mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

update best_practice Disallow privileged and privilege escalation

Browse source
This commit is contained in:
Shuting Zhao 2019-09-17 18:42:08 -07:00
parent f4eee4b30a
commit 658fb84e91
2 changed files with 7 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
examples/best_practices/policy_validate_container_disallow_priviledgedprivelegesecalation.yaml
View file

@ -16,13 +16,12 @@ spec:
- Pod - Pod
validate: validate:
message: "Privileged mode is not allowed. Set allowPrivilegeEscalatin and privileged to false" message: "Privileged mode is not allowed. Set allowPrivilegeEscalatin and privileged to false"
# anyPattern: anyPattern:
# - spec: - spec:
# securityContext: securityContext:
# allowPrivilegeEscalation: false allowPrivilegeEscalation: false
# privileged: false privileged: false
pattern: - spec:
spec:
containers: containers:
- name: "*" - name: "*"
securityContext: securityContext:

2
test/scenarios/test/scenario_validate_container_disallow_priviledgedprivelegesecalation.yaml
View file

@ -14,6 +14,6 @@ expected:
rules: rules:
- name: deny-privileged-disallowpriviligedescalation - name: deny-privileged-disallowpriviligedescalation
type: Validation type: Validation
message: "Validation rule 'deny-privileged-disallowpriviligedescalation' failed at '/spec/containers/0/securityContext/allowPrivilegeEscalation/' for resource Pod//check-privileged-cfg. Privileged mode is not allowed. Set allowPrivilegeEscalatin and privileged to false" message: "Validation rule 'deny-privileged-disallowpriviligedescalation' failed to validate patterns defined in anyPattern. Privileged mode is not allowed. Set allowPrivilegeEscalatin and privileged to false; anyPattern[0] failed at path /spec/securityContext/; anyPattern[1] failed at path /spec/containers/0/securityContext/allowPrivilegeEscalation/"
success: false success: false