successMessage: Container does not have any insecure capabilities
failureMessage: Container should not have insecure capabilities
category: Security
target: Container
schema:
  '$schema': http://json-schema.org/draft-07/schema
  type: object
  required:
  - securityContext
  properties:
    securityContext:
      type: object
      required:
      - capabilities
      properties:
        capabilities:
          type: object
          required:
          - drop
          properties:
            drop:
              type: array
              oneOf:
              - contains:
                  const: ALL
              - allOf:
                - contains:
                    const: NET_ADMIN
                - contains:
                    const: CHOWN
                - contains:
                    const: DAC_OVERRIDE
                - contains:
                    const: FSETID
                - contains:
                    const: FOWNER
                - contains:
                    const: MKNOD
                - contains:
                    const: NET_RAW
                - contains:
                    const: SETGID
                - contains:
                    const: SETUID
                - contains:
                    const: SETFCAP
                - contains:
                    const: SETPCAP
                - contains:
                    const: NET_BIND_SERVICE
                - contains:
                    const: SYS_CHROOT
                - contains:
                    const: KILL
                - contains:
                    const: AUDIT_WRITE