Created
February 13, 2024 18:49
-
-
Save janeczku/ada0c4e784c70359b0cc370f4e0d8b74 to your computer and use it in GitHub Desktop.
Revisions
-
janeczku created this gist
Feb 13, 2024 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,8 @@ ## Insiderwissen NeuVector ### Zero Drift - So while in zero drift mode if the process that you are blocking is either pid 1 or is started by pid 1 then Neuvector will not block it - Zero drift is more permissive that basic mode! :-P - Zero drift mode would seem to enforce more secure configurations? Do you know why it allows for more permissive actions? - NeuVector will not block processes that are also used by Kubernetes. - https://open-docs.neuvector.com/policy/processrules#zero-drift-process-protection