Vulnerability Mitigation

These rules are used to mitigate specific vulnerabilities by blocking exploitation vectors, providing defense before vulnerabilities are patched.

You can refer to the following format to define policies:

  policy:
    enforcer: BPF
    mode: EnhanceProtect
    enhanceProtect:
      vulMitigationRules:
      - ingress-nightmare-mitigation

cgroups-lxcfs-escape-mitigation

Mitigate cgroups & lxcfs escape.

Description

If users mount the host's cgroupfs into a container or use lxcfs to provide a resource view for the container, there may be a risk of container escape in both scenarios. Attackers could manipulate cgroupfs from within the container to achieve container escape.

This rule can also be used to defend against CVE-2022-0492 vulnerability exploitation.

Principle & Impact

AppArmor Enforcer prevents writing to：

• /**/release_agent
• /**/devices/device.allow
• /**/devices/**/device.allow
• /**/devices/cgroup.procs
• /**/devices/**/cgroup.procs
• /**/devices/task
• /**/devices/**/task

BPF Enforcer prevents writing to：

• /**/release_agent
• /**/devices.allow
• /**/cgroup.procs
• /**/devices/tasks

Supported Enforcer

• AppArmor
• BPF

runc-override-mitigation

Mitigate the ability to override runc to escape.

Description

The rule is designed to mitigate vulnerabilities such as CVE-2019-5736 that exploit container escape by tampering with the host machine's runc.

Principle & Impact

Disallow writing to /**/runc files.

Supported Enforcer

• AppArmor
• BPF

dirty-pipe-mitigation

Mitigate the 'Dirty Pipe' exploit to escape.

Description

The rule is designed to defend against attacks exploiting the CVE-2022-0847 (Dirty Pipe) vulnerability for container escape. You can use this rule to harden container, before upgrading or patching the kernel.

Note: While this rule may cause issues in some software packages, blocking the syscall usually does not have an effect on legitimate applications, since use of this syscall is relatively rare.

Principle & Impact

Disallow calling splice syscall.

Supported Enforcer

• Seccomp

ingress-nightmare-mitigation

Mitigate the exploitation of the IngressNightmare vulnerability.

Description

This rule is designed to mitigate the IngressNightmare (CVE-2025-1974) vulnerability in Ingress-nginx.

Ingress-nginx is an Ingress controller for Kubernetes. It uses nginx as a reverse proxy and load-balancing server. Attackers with Pod network access can exploit this vulnerability to execute arbitrary code within the ingress-nginx controller, thereby obtaining all secrets of the cluster and taking over the cluster. You can use this rule to mitigate the vulnerability before upgrading Ingress-nginx to a secure version.

Refer to the following links for further information.

• IngressNightmare: CVE-2025-1974 - 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
• CVE-2025-1974: ingress-nginx admission controller RCE escalation

Principle & Impact

This rule prohibits container processes from accessing the ingress-nginx-controller-admission service and its endpoints in the ingress-nginx and kube-system namespaces.

If you deploy ingress-nginx in other namespaces, you can customize rules for defense according to the service interface of vArmor.

Supported Enforcer

• BPF

copy-fail-mitigation

Mitigate the exploitation of the Copy Fail vulnerability for container escape.

Description

This rule is designed to mitigate the CVE-2026-31431 (Copy Fail) vulnerability in the Linux kernel.

A logic bug in the kernel's authencesn cryptographic template allows unprivileged local users to perform a deterministic 4-byte controlled write to the page cache of any readable file via AF_ALG sockets combined with splice(). This enables local privilege escalation and can cross container boundaries since the page cache is shared across the host. You can use this rule to mitigate the vulnerability before upgrading or patching the kernel.

Refer to the following links for further information.

• Copy Fail: Linux Distributions
• Copy Fail (CVE-2026-31431) — Kubernetes Container Escape PoC

Principle & Impact

• AppArmor Enforcer blocks AF_ALG network family socket creation via network alg rule.
• BPF Enforcer blocks AF_ALG socket creation by denying socket creation with address family AF_ALG (38).

This rule prevents processes within the container from creating AF_ALG sockets. Since AF_ALG sockets are used to access the kernel's cryptographic API from userspace, blocking them eliminates the exploitation vector. Most containerized applications do not require direct access to the kernel crypto subsystem via AF_ALG, so this rule generally has no impact on legitimate workloads.

Supported Enforcer

• AppArmor
• BPF

Note: Although Seccomp can technically block AF_ALG socket creation (by filtering the socket() syscall with argument matching), it is not included as a built-in enforcer for this rule. This is because:

1. Seccomp profiles are applied at container creation time and cannot be dynamically updated or relaxed while the container is running, unlike AppArmor and BPF enforcers which support runtime policy updates.
2. Including Seccomp as a built-in enforcer may lead users to misconfigure policies in scenarios where dynamic rule updates are required, resulting in an inability to adjust security policies without restarting the workload.

If you still prefer using Seccomp, you can configure it manually with syscallRawRules:

  policy:
    enforcer: Seccomp
    mode: EnhanceProtect
    enhanceProtect:
      syscallRawRules:
      - names:
        - socket
        action: SCMP_ACT_ERRNO
        args:
        - index: 0
          value: 38
          op: SCMP_CMP_EQ