Security

Protection Profiles

Protection profiles define the default trust posture for Mutant execution. Profiles minimal: default-allow for capabilities standard: default-deny risky groups such as command execution, filesystem, and network paranoid: default-deny all capabilities Notes The selected profile should be documented alongside any release note that alters capability defaults.

Source repo
aoiflux/mutant
Source path
security/profile.go
Last reviewed
2026-07-03
Freshness tier
critical

Protection profiles define the default trust posture for Mutant execution.

Profiles

  • minimal: default-allow for capabilities
  • standard: default-deny risky groups such as command execution, filesystem, and network
  • paranoid: default-deny all capabilities

Notes

The selected profile should be documented alongside any release note that alters capability defaults.