Skip to content

Commit

Permalink
modified chainsawtests for restrict-seccomp-strict, added remediation…
Browse files Browse the repository at this point in the history 
… yaml for restrict-seccomp-strict and added remediation annotations yamls for disallow-capabilities and require-run-as-non-root-user

Signed-off-by: anuddeeph1 <[email protected]>
  • Loading branch information
@anuddeeph1
anuddeeph1 committed Oct 30, 2024
1 parent 0e49b2a commit 245f524
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions pod-security/baseline/disallow-capabilities/disallow-capabilities.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ metadata:
kyverno.io/kubernetes-version: "1.22-1.23"
policies.kyverno.io/subject: Pod
policies.nirmata.io/remediation-docs: "https://docs.nirmata.io/policysets/podsecurity/baseline/disallow-capabilities/"
policies.nirmata.io/remediation: "https://github.com/nirmata/kyverno-policies/tree/main/pod-security/baseline/disallow-capabilities/remediate-disallow-capabilities.yaml"
policies.kyverno.io/description: >-
Any additional capabilities not mentioned in the allowed list, which includes AUDIT_WRITE, CHOWN, DAC_OVERRIDE, FOWNER, FSETID, KILL, MKNOD, NET_BIND_SERVICE, SETFCAP, SETGID, SETPCAP, SETUID, SYS_CHROOT, are prohibited and not permitted.
spec:
Expand Down

0 comments on commit 245f524

Please sign in to comment.