allow fsGroup values greater than zero (#1822)

change the policy require-non-root-groups to allow fsGroup values greater than zero Signed-off-by: Metzger, Simon <smnmtzgr@gmail.com>
2025-03-31 03:45:17 +00:00 · 2021-04-21 21:12:26 +02:00 · 2021-04-21 21:12:26 +02:00 · 6e76fd68f0
commit 6e76fd68f0
parent b5fd23588a
1 changed files with 3 additions and 3 deletions
--- a/charts/kyverno/templates/policies/restricted/require-non-root-groups.yaml
+++ b/charts/kyverno/templates/policies/restricted/require-non-root-groups.yaml
@ -56,10 +56,10 @@ spec:
            - Pod
      validate:
        message: >-
-          Changing of file system groups is not allowed. The field	
-          spec.securityContext.fsGroup must not be defined.
+          Changing to root group ID is disallowed. The field
+          spec.securityContext.fsGroup must be empty or greater than zero.
        pattern:
          spec:
            =(securityContext):
-              X(fsGroup): "*"
+              =(fsGroup): ">0"
 {{- end -}}