diff --git a/samples/best_practices/disallow_hostpid_hostipc.yaml b/samples/best_practices/disallow_hostpid_hostipc.yaml
index 32de31b992..c9075173ae 100644
--- a/samples/best_practices/disallow_hostpid_hostipc.yaml
+++ b/samples/best_practices/disallow_hostpid_hostipc.yaml
@@ -1,7 +1,7 @@
 apiVersion: kyverno.io/v1alpha1
 kind: ClusterPolicy
 metadata:
-  name: validate-hostpid-hostipc
+  name: validate-host-pid-ipc
   annotations:
     policies.kyverno.io/category: Security
     policies.kyverno.io/description: Sharing the host's PID namespace allows visibility of process 
@@ -9,15 +9,16 @@ metadata:
       the container process to communicate with processes on the host. To avoid pod container from 
       having visibility to host process space, validate that 'hostPID' and 'hostIPC' are set to 'false'.
 spec:
+  validationFailureAction: enforce
   rules:
-  - name: validate-hostpid-hostipc
+  - name: validate-host-pid-ipc
     match:
       resources:
         kinds:
         - Pod
     validate:
-      message: "Disallow use of host's pid namespace and host's ipc namespace"
+      message: "Use of host PID and IPC namespaces is not allowed"
       pattern:
         spec:
-          (hostPID): "!true"
-          hostIPC: false
+          =(hostPID): "false"
+          =(hostIPC): "false"