apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
  name: ksp-ubuntu-4-file-path-readonly-allow
  namespace: multiubuntu
spec:
  severity: 10
  message: "a critical file was accessed"
  tags:
  - WARNING
  selector:
    matchLabels:
      container: ubuntu-4
  process:
    matchDirectories:
    - dir: /bin/ # used by root
      recursive: true
    - dir: /usr/bin/ # used by root
      recursive: true
  file:
    matchPaths:
    - path: /credentials/password
      readOnly: true
    - path: /root/.bashrc # used by root
    - path: /root/.bash_history # used by root
    - path: /dev/tty
    matchDirectories:
    - dir: /etc/ # used by root (coarse-grained way)
      recursive: true
    - dir: /proc/ # used by root (coarse-grained way)
      recursive: true
  action:
    Allow

# multiubuntu_test_09

# test
# $ cat /credentials/password
# password file
# $ echo "test" >> /credentials/password
# bash: /credentials/password: Permission denied