add category and description

2024-12-14 11:57:48 +00:00 · 2019-11-08 20:08:23 -08:00 · 2019-11-08 20:08:23 -08:00 · 4e848b48a2
commit 4e848b48a2
parent cba79c69a2
1 changed files with 7 additions and 0 deletions
--- a/samples/best_practices/disallow_privileged.yaml
+++ b/samples/best_practices/disallow_privileged.yaml
@ -2,6 +2,13 @@ apiVersion: kyverno.io/v1alpha1
 kind: ClusterPolicy
 metadata:
  name: disallow-privileged
+  annotations:
+    policies.kyverno.io/category: Security
+    policies.kyverno.io/description: Privileged containers are defined as any 
+      container where the container uid 0 is mapped to the host’s uid 0. 
+      A process within a privileged container can get unrestricted host access. 
+      With `securityContext.allowPrivilegeEscalation` enabled, a process can 
+      gain privileges from its parent. 
 spec:
  rules:
  - name: validate-privileged