mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-02-14 18:09:54 +00:00
2b17c31957
* Bump lins * Code refactoring * Fixign issues * Fixing issues * Fixing issues * Fixing issues * [WIP] * [WIP] * [WIP] * Trying to fix tests * Trying to fix tests * Fixing issues * Fixing issues * Fixing issues * Fixing issues * Fixing issues * Fixing issues * Revert go mod * Revert go mod * Revert go mod * Revert go mod * Fixing issues * Fixing issue * Code refactoring * Updating json schema version * Updating json schema version
61 lines
1.8 KiB
YAML
61 lines
1.8 KiB
YAML
successMessage: Container does not have any insecure capabilities
|
|
failureMessage: Container should not have insecure capabilities
|
|
category: Security
|
|
target: Container
|
|
schema:
|
|
'$schema': https://json-schema.org/draft/2019-09/schema
|
|
type: object
|
|
required:
|
|
- securityContext
|
|
properties:
|
|
securityContext:
|
|
type: object
|
|
required:
|
|
- capabilities
|
|
properties:
|
|
capabilities:
|
|
type: object
|
|
required:
|
|
- drop
|
|
properties:
|
|
drop:
|
|
type: array
|
|
oneOf:
|
|
- contains:
|
|
pattern: '^(?i)ALL$'
|
|
- allOf:
|
|
- contains:
|
|
pattern: '^(?i)NET_ADMIN$'
|
|
- contains:
|
|
pattern: '^(?i)CHOWN$'
|
|
- contains:
|
|
pattern: '^(?i)DAC_OVERRIDE$'
|
|
- contains:
|
|
pattern: '^(?i)FSETID$'
|
|
- contains:
|
|
pattern: '^(?i)FOWNER$'
|
|
- contains:
|
|
pattern: '^(?i)MKNOD$'
|
|
- contains:
|
|
pattern: '^(?i)NET_RAW$'
|
|
- contains:
|
|
pattern: '^(?i)SETGID$'
|
|
- contains:
|
|
pattern: '^(?i)SETUID$'
|
|
- contains:
|
|
pattern: '^(?i)SETFCAP$'
|
|
- contains:
|
|
pattern: '^(?i)SETPCAP$'
|
|
- contains:
|
|
pattern: '^(?i)NET_BIND_SERVICE$'
|
|
- contains:
|
|
pattern: '^(?i)SYS_CHROOT$'
|
|
- contains:
|
|
pattern: '^(?i)KILL$'
|
|
- contains:
|
|
pattern: '^(?i)AUDIT_WRITE$'
|
|
mutations:
|
|
- op: replace
|
|
path: /securityContext/capabilities
|
|
value: {"drop": ["ALL"]}
|