Skip to content

release v0.5.9
Compare
Choose a tag to compare
@Danny-Wei Danny-Wei released this 15 Jun 02:12
v0.5.9
86b12cf

What's Changed

  • Added a disable-chmod-s-bit built-in rule for Seccomp enforcer.
  • Refactor Seccomp enforcer, and merge rules as much as possible.
  • Added AlwaysAllow and RuntimeDefault mode for Seccomp enforcer.
  • Synchronized the upstream rules from the containerd to the AppArmor profile templates.
  • Merge the same child profiles for the AppArmor enforcer.
  • Introduced a violations audit feature to the AppArmor enforcer.
  • Support modifying existing policies and dynamically adding enforcers.
  • Optimized the status of VarmorClusterPolicy/VarmorPolicy CR to display more error information.
  • Added ownerReference and finalizers to the ArmorProfile CR to prevent unintended deletion.
  • The Policy Advisor can now generate policy templates with behavior model data.
  • Updated docs.
  • Fixed: CI workflow login use docker/login-action
  • Fixed: Ignore the privileged option of enhanceProtect for Seccomp enforcer.
  • Fixed: Ensure the cleanup logic of CR is properly executed.
  • Fixed: Update chart template to generate fixed full name for the k8s resources.
  • Fixed: Update ArmorProfileModel CR when modeling is completed.

Full Changelog: v0.5.8...v0.5.9

Assets 2
Loading