What's Changed
- Added a
disable-cap-all-except-net-bind-service
built-in rule to comply with the Restricted Policy of the Pod Security Standards - Deprecated the
disallow-create-user-ns
built-in rule of AppArmor and BPF enforcers. - Added a policy advisor to help generate policy templates using the context information.
Full Changelog: v0.5.7...v0.5.8