跳到主要内容
版本:v0.6

The Built-in Rules

vArmor supports defining VarmorPolicy or VarmorClusterPolicy objects using built-in rules in EnhanceProtect mode. The currently supported built-in rules and categories are shown in the following table. You can also try using the policy advisor to generate a policy template with built-in rules.

Note:
- The built-in rules supported by different enforcers are still under development.
- There are some limitations in the rules and syntax supported by different enforcers. For example, the AppArmor enforcer does not support fine-grained network access control, and BPF does not support access control for specified executables.

CategorySubcategoryRule Name & IDApplicable ContainerDescriptionPrinciple & ImpactSupported Enforcer
HardeningSecuring Privileged ContainersProhibit modifying procfs' core_pattern

disallow-write-core-pattern
PrivilegedAttackers may attempt container escape by modifying the procfs core_pattern in a privileged container or, in a container (w/ CAP_SYS_ADMIN), unmounting specific mount points and then modifying the procfs core_pattern to execute a container escape.Disallow writing to the procfs' core_pattern file.AppArmor
BPF
Prohibit mounting securityfs

disallow-mount-securityfs
PrivilegedAttackers may attempt container escape in containers (w/ CAP_SYS_ADMIN) by mounting securityfs with read-write permissions and subsequently modifying it.Disallow mounting of new security file systems.AppArmor
BPF
Prohibit remounting procfs

disallow-mount-procfs
PrivilegedAttackers may attempt container escape in containers (w/ CAP_SYS_ADMIN) by remounting procfs with read-write permissions and subsequently modifying the core_pattern, among other things.1. Disallow mounting of new proc file systems.

2. Prohibit using bind, rbind, move, remount options to remount /proc**.

3. When using BPF enforcer, it also prevents unmounting /proc**.
AppArmor
BPF
Prohibit modifying cgroupfs' release_agent

disallow-write-release-agent
PrivilegedAttackers may attempt container escape within privileged container by directly modifying the cgroupfs release_agent.Disallow writing to the cgroupfs' release_agent file.AppArmor
BPF
Prohibit remounting cgroupfs

disallow-mount-cgroupfs
PrivilegedAttackers may attempt to escape from containers (w/ CAP_SYS_ADMIN) by remounting cgroupfs with read-write permissions. Subsequently, they can modify release_agent and device access permissions, among other things.1. Disallow mounting new cgroup file systems.

2. Prohibit using bind, rbind, move, remount options to remount /sys/fs/cgroup**.

3. Prohibit using rbind option to remount /sys**.

4. When using BPF enforcer, it also prevents unmounting /sys**.
AppArmor
BPF
Prohibit debugging of disk devices

disallow-debug-disk-device
PrivilegedAttackers may attempt to read and write host machine files by debugging host machine disk devices within a privileged container.

It is recommended to use this rule in conjunction with disable_cap_mknod to prevent attackers from bypassing the rule with mknod.
Dynamically acquire host disk devices and restrict container access them with read-write permissions.AppArmor
BPF
Prohibit mounting of host's disk devices

disallow-mount-disk-device
PrivilegedAttackers may attempt to mount host machine disk devices within a privileged container, thereby gaining read-write access to host machine files.

It is recommended to use this rule in conjunction with disable_cap_mknod to prevent attackers from bypassing the rule with mknod.
Dynamically acquire host machine disk device files and prevent mounting within containers.AppArmor
BPF
Disable the mount system call

disallow-mount
PrivilegedMOUNT(2) is often used for privilege escalation, container escapes, and other attacks. Most microservices applications do not require mount operations. Therefore, it is recommended to use this rule to restrict container processes from using the mount() system call.

