mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-05-09 10:47:05 +00:00
1.5 KiB
1.5 KiB
Security Capabilities
Fairwinds supports a number of checks to ensure pods are running with a limited set of capabilities. Under security.capabilities, there are error and warning sections indicating the severity of failures for the following checks.
| key | default | description |
|---|---|---|
security.capabilities.error.ifAnyAdded |
[SYS_ADMIN, NET_ADMIN, ALL] |
Fails when any of the listed capabilities have been added. |
security.capabilities.error.ifAnyAddedBeyond |
nil |
Fails when any capabilities have been added beyond the specified list. |
security.capabilities.error.ifAnyNotDropped |
nil |
Fails when any of the listed capabilities have not been dropped. |
security.capabilities.warning.ifAnyAdded |
nil |
Fails when any of the listed capabilities have been added. |
security.capabilities.warning.ifAnyAddedBeyond |
[CHOWN, DAC_OVERRIDE, FSETID, FOWNER, MKNOD, NET_RAW, SETGID, SETUID, SETFCAP, SETPCAP, NET_BIND_SERVICE, SYS_CHROOT, KILL,AUDIT_WRITE] |
Fails when any capabilities have been added beyond the specified list. |
security.capabilities.warning.ifAnyNotDropped |
nil |
Fails when any of the listed capabilities have not been dropped. |
Background
TODO