Skip to content

Releases: bytedance/vArmor

release v0.5.6

29 Feb 11:39
@Danny-Wei Danny-Wei
v0.5.6
0d84e81
Compare
Choose a tag to compare
release v0.5.6

What's Changed

  • Agent and Manager now interact through TLS.
  • Add Seccomp enforcer with support for EnhanceProtect, BehaviorModeling, and DefenseInDepth modes.
  • Cluster-scoped policy VarmorClusterPolicy now supports BehaviorModeling mode.
  • Support for the combination of different enforcers, now able to combine the use of AppArmor, BPF, Seccomp enforcers.
  • Add .spec.updateExistingWorkloads field to the policy interface, allowing users to independently control the protection switch for existing workloads.
  • Enable the --restartExistWorkloads switch of Manager by default.
  • Move the privileged field of the policy interface to inside .spec.policy.enhanceProtect.
  • Add built-in rules: disallow-create-user-ns, runc-override-mitigation, dirty-pipe-mitigation, * disallow-mount-securityfs, disallow-access-kallsyms.
  • Add CI workflows to automate the build and test processes.
  • Add more demos and make them more comprehensible.
  • Fix bugs.

New Contributors

Full Changelog: v0.5.5...v0.5.6

Contributors

UgOrange and jonyhy96
Assets 2
Loading

release v0.5.6-rc2

28 Feb 14:23
@Danny-Wei Danny-Wei
v0.5.6-rc2
ecd222f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
release v0.5.6-rc2 Pre-release
Pre-release

tag v0.5.6-rc2

Assets 2
Loading

release v0.5.6-rc

26 Jan 02:47
@Danny-Wei Danny-Wei
v0.5.6-rc
e5f4fad
Compare
Choose a tag to compare
release v0.5.6-rc Pre-release
Pre-release

tag v0.5.6-rc

Assets 2
Loading

release 0.5.5

11 Jan 01:00
@Danny-Wei Danny-Wei
v0.5.5
29c2501
Compare
Choose a tag to compare
release 0.5.5
  • Refactor the behavior modeling feature of the AppArmor enforcer.
  • Introduce the BehaviorModeling mode to collect application behavior and generate models.
  • Optimize the mount access control primitives of the BPF enforcer to address bypass issues.
  • Fix the issue where abnormal nodes impact the status of policies.
  • Upgrade Go to version 1.20 and build BPF programs inside containers.
  • Support pulling images and charts from the Asia-Pacific Southeast region.
Assets 2
Loading

release 0.5.4

19 Oct 08:17
@Danny-Wei Danny-Wei
v0.5.4
e5a4818
Compare
Choose a tag to compare
release 0.5.4
  • Add mandatory access control primitives related to mount syscalls for the BPF enforcer.
  • Introduce new built-in rules for the BPF enforcer, including disallow-mount, disallow-umount, disallow-mount-procfs, disallow-mount-cgroupfs, disallow-debug-disk-device, and disallow-mount-disk-device.
  • Fine-tune partial built-in rules of the AppArmor enforcer to make them more precise and avoid unexpected behavior.
  • By default, building enhanced protection rules on top of the RuntimeDefault rules.
  • Improve the RuntimeDefault mode for the BPF enforcer.
  • Introduce a cluster-scoped policy interface: the VarmorClusterPolicy CR.
  • Improve documents.
Assets 2
Loading

release 0.5.3

12 Sep 05:21
@Danny-Wei Danny-Wei
v0.5.3
008d5e3
Compare
Choose a tag to compare
release 0.5.3
  • Optimize leader election logic.
  • Add webhook matchlabel and BPF enforcer exclusive mode configuration options.
  • Introduce ptrace primitives and built-in rules for BPF enforcer.
  • Improve documents.
Assets 2
Loading

release-0.5.2

10 Aug 04:38
@Danny-Wei Danny-Wei
v0.5.2
16e1ce7
Compare
Choose a tag to compare
release-0.5.2

community initial release

Assets 2
Loading

v0.5.2-alpha

10 Aug 02:39
@Danny-Wei Danny-Wei
v0.5.2-alpha
2e1febd
Compare
Choose a tag to compare
v0.5.2-alpha Pre-release
Pre-release 
fix: do not ignore requirements.txt
Assets 2
Loading