Note: The mount system call will be disabled by default if the spec.policy.privileged field is false.
Disable the mount system call.AppArmor
BPF
Disable the umount system call

disallow-umount
ALLUMOUNT(2) can be used to remove the attachment of topmost mount points(such as maskedPaths), leading to privilege escalation and information disclosure. Most microservices applications do not require umount operations. Therefore, it is recommended to use this rule to restrict container processes from using the umount() system call.Disable the umount system call.AppArmor
BPF
Prohibit loading kernel modules

disallow-insmod
PrivilegedAttackers may attempt to inject code into the kernel within a container (w/ CAP_SYS_MODULE) by executing kernel module loading command.Disable CAP_SYS_MODULEAppArmor
BPF
Prohibit loading eBPF programs

disallow-load-ebpf
ALLAttackers may load eBPF programs within a container (w/ CAP_SYS_ADMIN & CAP_BPF) to theft data or create rootkit.

Note: CAP_BPF was introduced starting from Linux 5.8.
Disable CAP_SYS_ADMIN & CAP_BPFAppArmor
BPF
Prohibit accessing process's root directory

disallow-access-procfs-root
ALLThis policy prohibits processes within containers from accessing the root directory of the process filesystem (i.e., /proc/[PID]/root), preventing attackers from exploiting shared PID namespaces to launch attacks.

Attackers may attempt to access the process filesystem outside the container by reading and writing to /proc/*/root in environments where the PID namespace is shared with the host or other containers. This could lead to information disclosure, privilege escalation, lateral movement, and other attacks.
Disable PTRACE_MODE_READ permissionAppArmor
BPF
Prohibit accessing kernel exported symbol

disallow-access-kallsyms
ALLAttackers may attempt to leak the base address of kernel modules from containers (w/ CAP_SYSLOG) by reading the kernel's exported symbol definitions file. This assists attackers in bypassing KASLR protection to exploit kernel vulnerabilities more easily.Disallow reading /proc/kallsyms fileAppArmor
BPF
Disable CapabilitiesDisable all capabilities

disable-cap-all
ALLDisable all capabilities-AppArmor
BPF
Disable all capabilities except for NET_BIND_SERVICE

disable-cap-all-except-net-bind-service
ALLDisable all capabilities except for NET_BIND_SERVICE.

This rule complies with the Restricted Policy of the Pod Security Standards.
-AppArmor
BPF
Disable privileged capabilities

disable-cap-privileged
ALLDisable all privileged capabilities (those that can directly lead to escapes or affect host availability). Only allow the default capabilities.

This rule complies with the Baseline Policy of the Pod Security Standards, except for the net_raw capability.
-AppArmor
BPF
Disable specified capability

disable-cap-XXXX
ALLDisable any specified capabilities, replacing XXXX with the values from 'capabilities(7),' for example, disable-cap-net-raw.-AppArmor
BPF
Blocking Exploit VectorsProhibit abusing user namespaces

disallow-abuse-user-ns
ALLUser namespaces can be used to enhance container isolation. However, it also increases the kernel's attack surface, making certain kernel vulnerabilities easier to exploit. Attackers can use a container to create a user namespace, gaining full privileges and thereby expanding the kernel's attack surface

Disallowing container processes from abusing CAP_SYS_ADMIN privileges via user namespaces can reduce the kernel's attack surface and block certain exploitation paths for kernel vulnerabilities.

This rule can be used to harden containers on systems where kernel.unprivileged_userns_clone=0 or user.max_user_namespaces=0 is not set.
Disable CAP_SYS_ADMINAppArmor
BPF
Prohibit creating user namespace

disallow-create-user-ns
ALLUser namespaces can be used to enhance container isolation. However, it also increases the kernel's attack surface, making certain kernel vulnerabilities easier to exploit. Attackers can use a container to create a user namespace, gaining full privileges and thereby expanding the kernel's attack surface

Disallowing container processes from creating new user namespaces can reduce the kernel's attack surface and block certain exploitation paths for kernel vulnerabilities.

This rule can be used to harden containers on systems where kernel.unprivileged_userns_clone=0 or user.max_user_namespaces=0 is not set.
Disallow creating user namespaceSeccomp
Attack ProtectionMitigating Information LeakageMitigating ServiceAccount token leakage.

mitigate-sa-leak
ALLThis rule prohibits container processes from reading sensitive Service Account-related information, including tokens, namespaces, and CA certificates. It helps prevent security risks arising from the leakage of Default ServiceAccount or misconfigured ServiceAccount. In the event that attackers gain access to a container through an RCE vulnerability, they often seek to further infiltrate by leaking ServiceAccount information.

