helm: enableLsmSensor flag

[anfedotoff]

This flag allows to mount (read-only) /sys/kernel/security directory in Tetragon container. /sys/kernel/security/lsm file is used to check if LSM BPF is enabled on system.

Description

It was a long story about how we tried to fix LSM sensor for k8s environment: #3392 #3404 #3456.
The only way is to mount /sys/kernel/security directory to Tetragon container . It works fine, I tested on my minikube cluster.

minikube start --driver=docker --mount --mount-string="/sys/kernel/security:/sys/kernel/security"   --memory=8096 --cpus=8
minikube ssh -- sudo mount bpffs -t bpf /sys/fs/bpf

Install Tetragon:

helm install --namespace kube-system \
        --set tetragon.grpc.address="unix:///var/run/cilium/tetragon/tetragon.sock" \
--set tetragon.enableLsmSensor=true \
tetragon .

Demo Pod:

kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.15.3/examples/minikube/http-sw-app.yaml

Apply Policy and monitor logs:

kubectl apply -f ./go/src/github.com/cilium/tetragon/examples/tracingpolicy/lsm_file_open.yaml
kubectl exec -ti -n kube-system ds/tetragon -c tetragon -- tetra getevents -o compact --pods xwing

Check policy:

kubectl exec -ti xwing -- bash -c 'cat /etc/passwd'

[netlify]

✅ Deploy Preview for tetragon ready!

Name	Link
🔨 Latest commit	2e3c1ba
🔍 Latest deploy log	https://app.netlify.com/sites/tetragon/deploys/67cc85818ef3390008d2d227
😎 Deploy Preview	https://deploy-preview-3485--tetragon.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.