Ensure divingbell pods are restricted from acquiring new privileges
Change-Id: I490dc3eca045855c590d01a3b25653f2fe1b305d
This commit is contained in:
parent
55ba4cb61c
commit
4567578295
|
@ -120,6 +120,7 @@ pod:
|
|||
divingbell:
|
||||
pod:
|
||||
runAsUser: 65534
|
||||
allowPrivilegeEscalation: false
|
||||
container:
|
||||
apt:
|
||||
readOnlyRootFilesystem: true
|
||||
|
@ -147,6 +148,7 @@ pod:
|
|||
mounts:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 0
|
||||
allowPrivilegeEscalation: true
|
||||
perm:
|
||||
readOnlyRootFilesystem: true
|
||||
runAsUser: 0
|
||||
|
|
Loading…
Reference in New Issue