mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-05-13 20:56:59 +00:00
cbc15ad069
* update runAsPrivileged to test at pod level * update runAsPrivileged to test at pod level * add pod level success/failure tests * add insuecure capabilities pod level testing * update checks to include good/bad security * update checks for good/bad security * remove good security from runAsPrivileged
43 lines
1.1 KiB
YAML
43 lines
1.1 KiB
YAML
successMessage: Privilege escalation not allowed
|
|
failureMessage: Privilege escalation should not be allowed
|
|
category: Security
|
|
target: Container
|
|
schemaTarget: Pod
|
|
schema:
|
|
'$schema': http://json-schema.org/draft-07/schema
|
|
definitions:
|
|
goodSecurityContext:
|
|
type: object
|
|
anyOf:
|
|
- required:
|
|
- allowPrivilegeEscalation
|
|
properties:
|
|
allowPrivilegeEscalation:
|
|
const: false
|
|
notBadSecurityContext:
|
|
type: object
|
|
properties:
|
|
allowPrivilegeEscalation:
|
|
const: false
|
|
type: object
|
|
anyOf:
|
|
- required:
|
|
- securityContext
|
|
properties:
|
|
securityContext:
|
|
$ref: "#/definitions/goodSecurityContext"
|
|
containers:
|
|
type: array
|
|
items:
|
|
properties:
|
|
securityContext:
|
|
$ref: "#/definitions/notBadSecurityContext"
|
|
- properties:
|
|
containers:
|
|
type: array
|
|
items:
|
|
required:
|
|
- securityContext
|
|
properties:
|
|
securityContext:
|
|
$ref: "#/definitions/goodSecurityContext" |