Ensure divingbell pods are restricted from acquiring new privileges
Change-Id: I490dc3eca045855c590d01a3b25653f2fe1b305d
This commit is contained in:
parent
55ba4cb61c
commit
051761bbc4
|
@ -100,20 +100,27 @@ pod:
|
|||
type: apparmor
|
||||
divingbell-apparmor:
|
||||
apparmor: runtime/default
|
||||
allowPrivilegeEscalation: false
|
||||
divingbell-apt:
|
||||
apt: runtime/default
|
||||
allowPrivilegeEscalation: false
|
||||
divingbell-ethtool:
|
||||
ethtool: runtime/default
|
||||
allowPrivilegeEscalation: false
|
||||
divingbell-exec:
|
||||
exec: runtime/default
|
||||
allowPrivilegeEscalation: false
|
||||
divingbell-limits:
|
||||
limits: runtime/default
|
||||
allowPrivilegeEscalation: false
|
||||
divingbell-mounts:
|
||||
mounts: runtime/default
|
||||
divingbell-perm:
|
||||
perm: runtime/default
|
||||
allowPrivilegeEscalation: false
|
||||
divingbell-sysctl:
|
||||
sysctl: runtime/default
|
||||
allowPrivilegeEscalation: false
|
||||
divingbell-uamlite:
|
||||
uamlite: runtime/default
|
||||
security_context:
|
||||
|
|
Loading…
Reference in New Issue