Ensure divingbell pods are restricted from acquiring new privileges

Change-Id: I490dc3eca045855c590d01a3b25653f2fe1b305d
2020-11-13 21:51:01 -05:00 · 2020-11-13 21:51:01 -05:00 · 4567578295
parent 55ba4cb61c
commit 4567578295
1 changed files with 2 additions and 0 deletions
--- a/divingbell/values.yaml
+++ b/divingbell/values.yaml
@ -120,6 +120,7 @@ pod:
    divingbell:
      pod:
        runAsUser: 65534
+        allowPrivilegeEscalation: false
      container:
        apt:
          readOnlyRootFilesystem: true
@ -147,6 +148,7 @@ pod:
        mounts:
          readOnlyRootFilesystem: true
          runAsUser: 0
+          allowPrivilegeEscalation: true
        perm:
          readOnlyRootFilesystem: true
          runAsUser: 0