo-ubuntu-1" name="/bin/sleep" pid=2945377 comm="bash" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Container-aware log provided by KubeArmor
{
"updatedTime":"2021-01-26T12:24:24.073028Z",
"hostName":"ubuntu20",
"namespaceName":"multiubuntu",
"podName":"ubuntu-1-deployment-5fd94b7b9b-vvbk2",
"containerID":"aa30045a08ed662534085ad49349ec120878f73ff9aa5451597e64eeaabcf030",
"containerName":"k8s_ubuntu-1-container_ubuntu-1-deployment-5fd94b7b9b-vvbk2_multiubuntu_0b79c32b-2f4c-4da8-b771-e6baa7ebede4_0",
"hostPid":105116,
"source":"bash",
"operation":"Process",
"resource":"/bin/sleep",
"result":"Permission denied"
}
What would be the next step?
{
"updatedTime":"2021-01-26T12:24:24.073028Z",
"hostName":"ubuntu20",
"namespaceName":"multiubuntu",
"podName":"ubuntu-1-deployment-5fd94b7b9b-vvbk2",
"containerID":"aa30045a08ed662534085ad49349ec120878f73ff9aa5451597e64eeaabcf030",
"containerName":"k8s_ubuntu-1-container_ubuntu-1-deployment-5fd94b7b9b-vvbk2_multiubuntu_0b79c32b-2f4c-4da8-b771-e6baa7ebede4_0",
"hostPid":105116,
"ppid":99,
"pid":108,
"uid":0,
"policyName":"ksp-ubuntu-1-proc-path-block",
"severity":"low",
"type":"PolicyMatched",
"source":"/bin/bash",
"operation":"Process",
"resource":"/bin/sleep 1",
"action":"Block",
"result":"Permission denied"
}