airship
/
divingbell
Code Issues Proposed changes

Ensure divingbell pods are restricted from acquiring new privileges 

Change-Id: I490dc3eca045855c590d01a3b25653f2fe1b305d
This commit is contained in:
francisy 2020-11-13 21:51:01 -05:00
parent 55ba4cb61c
commit 051761bbc4
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
divingbell/values.yaml
View File

@ -100,20 +100,27 @@ pod:
type: apparmor
divingbell-apparmor:
apparmor: runtime/default
allowPrivilegeEscalation: false
divingbell-apt:
apt: runtime/default
allowPrivilegeEscalation: false
divingbell-ethtool:
ethtool: runtime/default
allowPrivilegeEscalation: false
divingbell-exec:
exec: runtime/default
allowPrivilegeEscalation: false
divingbell-limits:
limits: runtime/default
allowPrivilegeEscalation: false
divingbell-mounts:
mounts: runtime/default
divingbell-perm:
perm: runtime/default
allowPrivilegeEscalation: false
divingbell-sysctl:
sysctl: runtime/default
allowPrivilegeEscalation: false
divingbell-uamlite:
uamlite: runtime/default
security_context: