From a65a85e55cebc40fdc58fb0acadbd261e1c9de66 Mon Sep 17 00:00:00 2001
From: Simon Metzger <smnmtzgr@gmail.com>
Date: Mon, 10 May 2021 19:14:08 +0200
Subject: [PATCH] allow only supplementalGroups greater 0 (#1901)

Signed-off-by: Metzger, Simon <smnmtzgr@gmail.com>
---
 .../templates/policies/restricted/require-non-root-groups.yaml  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/kyverno/templates/policies/restricted/require-non-root-groups.yaml b/charts/kyverno/templates/policies/restricted/require-non-root-groups.yaml
index 4b950c3a4b..843a49370b 100644
--- a/charts/kyverno/templates/policies/restricted/require-non-root-groups.yaml
+++ b/charts/kyverno/templates/policies/restricted/require-non-root-groups.yaml
@@ -48,7 +48,7 @@ spec:
         pattern:
           spec:
             =(securityContext):
-              =(supplementalGroups): ["null"]
+              =(supplementalGroups): ">0"
     - name: check-fsGroup
       match:
         resources: