The Built-in Rules
vArmor supports defining VarmorPolicy or VarmorClusterPolicy objects using built-in rules in EnhanceProtect mode. The currently supported built-in rules and categories are shown in the following pages. You can also try using the policy advisor to generate a policy template with built-in rules.
Note:
- The built-in rules supported by different enforcers are still under development.
- There are some limitations in the rules and syntax supported by different enforcers. For example, the AppArmor enforcer does not support fine-grained network access control, and BPF does not support access control for specified executables.
ποΈ Hardening
Rules to reduce the attack surface of system.
ποΈ Attack Protection
Rules against penetration tactics in the container environment.
ποΈ Vulnerability Mitigation
Rules for mitigating specific vulnerabilities.