AppArmor recorder: add readdir support

[mhils]

What type of PR is this?

/kind feature

What this PR does / why we need it:

This PR makes the AppArmor recorder properly detect readdir and emit a working profile.

Which issue(s) this PR fixes:

None

Does this PR have test?

Yes.

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Make the AppArmor recorder support `readdir`

[k8s-ci-robot]

Hi @mhils. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 41.28%. Comparing base (11d77f4) to head (5c2e012).
Report is 479 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2555      +/-   ##
==========================================
- Coverage   45.50%   41.28%   -4.22%     
==========================================
  Files          79      109      +30     
  Lines        7782    18232   +10450     
==========================================
+ Hits         3541     7527    +3986     
- Misses       4099    10208    +6109     
- Partials      142      497     +355     

[ccojocar]

@mhils I think the ebpf byteode needs to be regenerated. The verify step was failing.

[ccojocar]

@mhils You need to run make verify-bpf to regenerate the bytecode.

[mhils]

Hmm....

$ git fetch origin; and git rebase origin/main
Current branch apparmor-exec-read is up to date.
$ sudo make update-bpf; and sudo make verify-bpf
hack/tree-status
tree is clean

Any idea what's up here?

Layer 8 error 🙃

[saschagrunert]

/ok-to-test

[ccojocar]

@mhils If this doesn't pass could you please rebase it on main branch, we removed the image scanner for now because it seems that trivy rate limited their database image and is now causing a lot of timeout errors.

aquasecurity/trivy-action#389

[saschagrunert]

Please rebase to fix the CI.

[ccojocar]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ccojocar, mhils, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ccojocar,saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment