release v0.6.0

What's Changed

• feat: Adapt AppArmor enforcer for K8s v1.30 and above
• feat: Add monitoring metrics and support integration with Prometheus and Grafana
• feat: Support violation auditing feature for BPF enforcer
• feat: Enrich the violation audit logs of the BPF enforcer to include container and pod information
• feat: Integrate the violation auditing features of AppArmor and BPF enforcer
• feat: Unify the audit event format of AppArmor and BPF enforcers, and save the audit events into /var/log/varmor/violations.log
• feat: Support enforcing access control on socket creation for BPF enforcer.
• feat: Support wildcard for all bpf permissions and flags.
• feat: Add new networking built-in rules for BPF and AppArmor enforcer
• feat: Run agent in an unprivileged container
• feat: Allow running the agent in host's network namespace
• refactor: Abstract the processtracer and auditor modules to collect events for behavior modeling and violation auditing features
• refactor: Refactor behavior modeling and violation auditing features, no longer dependent on syslog or auditd, and no manual configuration required.
• refactor: Change fields in CRD from objects to pointers
• refactor: Integrate the logic of updating policy objects
• Auto adjust GOMAXPROCS for container limit
• Pass node name and readiness port to agent via environment variable
• Standardize the name of UserAgent
• Added version flag
• Added helm configuration options for new features
• fixed: Remove the finalizers of zombie ArmorProfile object
• fixed: Always retry for object updates if a conflict occurs
• fixed: The child profile should inherit rules from parent without attack protection rules
• fixed: Output error information when the agent service start fails
• docs: Further improve the repo documentation
• website: Official website launched (https://varmor.org)

New Contributors

• @eltociear made their first contribution in #104

Full Changelog: v0.5.11...v0.6.0