If, in accordance with internal processes, unique subdirectories are formed when creating autoprofiles for containers, the solution creates a large number of exceptions for file operation rules. This process can result in creation of an excessive number of subdirectories with unique paths, which can significantly complicate the autoprofile check and settings modification. This can be avoided by creating an exception for a group of subdirectories.
The exception for a group of subdirectories is created by grouping the subdirectories into a common rule with a wildcard (*) after the parent directory reference. If the number of subdirectories in an autoprofile exceeds a specified amount, Kaspersky Container Security grants that the parent directory is constantly creating new subdirectories, which must be resolved with the same rule.
|
Example of specifying an exception for a group of subdirectories: The following exceptions to file operation rules were generated when creating a container autoprofile:
The rule for the group of the listed subdirectories: |
To control the creation of exceptions for subdirectory groups,
add the AUTO_PROFILES_MIN_AGGREGATE variable to the Middleware installation section in the values.yaml configuration file and specify the maximum number of subdirectories, above which the rules for individual subdirectories will be merged to one rule.
If the AUTO_PROFILES_MIN_AGGREGATE variable is not added, the maximum number of subdirectories is 10. If you add AUTO_PROFILES_MIN_AGGREGATE, you can adjust the maximum number of subdirectories as needed.