release v0.5.11

What's Changed

• Retry removal of ArmorProfile's finalizers upon conflict
• Gin logger now logs only unsuccessful requests
• Fixed: Load BPF profile when container starts
• Fixed: Return an error when the service response unauthorized

Full Changelog: v0.5.10...v0.5.11

release v0.5.10

What's Changed

• Fixed: Correct typo in capability denial by @Danny-Wei in #95

Full Changelog: v0.5.9...v0.5.10

release v0.5.9

What's Changed

• Added a disable-chmod-s-bit built-in rule for Seccomp enforcer.
• Refactor Seccomp enforcer, and merge rules as much as possible.
• Added AlwaysAllow and RuntimeDefault mode for Seccomp enforcer.
• Synchronized the upstream rules from the containerd to the AppArmor profile templates.
• Merge the same child profiles for the AppArmor enforcer.
• Introduced a violations audit feature to the AppArmor enforcer.
• Support modifying existing policies and dynamically adding enforcers.
• Optimized the status of VarmorClusterPolicy/VarmorPolicy CR to display more error information.
• Added ownerReference and finalizers to the ArmorProfile CR to prevent unintended deletion.
• The Policy Advisor can now generate policy templates with behavior model data.
• Updated docs.
• Fixed: CI workflow login use docker/login-action
• Fixed: Ignore the privileged option of enhanceProtect for Seccomp enforcer.
• Fixed: Ensure the cleanup logic of CR is properly executed.
• Fixed: Update chart template to generate fixed full name for the k8s resources.
• Fixed: Update ArmorProfileModel CR when modeling is completed.

Full Changelog: v0.5.8...v0.5.9

release v0.5.9-rc4

Merge pull request #86 from bytedance/use-template-to-generate-fullname

fix: Use template to generate fullname instead of using fixed resourc…

release v0.5.9-rc3

Merge pull request #82 from bytedance/add-owner-reference

Add owner reference

release v0.5.9-rc2

Merge pull request #78 from bytedance/policy-advisor-with-behavior-model

Policy advisor with behavior model

release v0.5.9-rc1

Merge pull request #76 from bytedance/fix-seccomp-enforcer

fix: Append arguments if there is more than one built-in rule for a s…

release v0.5.8

What's Changed

• Added a disable-cap-all-except-net-bind-service built-in rule to comply with the Restricted Policy of the Pod Security Standards
• Deprecated the disallow-create-user-ns built-in rule of AppArmor and BPF enforcers.
• Added a policy advisor to help generate policy templates using the context information.

Full Changelog: v0.5.7...v0.5.8

release v0.5.7

What's Changed

• Added a pre-check for Seccomp enforcer
• Upgraded the base image to Debian bookworm
• Upgraded apparmor user components to 3.1
• Added a disable-chmod-x-bit built-in rule for Seccomp enforcer
• Optimized CI workflows
• Added a readinessProbe for the Agent, optimizing the startup process
• Unified log format
• Added annotations for the demos

New Contributors

• @darfux made their first contribution in #42

Full Changelog: v0.5.6...v0.5.7

release v0.5.7-rc1

Update issue templates