In most user scenarios, there is no need for Pods to communicate with the API Server using ServiceAccounts. However, by default, Kubernetes still sets up default ServiceAccounts for Pods that do not require communication with the API Server.
Disallow reading ServiceAccount-related files.AppArmor
BPF
Mitigating host disk device number leakage

mitigate-disk-device-number-leak
ALLAttackers may attempt to obtain host disk device numbers for subsequent container escape by reading the container process's mount information.Disallow reading /proc/[PID]/mountinfo and /proc/partitions filesAppArmor
BPF
Mitigating container overlayfs path leakage

mitigate-overlayfs-leak
ALLAttackers may attempt to obtain the overlayfs path of the container's rootfs on the host by accessing the container process's mount information, which could be used for subsequent container escape.Disallow reading /proc/mounts, /proc/[PID]/mounts, and /proc/[PID]/mountinfo files.

This rule may impact some functionality of the 'mount' command or syscall within containers
AppArmor
BPF
Mitigating host IP leakage

mitigate-host-ip-leak
ALLAfter gaining access to a container through an RCE vulnerability, attackers often attempt further network penetration attacks. Therefore, restricting attackers from obtaining sensitive information such as host IP, MAC, and network segments through this vector can increase the difficulty and cost of their network penetration activities.Disallow reading ARP address resolution tables (/proc/net/arp, /proc/[PID]/net/arp, etc.)AppArmor
BPF
Disallow access to the metadata service

disallow-metadata-service
ALLThis rule prohibits container processes from accessing the cloud server's Instance Metadata Service, including two reserved local addresses: 100.96.0.96 and 169.254.169.254.

Attackers, upon gaining code execution privileges within a container, may attempt to access the cloud server's Metadata Service for information disclosure. In certain scenarios, attackers may obtain sensitive information, leading to privilege escalation and lateral movement.
Prohibit connections to Instance Metadata Services' IP addressesBPF
Disable Sensitive OperationsProhibit writing to the /etc directory

disable-write-etc
ALLAttackers may attempt privilege escalation by modifying sensitive files in the /etc directory, such as altering /etc/bash.bashrc for watering hole attacks, editing /etc/passwd and /etc/shadow to add users for persistence, or modifying nginx.conf or /etc/ssh/ssh_config for persistence.Disallow writing to the /etc directoryAppArmor
BPF
Prohibit the execution of busybox command

disable-busybox
ALLSome application services are packaged using base images like busybox or Alpine. This also provides attackers with a lot of convenience, as they can use busybox to execute commands and assist in their attacks.Prohibit the execution of busybox.

If containerized services rely on busybox or related bash commands, enabling this policy may lead to runtime errors.
AppArmor
BPF
Prohibit the creation of Unix shells

disable-shell
ALLAfter gaining remote code execution privileges through an RCE vulnerability, attackers may use a reverse shell to gain arbitrary command execution capabilities within the container.

This rule prohibits container processes from creating new Unix shells, thus defending against reverse shell.
Prohibit the creation of Unix shells

Some base images may symlink sh to /bin/busybox. In this scenario, it's also necessary to prohibit the execution of busybox.
AppArmor
BPF
Prohibit the execution of wget command

disable-wget
ALLAttackers may use the wget command to download malicious programs for subsequent attacks, such as persistence, privilege escalation, network scanning, cryptocurrency mining, and more.

This rule limits file downloads by prohibiting the execution of the wget command.
Prohibit the execution of wget

Some base images may symlink wget to /bin/busybox. In this scenario, it's also necessary to prohibit the execution of busybox.
AppArmor
BPF
Prohibit the execution of curl command

disable-curl
ALLAttackers may use the curl command to initiate network access and download malicious programs from external sources for subsequent attacks, such as persistence, privilege escalation, network scanning, cryptocurrency mining, and more.

