mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-05-20 16:14:32 +00:00
2b17c31957
* Bump lins * Code refactoring * Fixign issues * Fixing issues * Fixing issues * Fixing issues * [WIP] * [WIP] * [WIP] * Trying to fix tests * Trying to fix tests * Fixing issues * Fixing issues * Fixing issues * Fixing issues * Fixing issues * Fixing issues * Revert go mod * Revert go mod * Revert go mod * Revert go mod * Fixing issues * Fixing issue * Code refactoring * Updating json schema version * Updating json schema version
49 lines
1.1 KiB
YAML
49 lines
1.1 KiB
YAML
successMessage: Filesystem is read only
|
|
failureMessage: Filesystem should be read only
|
|
category: Security
|
|
target: Container
|
|
schemaTarget: PodSpec
|
|
schema:
|
|
'$schema': https://json-schema.org/draft/2019-09/schema
|
|
$defs:
|
|
goodSecurityContext:
|
|
type: object
|
|
anyOf:
|
|
- required:
|
|
- readOnlyRootFilesystem
|
|
properties:
|
|
readOnlyRootFilesystem:
|
|
const: true
|
|
notBadSecurityContext:
|
|
type: object
|
|
properties:
|
|
readOnlyRootFilesystem:
|
|
const: true
|
|
type: object
|
|
anyOf:
|
|
- required:
|
|
- securityContext
|
|
properties:
|
|
securityContext:
|
|
$ref: "#/$defs/goodSecurityContext"
|
|
containers:
|
|
type: array
|
|
items:
|
|
properties:
|
|
securityContext:
|
|
$ref: "#/$defs/notBadSecurityContext"
|
|
- properties:
|
|
containers:
|
|
type: array
|
|
items:
|
|
required:
|
|
- securityContext
|
|
properties:
|
|
securityContext:
|
|
$ref: "#/$defs/goodSecurityContext"
|
|
mutations:
|
|
- op: add
|
|
path: /securityContext/readOnlyRootFilesystem
|
|
value: true
|
|
|