search

XenitAB / gatekeeper-library

Collection of OPA Gatekeeper policies that can be used in your Kubernetes cluster.
MIT License
14 stars 7 forks source link

drop-net-raw don't understand ALL #48

Closed NissesSenap closed 2 years ago

NissesSenap commented 2 years ago

Even if below config is defined our current mutations complain about missing RAW_NET

securityContext:
  readOnlyRootFilesystem: true
  capabilities:
    drop:
      - ALL
  allowPrivilegeEscalation: false

as defined in: https://github.com/XenitAB/gatekeeper-library/blob/971eb83b643b965b74f84c5843672fb32fbf8e49/library/assigns/container-drop-net-raw.yaml

Since ALL is more then NET_RAW it shouldn't complain about this.

This is not a big issue but enjoying :)

NissesSenap commented 2 years ago

I have created a new issues where I describe this better: https://github.com/XenitAB/gatekeeper-library/issues/65