This rule limits network access by prohibiting the execution of the curl command.
Prohibit the execution of curl command.AppArmor
BPF
Prohibit the execution of chmod command

disable-chmod
ALLWhen attackers gain control over a container through vulnerabilities, they typically attempt to download additional attack code or tools into the container for further attacks, such as privilege escalation, lateral movement, cryptocurrency mining, and more. In this attack chain, attackers often use the chmod command to modify file permissions for execution.Prohibit the execution of chmod command.

Some base images may symlink wget to /bin/busybox. In this scenario, it's also necessary to prohibit the execution of busybox command.
AppArmor
BPF
Prohibit setting the execute/search bit of a file

disable-chmod-x-bit
ALLWhen attackers gain control over a container through vulnerabilities, they typically attempt to download additional attack code or tools into the container for further attacks, such as privilege escalation, lateral movement, cryptocurrency mining, and more. In this attack chain, attackers might use the chmod syscalls to modify file permissions for execution.Prohibit setting the execute/search bit of a file with chmod/fchmod/fchmodat/fchmodat2 syscallsSeccomp
Prohibit setting the SUID/SGID bit of a file

disable-chmod-s-bit
ALLIn some scenarios, attackers may attempt to invoke chmod syscalls to perform privilege elevation attacks by setting the file's s-bit (set-user-ID, set-group-ID).Prohibit setting the set-user-ID/set-group-ID bit of a file with chmod/fchmod/fchmodat/fchmodat2 syscallsSeccomp
Prohibit the execution of su/sudo command

disable-su-sudo
ALLWhen processes within a container run as non-root users, attackers often need to escalate privileges to the root user for further attacks. The sudo/su commands are common local privilege escalation avenues.Prohibit the execution of su/sudo command.

Some base images may symlink su to /bin/busybox. In this scenario, it's also necessary to prohibit the execution of busybox command.
AppArmor
BPF
Restrict Specific Executable-ALLThis rule extends the use cases of 'Mitigating Information Leakage' and 'Disabling Sensitive Operations', it allows user to apply restrictions only to specific executable programs within containers.

Restricting specified executable programs serves two purposes:
1). Preventing sandbox policies from affecting the execution of application services within containers.
2).Restricting specified executable programs within containers increases the cost and difficulty for attackers

For example, this feature can be used to restrict programs like busybox, bash, sh, curl within containers, preventing attackers from using them to execute sensitive operations. Meanwhile, the application services is unaffected by sandbox policies and can continue to access ServiceAccount tokens and perform other tasks normally.

Note: Due to the implementation principles of BPF LSM, this feature cannot be provided by the BPF enforcer.
Enable sandbox restrictions for specified executable programs.AppArmor
Vulnerability Mitigation-Mitigate cgroups & lxcfs escape

cgroups-lxcfs-escape-mitigation
ALLIf users mount the host's cgroupfs into a container or use lxcfs to provide a resource view for the container, there may be a risk of container escape in both scenarios. Attackers could manipulate cgroupfs from within the container to achieve container escape.

This rule can also be used to defend against CVE-2022-0492 vulnerability exploitation.
AppArmor Enforcer prevents writing to:
/**/release_agent,
/**/devices/device.allow,
/**/devices/**/device.allow,
/**/devices/cgroup.procs,
/**/devices/**/cgroup.procs,
/**/devices/task,
/**/devices/**/task,

BPF Enforcer prevents writing to:
/**/release_agent
/**/devices.allow
/**/cgroup.procs
/**/devices/tasks
AppArmor
BPF
-Mitigate the ability to override runc to escape

runc-override-mitigation
ALLThe rule is designed to mitigate vulnerabilities such as CVE-2019-5736 that exploit container escape by tampering with the host machine's runc.Disallow writing to /**/runc filesAppArmor
BPF
-Mitigate the 'Dirty Pipe' exploit to escape

dirty-pipe-mitigation
ALLThe rule is designed to defend against attacks exploiting the CVE-2022-0847 (Dirty Pipe) vulnerability for container escape. You can use this rule to harden container, before upgrading or patching the kernel.

Note: While this rule may cause issues in some software packages, blocking the syscall usually does not have an effect on legitimate applications, since use of this syscall is relatively rare.
Disallow calling splice syscallSeccomp
THIS_IS_A_PLACEHOLDER_PLACEH