github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-11 19:57:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3.2.0
polaris/checks/insecureCapabilities.yaml
Robert Brennan c16aac808f fix checks for k8s defaults (#496) 
* fix insecure caps check

* add more tests

* fix privilege escalation allowed
2021-02-11 17:11:16 -05:00

58 lines
1.6 KiB
YAML
Raw Permalink Blame History

successMessage: Container does not have any insecure capabilities
failureMessage: Container should not have insecure capabilities
category: Security
target: Container
schema:
'$schema': http://json-schema.org/draft-07/schema
type: object
required:
- securityContext
properties:
securityContext:
type: object
required:
- capabilities
properties:
capabilities:
type: object
required:
- drop
properties:
drop:
type: array
oneOf:
- contains:
const: ALL
- allOf:
- contains:
const: NET_ADMIN
- contains:
const: CHOWN
- contains:
const: DAC_OVERRIDE
- contains:
const: FSETID
- contains:
const: FOWNER
- contains:
const: MKNOD
- contains:
const: NET_RAW
- contains:
const: SETGID
- contains:
const: SETUID
- contains:
const: SETFCAP
- contains:
const: SETPCAP
- contains:
const: NET_BIND_SERVICE
- contains:
const: SYS_CHROOT
- contains:
const: KILL
- contains:
const: AUDIT_WRITE
Reference in New Issue View Git Blame Copy Permalink